[From the desk of Paul Davis – his opinions and no-one else’s, apart from the reporter’s opinions ]<\/p>\n
* Achieving holistic cybersecurity
\n* Insurers adapt coverage to meet evolving terrorist threat
\n* What are the Challenges and Benefits of Outsourcing your Security Functions?
\n* 5 Secret Habits Of Highly Successful Network Security Programs
\n* PhishMe May Cybercrime Alert: Whaling Attacks, Employee Data Theft Expected to Surge
\n* How to scan for malware in the private cloud \u2013 without the performance hit
\n* Cloud security concerns rise as investment grows
\n* Study the opposition in fighting cyber crime
\n* Kenya to domesticate international cyber crime law
\n* Next Generation of Cyber Attacks to Focus on Manipulating Data
\n* Effective incident response is key to managing and recovering from cyber security breaches
\n* Why signature-based detection isn’t enough for enterprises
\n* Why Security Investigators Should Care About Forensic Research
\n* Post-breach forensics: Building the trail of evidence
\n* Arbor Networks report finds relentless threat environment
\n* Infoblox Network Protection Survey: Organizations Utilizing Best Practices Enjoy Outsized Business Outcomes
\n* Cyber attack attribution: Strategies and tools for business organizations
\n* Soha Systems’ Survey Reveals Only Two Percent of IT Experts Consider Third-Party Secure Access a Top Priority, Despite the Growing Number of Security Threats Linked to Supplier and Contractor Access
\n* Security spending rises in areas ineffective against multi-stage attacks
\n* Singapore developing cyber security insurance
\n* CISO Playbook: Games Of War & Cyber Defenses
\n* Network and Information Security Directive set to come into force in August
\n* Geo-locations don’t deter cyber attacks
\n* How to Address the Cybersecurity Resourcing Challenge
\n* HKMA raises cybersecurity DEFCON level with new cyber resilience initiative<\/p>\n
Achieving holistic cybersecurity
\nSecurity programs need effective protection of valuable information and systems to prevent data breaches, and to comply with the ever-increasing federal compliance requirements.
\nAmong others, there are the Federal Information Security Management Act (FISMA), the Privacy Act, policy and guidance from the Office of Management and Budget and the National Institute for Standards and Technology, the General Services Administration’s Federal Risk Authorization and Management (FedRAMP) program, and the Federal Acquisition Regulation to be considered.
\nTo be effective, CIOs and CISOs need timely cyber security insights to take proactive actions, because today’s security challenges are greater than ever.
\nTo address external, internal, and compliance challenges through a proactive approach, mission-oriented cognitive cybersecurity capability is needed.
\nTo achieve such capability, four key areas must be addressed:
\n– Security architecture effectiveness
\n– Critical data protection.
\n– Security compliance.
\n– A holistic security program.<\/p>\n
A holistic security program focuses on protection through continuous monitoring of systems and data.
\nThis involves moving from the traditional defensive-reactive approach to a defensive-proactive (predictive) approach, using cyber analytics to foster “security intelligence” that also protects privacy.
\nContinuous monitoring is now required by OMB and NIST mandates, and it can be supplemented using cyber analytics to proactively highlight risks and identify, monitor and address threats.
\nContinuous monitoring, when combined with cyber analytics via security intelligence, can provide key cybersecurity capabilities.
\nAlong with analysis of cyberthreat related data sources (e.g., through DNS, Netflow, or query results), continuous monitoring provides the needed context for fusion of data — data that can be analyzed using tools that produce actionable, meaningful and timely information for CISOs and CIOs to address the most important issues affecting their agency and deter and prevent cyber threats.
\nBy using such systems, agency executives involved in cybersecurity can move from a basic to an optimized level of security intelligence as depicted below.
\nLink: http:\/\/paulgdavis.us3.list-manage1.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=161d8cdbf6&e=20056c7556<\/p>\n
Insurers adapt coverage to meet evolving terrorist threat
\nLarger businesses often have insurance and disaster recovery plans to get back up and running quickly.
\nBut smaller companies typically do not.
\nPool Re has developed a discounted, bespoke version of terrorism insurance for small and medium businesses, but has work to do to encourage take-up.
\nThe reinsurer estimates less than 5 per cent of small businesses have terrorism insurance policies.
\nThe increased incidence of attacks by smaller groups of terrorists in western cities has been met with rising demand for insurance against event cancellation, denial of access losses \u2014 where an attack means that the business owners and customers cannot get into the building \u2014 and third-party liabilities.
\nThe latter, called \u2018liability terrorism\u2019 by some in the industry, would protect an insured business against being pursued for liabilities after an attack.
\nAn example would be a hotel without adequate security measures or a public space where evacuation procedures failed.
\nIn the US, \u201cactive shooter\u201d policies insure universities and other institutions against costs arising from a lone shooter rampaging on their property.
\nThese are designed to protect them against legal liability if they are judged to have failed to prevent an attack.
\nInsurers expect further cyber terror attacks to follow. \u201cIf and when terrorists have the capability to utilise a cyber capability as a weapon, then they will,\u201d says Mr Enoizi. \u201cThat threat may be one that only a mechanism such as Pool Re can deal with, given the potential scale of losses.\u201d
\nDan Trueman, head of Novae\u2019s cyber division, says: \u201cWe have moved beyond privacy towards policies that focus more on the first-party consequences, namely business interruption, reputational damage and system failure.\u201d
\nLink: http:\/\/paulgdavis.us3.list-manage1.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=5c94d59a89&e=20056c7556<\/p>\n
What are the Challenges and Benefits of Outsourcing your Security Functions?
\nThe increasing complexity of the threat landscape has spawned more complex security technologies to combat those threats.
\nThus, the importance of the \u201chuman element\u201d is more prevalent in security management discussions than before.
\nToday, the choices are either to procure security technology and deploy adequate internal resources to use them effectively, or outsource to a provider who is experienced with the selected technology.
\nOutsourcing security allows organizations to affordably leverage expertise that may not be available internally, but at the cost of losing control.
\nMany providers offer cookie-cutter, one-size-fits-all solutions, which may not meet a specific enterprise\u2019s needs.
\nA third option that is gaining increasing popularity is co-sourcing.
\nIn this model, the provider does the technology-specific heavy lifting and leaves a specific organization\u2019s network independent, allowing remediation to be performed by the in-house team.
\nOrganizations can also customize the solution, and keep data on your premises.
\nLink: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=37f149ce78&e=20056c7556<\/p>\n
5 Secret Habits Of Highly Successful Network Security Programs
\nA new report out today shows that when IT organizations are segmented by security success factors, the top performers share a number of network security best practices.
\nConducted by ReRez Research and commissioned by Infoblox, the study highlighted in these findings took a close look at 200 large organizations to see how habits differed among top-tier organizations and everyone else.
\nTop-tier organizations are twice as likely to meet SLAs and ten times as likely to remediate security events extremely quickly, and they are much less likely to experience security-related outages or breaches.
\nThey are four times as likely to have complete control over their IP addressing.
\nAnd they’re twice as likely to focus on strategic rather than tactical tasks.
\nHere are some of the reasons why they post those kinds of results:
\n– Make Better Use Of Intelligence
\n– Instill Cooperation Between Network, Security, And App Teams
\n– Leverage DNS\/DHCP Data
\n– Automate Basic Tasks
\n– Invest In Security Staff
\nLink: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=5d13ad5e27&e=20056c7556<\/p>\n
PhishMe May Cybercrime Alert: Whaling Attacks, Employee Data Theft Expected to Surge
\nFor several years, PhishMe researchers have tracked all forms of phishing attacks in the wild, including those related to malware, ransomware, wire fraud, data theft and more.
\nRecently, PhishMe observed an increase in attacks across the board but has also noticed cybercriminals’ concentrating efforts around BEC scams and Whaling.
\nBEC and Whaling attacks often bypass perimeter and end-point security controls, as they are typically designed to identify malware and URLs contained in email attachments that download malicious payloads and link to suspicious websites.
\nIn these cases, the emails don’t necessarily contain attachments or links, leaving humans as the only line of defense.
\nPhishMe advises organizations to condition employees to identify and report attacks through phishing simulations that leverage real-world scenarios and empower them to respond to phishing incidents.
\nTo prevent cybercriminals from turning your organization into their next victim, take extra steps to ensure that:
\nLink: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=391ed67384&e=20056c7556<\/p>\n
How to scan for malware in the private cloud \u2013 without the performance hit
\nMost people associate cloud security concerns with the placement of sensitive data in public cloud data centers, or the transmission of data between public and private clouds.
\nBut many of the security challenges associated with private cloud computing can be traced to the virtualized infrastructure that gives these environments their flexibility, efficiency, and easy scalability.
\nMost notably, implementing hundreds or thousands of virtual machines with traditional antivirus (AV) solutions can be like pouring molasses into the gears of your business operations.
\nThe problem is that AV programs designed to run their scans on physical servers can siphon off too much memory and processing power when they\u2019re deployed on every virtual machine in your private cloud environment.
\nThese resource demands can dramatically reduce the VMs\u2019 ability to perform their core business functions whilst decreasing VM consolidation ratios.
\nFaced with these hard realities, more companies are turning to AV solutions designed specifically to protect virtualized environments.
\nThe concept involves offloading AV scanning, configuration and .DAT update operations to a security virtual appliance (SVA).
\nCleared files (or those signed by trusted certificates) reside in the SVA\u2019s global cache and can be called by the VMs without having to go through additional scanning.
\nLink: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=fb182a8ac3&e=20056c7556<\/p>\n
Cloud security concerns rise as investment grows
\nCrowd Research Partners has released the results of its 2016 Cloud Security Spotlight Report, created in conjunction with leading cloud security vendors Alien Vault, Bitglass, Cato Networks, CloudPassage, Dell Software, Dome9 Security, IMMUNIO, (ISC)2 and Randtronics.
\nAmong the findings are the main barriers to cloud adoption, led by general security concerns (53 percent, up from 45 percent in last year’s survey), legal and regulatory compliance concerns (42 percent, up from 29 percent), and data loss and leakage risks (40 percent).
\nThe rise in specific concerns about compliance and integration suggests, say the report’s authors, that companies are moving from theoretical exploration of cloud models to actual implementation.
\nThe biggest threat to cloud security comes from unauthorized access through misuse of employee credentials and improper access controls (53 percent).
\nThis is followed by hijacking of accounts (44 percent), insecure interfaces\/APIs (39 percent), and external sharing of sensitive information (33 percent).
\n84 percent of respondents are dissatisfied with traditional security tools when applied to cloud infrastructure.
\nTraditional network security tools are somewhat ineffective according to 48 percent of respondents, or completely ineffective (11 percent), 25 percent say effectiveness can’t be measured in cloud environments.
\nOrganizations moving to the cloud have a variety of choices available to strengthen their cloud security. 61 percent of organizations say they plan to train and certify existing IT staff, 45 percent want to partner with a managed security services provider, and 42 percent plan to deploy additional security software to protect data and applications in the cloud.
\nLink: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=5b01e9bb4e&e=20056c7556<\/p>\n
Study the opposition in fighting cyber crime
\nMoney is the primary, but not the sole motivation for cyber crime, says Intel Security’s Raj Samani.
\nThe biggest cyber threat faced by society is ransomware.
\nCriminals are becoming more innovative and cyber security organisations are in an arms race with them.
\nDiscussing cybercrime-as-a-service and the ease with which cyber attacks can be conducted, Samani highlighted the importance of studying and understanding the opposition.
\nHe said criminals behind ransomware campaigns are now outsourcing almost every single component required to cause as much infection as possible and make money in the process.
\n“The report claims that Chinese hackers are increasingly targeting US companies and government agencies.
\nIt further states that technical assessments of operational tradecraft observed in intrusions attributed to China are the result of extensive forensic analysis and discussions with information security professionals who follow these issues closely,” revealed Samani.
\nHowever, the US is not the only target, and China is not the only presumed attacker, he warned.
\nLink: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=2138b0e77e&e=20056c7556<\/p>\n
Kenya to domesticate international cyber crime law
\nKenya is fast-tracking the process of domesticating international cybercrime law in order to boost online safety in the country, officials said Tuesday.
\nCommunications Authority of Kenya (CA) Assistant Manager Robin Busolo told Xinhua in Nairobi that the East African nation plans to ratify the Council of Europe’s Convention on Cybercrime which is also known as the Budapest Convention on Cybercrime.
\nLink: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=141f05e3b3&e=20056c7556<\/p>\n
Next Generation of Cyber Attacks to Focus on Manipulating Data
\nWASHINGTON (Sputnik) \u2014 Future cyber attacks will be focused on changing or manipulating data to jeopardize its reliability, compared to previous attacks aimed at deleting information,, US Director of National Intelligence James Clapper said on Wednesday.
\nClapper, whose office is in charge of annual worldwide threat updates, has placed cybersecurity at the top of the list of threats to US national security interests for the past four years.
\nLink: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=9bbc348168&e=20056c7556<\/p>\n
Effective incident response is key to managing and recovering from cyber security breaches
\nELY, CAMBRIDGESHIRE, UNITED KINGDOM, May 18, 2016 \/EINPresswire.com\/ — Cyber security consultancy firm IT Governance has urged companies to implement effective cyber security policies, formal incident management processes and ongoing staff training to avoid harmful cyber security breaches.
\nThe response comes after HMG\u2019s Cyber Security Breaches Survey 2016 revealed that 65% of major UK businesses experienced at least one cyber security breach in the last year, and a quarter of large firms experienced cyber security breaches on a monthly basis.
\nThe survey findings reveal that, although cyber security is a high priority for large UK organisations, only 29% of UK businesses have documented cyber security policies and just 10% have formal incident management processes in place.
\nAlan Calder, founder and chief executive officer at IT Governance, said: \u201cOngoing staff training is a key element for the successful management of a cyber security incident.
\nIn addition, organisations need to have a formal incident management process in place and undertake rehearsals as part of a security incident response plan.\u201d
\nLink: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=24c6d8019d&e=20056c7556<\/p>\n
Why signature-based detection isn’t enough for enterprises
\nThe Einstein program, developed by the National Protection and Programs Directorate, the Department of Homeland Security’s cybersecurity division, has recently been criticized for relying too heavily on this type of signature to detect and block malicious traffic.
\nMalware developers can constantly change their code or the way it is packaged to make sure it does not produce the same signature as previous versions, detection of which may have been added to existing signature lists of known bad code.
\nFor example, the way in which instructions in the code are written may be changed, or the syntax altered while preserving its functionality.
\nMetamorphic malware is even more sophisticated, as it’s capable of changing itself to a completely new instance with each fresh infection, while polymorphic malware encrypts itself each time with a different encryption key.
\nThis code mutation makes unique signature generation extremely difficult.
\nNo security system should rely on just one method of detecting malicious code or activity.
\nSecurity is always about defense-in-depth and diversity, and the overall effectiveness of security controls and techniques working together is what counts.
\nA combination of detection methods creates the most effective antimalware solution.
\nDespite any shortcomings, signature-based detection continues to play an integral role in keeping networks and endpoints secure.
\nIn classic form, they are a direct impediment to previously identified threats.
\nWith more evolved signature technology, their added intelligence makes signatures a serious line of defense, even against new threats.
\nLink: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=048de11a9b&e=20056c7556<\/p>\n
Why Security Investigators Should Care About Forensic Research
\nThis summer, thousands of forensic specialists will descend on the desert of Las Vegas to hear original research at conferences such as EnFuse, HTCIA and to a lesser degree, Black Hat.
\nThey\u2019ll learn of breakthroughs made in discovering new varieties of evidence left when users and software interact with the OS.
\nUnlike new malware and vulnerability research, there\u2019s no financial incentive for forensic researchers to shout findings from the mountain tops.
\nVendors typically pay bounties for vulnerabilities; for new forensic \u201cartifacts,\u201d they generally do not.
\nYears ago, Apple was \u201cSlashdotted\u201d for tracking user GPS coordinates, and Facebook for not stripping GPS data from images.
\nYet outside these two cases of vendors \u201cpatching\u201d away GPS artifacts, most have seemingly resigned themselves to the fact that forensic tools will learn an uncomfortable amount about us.
\nI think another reason forensics falls under the radar is its culture of discretion, which stems from the circumstances of a forensic examiner\u2019s job.
\nWithin corporations, they may work with InfoSec, compliance, HR, or even legal departments.
\nThey might read your work email, or — having investigated intellectual property cases — might be one of the few knowing all 11 of KFC\u2019s herbs and spices.
\nHell, they\u2019ve even seen your CEO\u2019s browsing history.
\nThink about how personal that might be, especially in the BYOD era, where business and personal mix within our phones and tablets.
\nForensics\u2019 culture of discretion runs even deeper outside corporate circles.
\nThere\u2019s a good chance an examiner may have spent time in law enforcement, or done forensics for the military or intelligence agencies.
\nAt a conference like HTCIA or EnFuse, be careful discussing work over a few beers.
\nInternal filters are often broken, as yours would be if you\u2019d seen the disturbing crimes they\u2019ve seen.
\nFor instance, I learned what it sounds like when an estranged wife dissolves her unconscious husband in a giant barrel of acid.
\nDon\u2019t worry, I won\u2019t tell the serial killer stories here.
\nWhile forensics provides visibility into computers which convict bad guys, the truth can also set men free.
\nMr.
\nKey was able to examine old cached Web pages to determine which users were actual pedophiles versus those visiting in the context of a payment gateway for a legitimate adult site.
\nIn an age where so much of our lives is touched by the Web and mobile computing, and where our hidden personal lives leave forensic residue everywhere, society should pay more attention to this summer\u2019s digital forensic discoveries.
\nLink: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=fef33cc1d9&e=20056c7556<\/p>\n
Post-breach forensics: Building the trail of evidence
\nNew approaches to user monitoring and behavioural analytics enable firms to analyse all user activity, allowing tracking and visualising of user activity in real-time to understand what is really happening on the network says Bal\u00e1zs Scheidler.
\nThe way in which data is collected and presented can also present hurdles and it’s not only the time taken in an investigation which can be hampered.
\nThe integrity of the log data itself may also be called into question in a legal process if it has been changed from its original format.
\nLogs need to meet the legal standard for evidence (stored in a tamper-proof manner) and any that have been changed or have not been securely stored may not be accepted as evidence in a court of law.
\nBuilding the trail of evidence is now a significant issue for organisations as cyber-attackers are increasingly hijacking insider accounts to gain privileged access to the IT assets.
\nBy targeting system administrators and other ‘super users’ who have very high or even unrestricted access rights on operating systems, databases and application layers, they have the power to destroy, manipulate or steal the company’s sensitive information, such as financial or CRM data, personnel records or credit card numbers.
\nNew approaches to user monitoring and behavioural analytics are enabling firms to analyse all user activity, including malicious events, throughout IT systems.
\nThis allows enterprises to track and visualise user activity in real-time to understand what is really happening on the network.
\nIf there has been an unexpected shutdown, data leakage, or database manipulation, the circumstances of the event are readily available in audit trails so the cause of the incident can be quickly identified.
\nThese recorded, tamper-proof audit trails can be played back like a movie, recreating all actions of the user.
\nThe audit trails are invaluable for both real time and post breach investigations, and also enabling automatic user behaviour analytics.
\nLink: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=e5109934bc&e=20056c7556<\/p>\n
Arbor Networks report finds relentless threat environment
\nArbor Networks Inc., the security division of NETSCOUT (NASDAQ: NTCT), has released its 11th Annual Worldwide Infrastructure Security Report (WISR) offering direct insights from the global operational security community on a comprehensive range of\u2026
\n\u00b7 Change in attack motivation: This year the top motivation was not hacktivism or vandalism but \u2018criminals demonstrating attack capabilities\u2019, something typically associated with cyber extortion attempts.
\n\u00b7 Attack size continues to grow: The largest attack reported was 500 Gbps, with others reporting attacks of 450 Gbps, 425 Gbps and 337 Gbps.
\n\u00b7 Complex attacks on the rise: 56 percent of respondents reported multi-vector attacks that targeted infrastructure, applications and services simultaneously. 93 percent reported application-layer DDoS attacks.
\nThe most common service targeted by application-layer attacks is now DNS (rather than HTTP).
\n\u00b7 Cloud under attack: Two years ago, 19 percent of respondents saw attacks targeting their cloud-based services.
\nThis grew to 29 percent last year, and now to 33 percent this year \u2013 a clear upward trend.
\n\u00b7 Firewalls continue to fail during DDoS attacks: More than half of enterprise respondents reported a firewall failure as a result of a DDoS attack, up from one-third a year earlier<\/p>\n
Top five advanced threat trends
\n\u00b7 Focus on better response: 57 percent of enterprises are looking to deploy solutions to speed the incident response processes.
\nAmong service providers, one-third reduced the time taken to discover an Advanced Persistent Threat (APT) in their network to under one week, and 52 percent stated their discovery to containment time has dropped to under one month.
\n\u00b7 Better planning: 2015 saw an increase in the proportion of enterprise respondents who had developed formal incident response plans, and dedicated at least some resources to respond to such incidents, up from around two-thirds last year to 75 percent this year.
\n\u00b7 Insiders in focus: The proportion of enterprise respondents seeing malicious insiders is up to 17 percent this year (12 percent last year).
\nNearly 40 percent of all enterprise respondents still do not have tools deployed to monitor BYOD devices on the network.
\n\u00b7 Staffing quagmire: There has been a significant drop in those looking to increase their internal resources to improve incident preparedness and response, down from 46 to 38 percent in this year\u2019s results.
\n\u00b7 Increasing reliance on outside support: Lack of internal resources this past year has led to an increase in the use of managed services and outsourced support, with 50 percent of enterprises having contracted an external organisation for incident response.
\nThis is 10 percent higher than within service providers.
\nWithin service providers, 74 percent reported seeing more demand from customers for managed services.
\nLink: http:\/\/paulgdavis.us3.list-manage2.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=9f839b0440&e=20056c7556<\/p>\n
Infoblox Network Protection Survey: Organizations Utilizing Best Practices Enjoy Outsized Business Outcomes
\nSANTA CLARA, CA–(Marketwired – May 16, 2016) – Infoblox Inc. (NYSE: BLOX), the network control company, today announced results of its 2016 Network Protection Survey.
\nThe in-depth survey compares the measures IT takes to protect and optimize networks among 200 enterprises in the United States and Canada.
\nThe survey uncovers dramatic differences between the highest- and lowest-performing organizations, in terms of how they manage their networks as well as their outcomes.
\n“Top enterprises think more strategically about their networks, don’t tolerate operational silos, and invest in the necessary tools for effective and secure infrastructure,” said Scott Fulton, executive vice president of products at Infoblox. “The results are clear — fewer outages and breaches, as well as better alignment with the business needs of their organizations.”
\nThe Infoblox Network Protection Survey found that adhering to industry best-practices results in better outcomes:
\n– Greater internal customer satisfaction
\n– Stronger security
\n– Networks that run more smoothly
\n– Better visibility into and control over infrastructure details such as IP addresses, malicious DNS traffic, and trusted users deviating from appropriate behavior
\nLink: http:\/\/paulgdavis.us3.list-manage2.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=4cf12529fc&e=20056c7556<\/p>\n
Cyber attack attribution: Strategies and tools for business organizations
\nAttack Attribution is all about finding out the entity that has successfully breached your cyber defences.
\nThis is an important consideration for forensic investigators, intelligence analysts, and national security officials.
\nIn line with this overall preparedness and as part of the Active Response program, Security Operations Centre (SOC) service providers have started to empower the Investigators on their teams to carry out attribution.
\nTo be able to do their investigations effectively, they need to be equipped to fire real time ad hoc queries against security apps deployed for protecting your networks (SIEM loggers, IPS, IDS, etc) and be able to collect and save relevant data pertinent to the threat.
\nOnce the da ..
\nBusiness organizations have largely been stopping at protecting their networks against attacks and often do not consider attack attribution as a necessity.
\nHistorically, this could be due to paucity of investigative tools.
\nWith such tools now available, security departments within business organizations can attempt to take this step now.
\nKnowing ones adversary will dissuade the actors from targeting you.
\nLink: http:\/\/paulgdavis.us3.list-manage1.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=0eeb036b7c&e=20056c7556<\/p>\n
Soha Systems’ Survey Reveals Only Two Percent of IT Experts Consider Third-Party Secure Access a Top Priority, Despite the Growing Number of Security Threats Linked to Supplier and Contractor Access
\nSUNNYVALE, CA–(Marketwired – May 17, 2016) – Soha Systems, an innovator of enterprise access as a service, today released a report based on a survey conducted by the newly formed Soha Third-Party Advisory Group, which consists of security and IT experts from Aberdeen Group; Akamai; Assurant, Inc.; BrightPoint Security; CKure Consulting; Hunt Business Intelligence, PwC; and Symantec.
\nThe report, which surveyed over 200 IT and security C-Level executives, directors and managers at enterprise-level companies, revealed four key insights:
\nThird-party access is not an IT priority, yet it is a major source of data breaches
\nRespondents believe their own organizations are secure from third-party data breaches but think their competitors are vulnerable to them
\nProviding third-party access is complex and tedious, and has many moving parts
\nIT professionals take data breaches personally but are not worried about losing their jobs due to a breach
\nLink: http:\/\/paulgdavis.us3.list-manage2.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=27e1faa093&e=20056c7556<\/p>\n
Security spending rises in areas ineffective against multi-stage attacks
\nVormetric announced the results of the Financial Services Edition of the 2016 Vormetric Data Threat Report (DTR).
\nThis edition extends earlier findings of the global report, focusing on responses from IT security leaders in financial services, which details IT security spending plans, perceptions of threats to data, rates of data breach failures and data security stances.
\n\u201cSpending to protect data is increasing fastest in areas that have been shown to be ineffective at protecting against multi-stage attacks \u2013 Network defenses (65 percent) and end point and mobile device defenses (58 percent) \u2013 still see the highest increase in spending, while approaches like data-at-rest defenses that have been proven to be effective at protecting data after perimeter defenses have been bypassed, are at the bottom (48 percent).\u201d<\/p>\n
Other key findings:
\n90 percent feel vulnerable to data threats
\n44 percent have already experienced a data breach, with nearly one in five (19 percent) indicating a breach in the last year
\nAt 56 percent, meeting compliance requirements was the top IT security spending priority, but preventing data breaches at 50 percent and best practices, also at 50 percent, were close followers
\nComplexity at 68 percent, and lack of staff at 35 percent, are identified as top barriers to adoption of better data security
\nBright spots include 70 percent increasing spending to offset threats to data and 48 percent increasing spending on data-at-rest defenses this year.<\/p>\n
66 percent view meeting compliance requirements as a \u2018very\u2019 or \u2018extremely\u2019 effective way to protect sensitive data, yet slow moving compliance standards consistently fail to stop today\u2019s multi-level attacks.<\/p>\n
Top concerns include:
\nSecurity breaches at the cloud provider level (75 percent)
\nIncreased vulnerabilities from share<\/p>\n","protected":false},"excerpt":{"rendered":"
[From the desk of Paul Davis – his opinions and no-one else’s, apart from the reporter’s opinions ] * Achieving holistic cybersecurity * Insurers adapt coverage to meet evolving terrorist threat * What are the Challenges and Benefits of Outsourcing your Security Functions? * 5 Secret Habits Of Highly Successful…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[29],"tags":[],"class_list":["post-2489","post","type-post","status-publish","format-standard","hentry","category-news"],"_links":{"self":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/2489","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/comments?post=2489"}],"version-history":[{"count":1,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/2489\/revisions"}],"predecessor-version":[{"id":4976,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/2489\/revisions\/4976"}],"wp:attachment":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/media?parent=2489"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/categories?post=2489"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/tags?post=2489"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}