[From the desk of Paul Davis – his opinions and no-one else’s, apart from the reporter’s opinions ]
\nI had a request to change the format of the date in the Subject line to make it easier to sort. So I made the change.<\/p>\n
* Swift CEO Expects More Hacking Surprises as Fix Is Years Away
\n* Despite hacking and snooping fears, web surveillance legislation sails forward
\n* Forget fingerprints; Iris scans could validate mobile payments
\n* Cyber Insurance: Is It Worth It?
\n* sFlow and Network Security: Understanding the Tradeoffs
\n* Why the shortage of skilled cybersecurity experts will drive up the cost of doing business
\n* Microsegmentation & The Need For An Intelligent Attack Surface
\n* 41% of Organisations Unaware of Security Breaches
\n* \u200bSingapore to cut off internet access for gov’t workers
\n* 33% of UK Firms are Buying Bitcoin in Anticipation of Cyber Attacks
\n* Three-quarters of UK adults would walk away from a business that has been hacked – banks and HMRC perceived as best at dealing with hacks, while retailers and travel sites below par
\n* NATO to Invest Billions of Euros to Tap Industry Cybersecurity Know-How
\n* How to survive in the CISO hot-seat
\n* How to build a thriving information security function despite the talent shortage
\n* Security event management: 14 questions to ask before you buy
\n* Enterprises Rather Pay Bitcoin Ransomware Fee Than Improve Cyber Security
\n* It takes 248 days for IT businesses to fix their software vulnerabilities
\n* Real Hackers Don’t Wear Hoodies (Cybercrime is Big Business)
\n* #Infosec16: AI Could Transform Security Operations \u2026 But Don\u2019t Believe the Hype
\n* CORRECTING and REPLACING HITRUST Pilot Advances Health Industry Cyber Threat Sharing to Combat Ransomware and Other Cyber Attacks
\n* RSA: Organizations Need to Determine Their ‘Cyber Risk Appetite’
\n* Vulnerability Spotlight: PDFium Vulnerability in Google Chrome Web Browser
\n* Vulnerability Spotlight: PDFium Vulnerability in Google Chrome Web Browser
\n* Perception of cloud security within enterprises is improving
\n* OPM names first CISO<\/p>\n
Swift CEO Expects More Hacking Surprises as Fix Is Years Away
\n(Bloomberg) — The chief executive officer of Swift, the interbank messaging system embroiled in a global bank-hacking controversy, says to expect more information about breaches to emerge as fully armoring the network\u2019s defenses is likely to take years.
\n\u201cWe don\u2019t think this is going to be solved overnight, so we\u2019ll be looking for a number of quick wins to improve things in the near term,\u201d Gottfried Leibbrandt, Swift\u2019s CEO, said in an interview from the cooperative\u2019s London office on Wednesday. \u201cThe full rollout, and the full shore up, will be a matter of years.\u201d
\nLeibbrandt declined to speculate on who was behind the attack, saying the cooperative isn\u2019t in the business of attributing blame, and that it is too early to tell if the breaches were inside jobs committed by bank employees.
\nLink: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=4484b97da2&e=20056c7556<\/p>\n
Despite hacking and snooping fears, web surveillance legislation sails forward
\nThe government’s controversial web surveillance legislation continues to make its way towards becoming law.
\nThe bill passed its third reading in the House of Commons by 444 votes to 69: it now goes to the House of Lords where is will face more scrutiny: the government wants the new law to be in force by the end of the year.
\nOne of the most controversial aspects of the Investigatory Powers Bill is that it requires telecoms companies and internet service providers to store information about every person’s communications data – calls, texts and web browsing history for a year.
\nThis goes much further than the US and other European countries as has lead to the bill being known as a ‘snoopers charter’.
\nDespite the parliamentary debates, it appears that general awareness of the looming legislation remains low: a poll commissioned by human rights campaign group Liberty claims that nine out of ten British adults believe the state surveillance powers proposed by the bill are not acceptable.
\nNearly three quarters (72 per cent) claimed they don’t know anything about bill – or had never even heard of it.
\nAccording to Liberty’s survey, 38 per cent of respondents believe it would only be acceptable for the government to access and monitor records of communications and web usage if they were suspected of committing a crime: 22 per cent said it would be acceptable only if they have committed a crime.
\nAnd while 30 per cent believe it would never be acceptable, eight per cent said they were happy to be monitored like this in all circumstances.
\nLink: http:\/\/paulgdavis.us3.list-manage1.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=abf33c2539&e=20056c7556<\/p>\n
Forget fingerprints; Iris scans could validate mobile payments
\nFor online purchases, iris scans could help authenticate buyers.
\nAnd while SMS (Short Messaging Service) is an option, banks want greater security when using SMS payments.
\nThat’s where a multimodal approach — integrating facial, voice and behavorial scans into what’s required for a purchase — might help.
\nOne reason for the slow adoption of mobile payments in the U.S. is that consumers don’t see the value of using a mobile device instead of a credit card, she added.
\nThe roll-out of chip-enabled credit cards in the U.S. could eventually help boost interest in mobile payments, but hasn’t apparently made a big difference so far.
\nA U.S.
\nFederal Reserve survey of 2,137 people published last year showed that 75% didn’t use mobile payments because they felt it easier to pay with cash or a credit or debit card, while 59% were worried about the security and privacy of mobile payments.
\nDifferent biometric approaches are needed depending on the type of mobile payment.
\nIn-store, most customers wouldn’t want to pose for a few seconds in front of other customers in line for a facial or voice scan.
\nMeanwhile, Huang found that palm vein sensors would be an optimal point-of-sale authentication technology, but would be prohibitively expensive.
\nLink: http:\/\/paulgdavis.us3.list-manage1.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=a5c08b9a06&e=20056c7556<\/p>\n
Cyber Insurance: Is It Worth It?
\nJust days after a federal appellate court supported a community bank’s claims that its $485,000 account-takeover loss should be covered by insurance, a federal district court in Arizona ruled that restaurant chain P.F.
\nChang’s China Bistro should not be reimbursed by its cyber insurer for fees it paid to its merchant services provider related to its 2013 card breach.
\nIt’s the second legal setback for P.F.
\nChang’s in recent months.
\nIn April, a federal appellate court ruled that a consumer class-action suit filed against the chain could move forward (see P.F.
\nChang’s Ruling: Is the Tide Shifting?).
\n“In this age of uncertainty, as it relates to hacking and cyber liability, an important mitigant for companies is cyber insurance,” says cybersecurity attorney Chris Pierson, CISO and general counsel at invoicing and payments provider Viewpost. “But if it becomes more difficult for companies to get policies that will … cover losses, companies may decide going forward that it may not be worth investing in cyber insurance. [The P.F.
\nChang’s] case could prove to be a very important event that helps companies decide if they will buy cybersecurity insurance policies.”
\nMost insurers don’t offer coverage for fees assessed by Visa and MasterCard, which are often passed along to retailers by processors and banks that offer merchant services, Litan says.
\nThose fees are considered to be part of the card associations’ regular business practices, which are included in merchant contracts, she explains.
\nThe court ruled that Federal Insurance Co. was not responsible for covering breach-related fees that are paid to a third-party under contract.
\n“Everyone in the card food chain wants to be made as whole as possible,” Pierson says. “Visa and MasterCard are looking to make sure they are made whole; merchant services groups and processors want to be made whole; and the third-party institutions want to be made whole.”
\nAs a result, cyber insurance is at an important crossroads, he adds. “Companies implement cybersecurity insurance to mitigate harm that cannot otherwise be mitigated by security controls or people.
\nTo the extent cybersecurity insurance becomes unusable, the market incentives for securing this will disappear.”
\nLink: http:\/\/paulgdavis.us3.list-manage1.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=319313427a&e=20056c7556<\/p>\n
sFlow and Network Security: Understanding the Tradeoffs
\nsFlow, which is short for \u201csampled flow,\u201d provides an industry standard for exporting truncated packets with interface counters.
\nThe sFlow Agent is a software process that runs as part of the network management software within devices, such as routers or switches.
\nThe sFlow agent packages the data into sFlow datagrams that are immediately sent on the network to minimize memory and CPU requirements.
\nAccording to sFlow.org \u2013 the authoritative source of the sFlow protocol specifications \u2013 sFlow offers a number of advantages
\nNetFlow is a proprietary protocol from Cisco to collect IP network traffic as it enters or exits an interface.
\nJFlow is Juniper\u2019s flow protocol, and there are other XFlows from a variety of vendors, and for the purposes of this discussion, they are all very similar to NetFlow.
\nInternet Protocol Flow Information Export (IPFIX) \u2013 an IETF protocol that defines how IP flow information is formatted and transferred from an exporter to a collector \u2013 is based on NetFlow v9.
\nUnlike sFlow, NetFlow isn\u2019t sampled, but it is cached and then exported based on active and inactive timeouts.
\nThe lowest possible value for exporting active flows is one minute, and inactive conversations are exported every 15 seconds.
\nThis means that information about ongoing conversations is exported with a delay of at least one minute.
\nWhile this gives sFlow a point in its favor, many newer NetFlow exporters can be tuned to export at higher rights, diminishing sFlow\u2019s speed advantage.
\nNetFlow\/IPFIX traffic can be sampled, and sFlow is, by definition, always sampled.
\nSampling can significantly reduce CPU usage, but is sampling network flow traffic in general a good idea for security purposes.
\nThe short answer is that sampling is not ideal for ensuring you have maximum visibility for maximum security and protection.
\nOne other \u201cfeature\u201d of sFlow is that sampled packets get forwarded as they are picked up, but they are not timestamped.
\nThis means there is a small level of uncertainty about the exact capture time of the packet.
\nSo, when it comes to network security, can you use sFlow.
\nOr do you really need a Netflow\/IPFIX solution.
\nThe answer is that it depends.
\nSampled sFlow is very powerful for fast DDoS detection.
\nIf you are an ISP or a large enterprise and plans to use NetFlow for data and security analysis, that can justify the increased hardware cost associated with tracking every communication.
\nLink: http:\/\/paulgdavis.us3.list-manage1.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=5b99c5dd98&e=20056c7556<\/p>\n
Why the shortage of skilled cybersecurity experts will drive up the cost of doing business
\nA recent report by SEEK.com showed the year-on-year growth in demand for these experts at 57%, and it\u2019s evident that while companies need specialists to keep their networks and companies secure, there are an insufficient number of skilled employees available to fill these roles.
\nIn an interview with CIO.com.au, MailGuard CTO Jason Pearce said \u201cFor Australia it\u2019s almost at a critical point.
\nAs a cyber security company to find goods skills in the market is very hard.
\nIf you can\u2019t attract skills locally, organisations have to go offshore and find people to bring into the country.
\nIn an interview with CIO.com.au, MailGuard CTO Jason Pearce said \u201cFor Australia it\u2019s almost at a critical point.
\nAs a cyber security company to find goods skills in the market is very hard.
\nIf you can\u2019t attract skills locally, organisations have to go offshore and find people to bring into the country.
\nFrom an operational cost perspective, organisations are invariably turning to technological solutions as they explore new avenues to reach customers and strive for competitive advantages across their business.
\nIn doing so, not only do businesses need to wear the costs of improving their offerings to stream-line and automate processes, and to create direct (web and mobile) channels to serve and support customers, but those businesses must also consider the associated security costs too.
\nPerhaps one of the most detrimental costs attributed to this shortage is the reputational damage associated with cyber issues.
\nWithout investing appropriately in cybersecurity professionals to implement effective threat protection measures, businesses risk erosion in business trust and reduced consumer confidence, which are potentially far greater costs than purely financial ones.
\nLeaders in the cybersecurity industry also need to actively work with universities to design internship programs that expose students to the security landscape.
\nGiving universities access to cybersecurity experts who can share their real-world experience with university students is the way forward in reducing this skills shortage and defending the state of the nation against cyber attack.
\nLink: http:\/\/paulgdavis.us3.list-manage1.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=df2315d8ff&e=20056c7556<\/p>\n
Microsegmentation & The Need For An Intelligent Attack Surface
\nThere is a set of microsegmentation technologies available and being considered for usage today that optimize on the lowest-common denominator of security.
\nThese technologies offer a relatively simple security model applied to as many form-factors and variations of applications as possible: containers, VMs, on-premises, cloud, bare metal, and network device.
\nIn optimizing on as many possible computing platforms as possible there are a set of tradeoffs that are made versus the depth of policies necessary for the top tier of application: those that provide control point services supporting the entire enterprise.
\nMicrosegmentation systems optimize on reach and attempt to provide a baseline level of security across as many disparate systems as possible.
\nThis includes workloads that currently reside on everything from bare metal servers and mainframes, to virtual machines, containers, cloud providers, and firewalls.
\nThe larger the number of device types that can be supported by a vendor, the more broadly the policies can be applied to a given enterprise.
\nThe main difference is that — as opposed to “shrinking” the attack surface — this path focuses on replacing the attack surface altogether.
\nThis model creates an intelligent wrapper in which you encapsulate the workload you are protecting.
\nThere are several key capabilities required to encapsulate a workload:
\n1) Control Administrative Access
\n2) Control Transport Protocols
\n3) Control Authentication
\n4) Control Storage Access
\n5) Control Operations
\nFor Tier 0 applications throughout your enterprise, take a look at your zoning and supporting policies.
\nThere has been a lot of talk about reducing the attack surface, and for some Tier 1 and 2 applications and user-to-server access, that may be appropriate.
\nBut for Tier 0, such as your command and control infrastructure or your systems of record, consider removing the attack surface altogether and placing an abstraction layer around the application that provides the actionable intelligence your Infosec team needs to protect your operation.
\nLink: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=a5954a6e9e&e=20056c7556<\/p>\n
41% of Organisations Unaware of Security Breaches
\nUK organisations are ill-equipped to mitigate today\u2019s increasingly complex threat landscape, according to new research from Node4.
\nThe survey of 100 UK-based IT decision makers reveals 41% do not know how many security breaches their organisation has suffered in the last 12 months.
\nThe survey, carried out with IT decision makers (ITDMs) in organisations of 50 or more employees, reveals a lack of protection against increasingly sophisticated security risks.
\nAs many as three-quarters (75%) have no DDoS protection in place or Unified Threat Management, rendering them at a disadvantage when attempting to identify, analyse and action threats.
\nIn fact, almost half (46%) lack firewalling security measures.
\nThe full research is covered in a new Node4 IT industry report, launched today IT Security: the evolving threat landscape.
\nIt presents comprehensive insight into current security concerns, the approaches IT decision makers are taking to protect their organisations and, critically, how they can shape IT security strategies to mitigate against cybercrime.
\nLink: http:\/\/paulgdavis.us3.list-manage2.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=3d5d86cd55&e=20056c7556<\/p>\n
\u200bSingapore to cut off internet access for gov’t workers
\nSINGAPORE – Government employees in Singapore will soon lose their internet access at work to make official information systems more secure, authorities said Wednesday.
\nThe government’s Infocomm Development Authority said it has begun disconnecting internet access from the work stations of some government employees, and will expand the removal to all public workers by next June.
\nThe newspaper said government employees who need the internet for work will be issued separate laptops with web access.
\nIf they don’t, they can use the internet on personal tablets or cellphones without access to government networks, it said.
\nLink: http:\/\/paulgdavis.us3.list-manage1.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=d4b87d2b09&e=20056c7556<\/p>\n
33% of UK Firms are Buying Bitcoin in Anticipation of Cyber Attacks
\nA cyber-security survey by remote access developer Citrix has found an interesting use case for holding bitcoin \u2013 being prepared to pay a ransom to hackers holding your files captive.
\nThe poll asked 250 British IT and cyber-security specialists representing companies of various sizes about their preparedness for cyber-crime and found that 33% said they were buying bitcoin in order to be able to pay off future ransomware attackers.
\nAccording to the survey, the storing of bitcoin or other cryptocurrencies is being done by 36% of the smaller businesses who participated (those with 250-500 employees) and 57% of medium firms (those with 501-1000 employees).
\nOnly 18% of the larger firms (those with more than 2,000 employees) said they keep a similar ransomware stash, however they did say they are willing to pay up to \u00a350,000 in order to unlock their files if they contain important intellectual property or business critical data.
\nLink: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=c06948cffd&e=20056c7556<\/p>\n
Three-quarters of UK adults would walk away from a business that has been hacked – banks and HMRC perceived as best at dealing with hacks, while retailers and travel sites below par
\nA new study from Centrify reveals that 75 per cent of adults in the UK would stop doing business with, or would cancel a membership to, an organisation if it was hacked.
\nThis suggests, however, that a quarter would carry on using that company, despite the security risks to both personal and financial information.
\nTo some degree, most consumers expect to be hacked today, with 73 per cent in the UK admitting that it has become normal or expected for businesses to be hacked.
\nDespite this, only half feel that they are taking enough responsibility for the security of their customers’ or members’ personal information.
\nMost people believe that the burden of responsibility for security falls to the business.
\nAbout two-thirds in each country rated organisations as a 9 or 10 on a 10-point scale in terms of how responsible they should be for preventing hacks and securing the personal information of their customers.
\nAccording to the survey, financial institutions have the best reputation when it comes to dealing with security breaches compared to other sectors.
\nThey top the list of seven different industries in terms of how well they handle security issues for their customers, although government\/local government and HMRC come in a respectable second.
\nWorryingly, retailers rank fourth and travel sites fifth in each country, while membership and hospitality businesses are the lowest ranked.
\nThe Centrify study also shows that organisations are increasingly going public with news of security attacks and data breaches, often notifying their customers directly.
\nAround one third in the UK have been notified of a hack.
\nOf those notified of a hack, less than half (45 per cent) of those in the UK found out that their personal information, such as an address or credit card information, had been compromised.
\nLink: http:\/\/paulgdavis.us3.list-manage1.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=0bb914043f&e=20056c7556<\/p>\n
NATO to Invest Billions of Euros to Tap Industry Cybersecurity Know-How
\nNATO is dangling roughly 3 billion euros ($3.4 billion) in funding for future cyber-based initiatives to match\u2014and then surpass\u2014the increasingly sophisticated attacks against its 28-member alliance, officials announced Tuesday on the inaugural day of the NITEC 2016 conference.
\nThe NATO Communication and Information (NCI) Agency launched its small business mentoring program to harness the help small and medium enterprises (SMEs) contribute to NATO cyber defenses and help address emerging threats, such as three trends that prove most concerning for global government leaders, Adm.
\nMichael Rogers, USN, commander of U.S.
\nCyber Command and director of the National Security Agency, shared at the conference, presented by the NCI Agency and AFCEA Europe and organized in cooperation with the Estonian Ministry of Defense.
\nNITEC 2016 runs from June 7-9 in Tallinn, Estonia.
\nLink: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=00396b91ed&e=20056c7556<\/p>\n
How to survive in the CISO hot-seat
\nThe CISO is a precarious job.
\nResearch studies indicate that CISOs typically survive just 18 months to two years in a job which is increasingly complex and multi-skilled.
\nThe consultancy found that CISOs on average spend 77 percent of their time as \u201ctechnologists\u201d and \u201cguardians\u201d on technical aspects of their positions, although they would like to reduce this to 35 percent \u2013 a sign of the times perhaps.
\n\u201cThe position as CISO is not for the faint of heart, it requires knowledge of disparate security technologies, risk management frameworks, as well as network and security architectures,\u201d he said, adding that an understanding of federal and state law, as well as compliance and in developing security strategies, is also required.
\nForcepoint Deputy CISO Neil Thacker told CSO that the five main challenges for today\u2019s CISOs are managing risk, communicating with major stakeholders, managing security operations, ensuring data protection and guarding against the insider threat.
\nMatt Palmer, CISO at insurance broker Willis Towers Watson, says that often the biggest challenge is for security heads to look at how they can improve security operations.
\n\u201cMost of the time in a large organization you will be spending your time with issues that are either historical or immediate, they require operational or tactical decisions rather than strategic.
\nYet, the world is changing so fast that you have to be ruthlessly strategic.
\nWhen you try to do so, visibility is limited and the future often foggy.
\nFinding that clarity and aligning strategic and operational priorities in the best interest of all stakeholders is the challenge we face.\u201d
\nYet he adds that there are other pertinent issues, from educating, informing and managing expectations of senior stakeholders to improving security processes.
\n\u201cA successful CISO is the person who is approachable and can help make educated decisions before, during and post incident.
\nThey will have a good knowledge of the organization and understand the inner workings from business process through to data processing whilst utilizing their knowledge and intel from the threat and risk landscapes to position their team to be most effective when an incident arises.\u201d
\n\u201cI have yet to meet any CISO who thinks they have been successful, we are all too aware of the scale of the challenge and that the job is never done.
\nIf you are one step ahead today, you are one step behind tomorrow.\u201d
\nOne question that continues to abound, even now, is how CISOs work with senior management.
\nIn my recent piece, it was suggested that sacked CISOs often fall down on articulating the security problems \u2013 and solutions \u2013 to senior management.
\nAnd experts say that board understanding and security budgets are invariably linked.
\n\u201cBoards and non-execs today often set a high standard, but very few have security expertise or seek external advice to challenge their internal security team effectively,\u201d says Palmer, adding CISOs should always look to use their budget wisely, and utilize existing technology resources where possible.
\nAs we explored recently, sacked CISOs are surprisingly hard to hear of, with most let go on \u201cagreeable\u201d terms in order to protect the public image of the company.
\nYet CISOs do bounce back – even after multiple firings, illustrating the demand for these professionals.
\n\u201cThe best career development for me is to do what I do better.
\nSecurity practitioners should never stop learning.
\nFind team members who are better than you or develop them until they are better than you.
\nMake sure they have good challenges and be open to debate to so they will challenge you and make you better.
\nKeep finding better ways to listen and communicate.
\nDoing things outside work helps too.
\n\u201cA successful CISO will be involved in these communities and not only should offer advice and become a mentor, they will also learn from others such is the vast, varied challenge information security offers.\u201d
\nLink: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=d3db985e67&e=20056c7556<\/p>\n
How to build a thriving information security function despite the talent shortage
\nMuch of the business world now recognizes the challenge in hiring enough qualified information security professionals.
\nAs evidence of this, it was reported as part of the 2015 Global Cybersecurity Status Report that 92% of companies surveyed that planned to hire information security professionals, expected to have trouble doing so.
\nAs I mentioned in “Good information security is fun-damental,” many organizations have sought to solve the staffing shortage by spending large amounts of capital on products designed to shore up security.
\nUnfortunately, virtually all of these expensive new products require significant care and feeding.
\nIt would be a wonderful world if we could buy automation products that would provide great protection, and with only an on\/off switch, but alas, the industry is not there yet.
\nAs such, companies are discovering that once they buy that $250,000 security product, they need to immediately hire three people to manage it.
\nThere are many tools and approaches available for automating routine monitoring.
\nMy favorite class of tools in this area is log monitoring (Splunk, Greylog, Sumo Logic, etc).
\nThese tools require some setup, but once done, you have one place to look for log entries from all of your systems, with some analytics functions that shortcut the monitoring effort.
\nThere are many tools and approaches available for automating routine monitoring.
\nMy favorite class of tools in this area is log monitoring (Splunk, Greylog, Sumo Logic, etc).
\nThese tools require some setup, but once done, you have one place to look for log entries from all of your systems, with some analytics functions that shortcut the monitoring effort.
\nThere are many interns looking for some experience in information security as part of their college education.
\nHiring them can be an invaluable approach to augmenting your security function.
\nMany information security functions can be outsourced, thus transferring your talent shortage problem to a vendor.
\nExamples of good outsourcing candidates include security operations and monitoring, firewall management, and patch management.
\nBottom line: Staff shortages in information technology are not a new problem.
\nThe specific discipline in short supply may change, but the problem will likely always be with us.
\nBy being innovative and using sound management practices, you can thrive despite the lack of talent.
\nLink: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=596cd800d3&e=20056c7556<\/p>\n
Security event management: 14 questions to ask before you buy
\nDemand for security information and event management (SIEM) technology is high, but that doesn\u2019t mean businesses are running these products and services smoothly.
\nAccording to a report from Gartner, large companies are reevaluating SIEM vendors due to partial, marginal or failed deployments.
\nWhile the core technology has changed little in the last decade, its use cases and the pace at which businesses have adopted it have prompted a transformation, experts say.
\nIf your SIEM isn\u2019t meeting your standards, start by examining your environment, needs and capabilities first — then choose the appropriate solution that will deliver.
\nHere\u2019s a look at 14 questions you need to ask both yourself and your vendor before you buy.
\n1- Is your current SIEM the problem?
\n2- Can you afford it?
\n3- What do I want to monitor?
\n4- What\u2019s your commitment to SIEM?
\n5- How will I be charged?
\n6- Where does security analytics fit in your roadmap?
\n7- How do you support cloud environments?
\n8- How will you enable automation in the future?
\n9- Who are your partners?
\n10- How will you advance the SIEM?
\n11- I want to control the SIEM on-premises. What help is available?
\n12- I want to outsource this. How will you support me?
\n13- What training is available for my team?
\n14- Can you solve my specific use case?
\nLink: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=615c092c9b&e=20056c7556<\/p>\n
Enterprises Rather Pay Bitcoin Ransomware Fee Than Improve Cyber Security
\nOne of the more disconcerting trends in the world we live in is the emergence of ransomware and malware attacks.
\nThings have gotten so much out of hand that companies are proactively buying Bitcoin to pay any ransom in case an attack happens.
\nWhile this may be a sound decision in some people\u2019s eyes, the companies are inviting hackers to \u201cdo their worst\u201d.
\nCitrix conducted a small survey to see how enterprises are dealing with malware and ransomware threats.
\nAs it turns out, some of them turned to stockpiling Bitcoin to get rid of an infection as soon as possible.
\nTo be more precise, on in three of the 250 companies indicates this was their current course of action.
\nThe bigger concern is how this study also indicated half of the respondents do not perform regular data backups.
\nIn this day and age of cyber security and data breaches, enterprises need to get their priorities in order.
\nBuying Bitcoin and playing the victim will not win them any sympathy.
\nLink: http:\/\/paulgdavis.us3.list-manage1.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=b85b7bb387&e=20056c7556<\/p>\n
It takes 248 days for IT businesses to fix their software vulnerabilities
\nCompiled using data collected from tens of thousands of websites, a new WhiteHat Security report reveals that the majority of web applications exhibit, on average, two or more serious vulnerabilities per application for every industry at any given point in time.
\nThe findings also highlight that the IT and retail industries struggle to remediate in a timely manner.
\nIt takes 248 days for IT and 205 days for retail businesses to fix their software vulnerabilities.
\nAccording to the \u201cWindow of Exposure\u201d data in the report, another key metric organizations need to pay attention to is the number of days an application has one or more serious vulnerabilities open during a given time period.
\nAcross all industries, a substantial number of web applications remain always vulnerable.
\nA few key highlights:
\nIT \u2013 60 percent of web applications are always vulnerable
\nRetail \u2013 half of all web applications are always vulnerable
\nBanking and financial services \u2013 40 and 41 percent of web applications are always vulnerable, respectivel<\/p>\n","protected":false},"excerpt":{"rendered":"
[From the desk of Paul Davis – his opinions and no-one else’s, apart from the reporter’s opinions ] I had a request to change the format of the date in the Subject line to make it easier to sort. So I made the change. * Swift CEO Expects More Hacking…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[29],"tags":[],"class_list":["post-2491","post","type-post","status-publish","format-standard","hentry","category-news"],"_links":{"self":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/2491","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/comments?post=2491"}],"version-history":[{"count":1,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/2491\/revisions"}],"predecessor-version":[{"id":4978,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/2491\/revisions\/4978"}],"wp:attachment":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/media?parent=2491"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/categories?post=2491"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/tags?post=2491"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}