[From the desk of Paul G Davis – his opinion and no-one else’s, apart from those of the authors of the articles.]
\nAnd so, now the news<\/p>\n
* World Bank: Well-regulated FinTech boosts inclusion, fights cyber crime
\n* FERC Federal Energy Regulatory Commission : Issues Final Rule Directing NERC to Develop a New or Modified Reliability Standard For Supply Chain Risk Management
\n* 7 information security trends currently dominating the market
\n* 49,455 cyber crime incidents, just 302 convictions [India – Infographic]
\n* Cyber crime makes up 51% of fraud in England and Wales
\n* Cybersecurity: A vertical industry application?
\n* 3 ways phishing destroys marketing ROI
\n* When should push come to shove over cybersecurity?
\n* Here’s what your personal data is going for on the dark web
\n* Tools & Training To \u2018Hack Yourself\u2019 Into Better Security
\n* Location, location, location: Does it really matter where your data is stored?
\n* Digital trust could be the key to ensure personal health data
\n* Why IT Service Desk Should be your First Line of Defence
\n* Data security and breach notification in China
\n* Data security and breach notification in Hong Kong
\n* NASA Taps Former Microsoft Director as IT Security Chief<\/p>\n
World Bank: Well-regulated FinTech boosts inclusion, fights cyber crime
\nFINANCIAL technology \u2014 or FinTech \u2014 is changing the financial sector on a global scale.
\nIt is also enabling the expansion of financial services to low-income families who have been unable to afford or access them.
\nThe possibilities and impact are vast, as is the potential to improve lives in developing countries.
\nThe financial sector is beginning to operate differently; there are new ways to collect, process, and use information, which is the main currency in this sector.
\nA completely new set of players is entering the business.
\nAll areas of finance \u2014 including payments and infrastructure, consumer and SME credit, and insurance \u2014 are thus changing.
\nWith FinTech, regulators must adapt to the fast-changing landscape and to a new class of entrants, while ensuring a level playing field, protecting consumers and privacy, and guarding against money laundering and the financing of terrorism.
\nNew questions arise, such as whether encrypted money transactions would promote financial inclusion while aiding anti-money laundering activities by reducing cash transactions and allowing greater traceability.
\nMexico\u2019s approach, of making the information required from account holders proportional to the size and frequency of their transactions, has proved an efficient way to supervise the financial system while keeping transaction costs low for low-risk clients.
\nThis new risk landscape requires new ways of thinking about regulation and financial supervision.
\nThis is particularly true with respect to cybersecurity risks, where banks and regulators have to depart from traditional supervision processes.
\nThe combination of supervisory functions with technology is also key to increase the detection of illicit money flows, fraud and theft.
\nThe imminent need to regulate FinTech effectively, as well as apply regulatory knowledge in news ways, is a stimulating challenge taken up by national and international institutions, often with the private sector.
\nThe technological changes we\u2019re seeing, together with regulatory support, will help accelerate billions more people to access finance to make their lives better and start tapping the benefits of development.
\nLink: http:\/\/paulgdavis.us3.list-manage1.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=f160aabb3e&e=20056c7556<\/p>\n
FERC Federal Energy Regulatory Commission : Issues Final Rule Directing NERC to Develop a New or Modified Reliability Standard For Supply Chain Risk Management
\nNorth American Electric Reliability Corporation to develop a new or modified Reliability Standard that addresses supply chain risk management for industrial control system hardware, software, and computing and networking services associated with bulk electric system operations.
\nThe new or modified Reliability Standard is intended to mitigate the risk of a cybersecurity incident affecting the reliable operation of the Bulk-Power System.
\nLink: http:\/\/paulgdavis.us3.list-manage1.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=c7d890ffe1&e=20056c7556<\/p>\n
7 information security trends currently dominating the market
\nIf you\u2019re concerned about your company\u2019s information security, you may be interested in learning about these seven different information security trends that are currently dominating the market.
\n1) Legislation and Information
\nThis is an ongoing discussion in the information security industry, and so far, there has been no clear indication of how legislation, which is often trying to put rules on past situations, can keep up with the always-changing world of data security.
\n2) Big Data will result in Big Problems
\nBusiness owners need to question the validity of their data, their code, and all other information to make certain that the information they\u2019re using is correct and current.
\n3) The Cloud
\nYou should have full visibility of your data, including knowing where it\u2019s physically being stored, what the provider\u2019s security system is, and how they address vulnerabilities.
\n4) Ransomware
\nEither way, IT departments and data security companies have to step up to deal with this type of threat.
\nOne way they are doing so is by using real-time network intrusion protection to see what unauthorized accounts are logged into the system and removing their access before they can do any damage.
\n5) Phishing
\nMany cyber-terrorists prefer phishing because it\u2019s much easier than creating a virus or malware.
\n6) Known System Vulnerabilities
\nMake certain your systems have been fully patched and that you replace security systems that have known security issues and no available fixes for them.
\n7) The Internet of Things
\nAll of these new internet-connected devices will have to have some kind of security in place to prevent unauthorized access.
\nUnfortunately, with so many new entry points to your system, it can be all but impossible to monitor every single one of them.
\nLink: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=59b54c38e1&e=20056c7556<\/p>\n
49,455 cyber crime incidents, just 302 convictions [India – Infographic]
\nWhile there has been a steady increase in the number of cases registered to curb cyber crime, convictions are still slow.
\nLink: http:\/\/paulgdavis.us3.list-manage1.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=1a55b06e60&e=20056c7556<\/p>\n
Cyber crime makes up 51% of fraud in England and Wales
\nOf an estimated 3.8 million incidences of fraud in England and Wales over the year to end-March 2016, 1.9 million or 51 percent were cyber-related, affecting one in ten adults, according to experimental statistics published by the UK Office of National Statistics (ONS).
\nThis is the first time the ONS has published official estimates of fraud and computer misuse and the independent statistics body claims the new questions, which were added to the Crime Survey in October 2015 represent a world first.
\nLink: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=e1efbd0deb&e=20056c7556<\/p>\n
Cybersecurity: A vertical industry application?
\nCybersecurity has always been a horizontal technology practice that\u2019s roughly the same across all industry sectors.
\nYes, some industries have different regulations, use cases or business processes that demand specific security controls, but overall every company needs things like firewalls, IDS\/IPS, threat management gateways and antivirus software regardless.
\nGeneric security requirements will remain forever, but I see a burgeoning trend transforming cybersecurity from a set of horizontal technologies to a vertical industry application.
\nThese drivers include:
\n* Increasing business focus on cybersecurity
\n* CISO progression
\n* Advancing regulations
\n* Industry-focused threats
\n* IoT<\/p>\n
Link: http:\/\/paulgdavis.us3.list-manage1.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=5e1fb85b55&e=20056c7556<\/p>\n
3 ways phishing destroys marketing ROI
\nMarketers rely on key performance indicators (KPIs) to prove their value to the business.
\nAnd email is a key driver of those metrics, generating more leads, conversions and revenue than any other distribution channel.
\nUnfortunately, the most valuable marketing channel is also the least secure.
\nIn the first quarter of 2016, the Anti-Phishing Working Group (APWG) observed more phishing attacks than at any other time in history.
\nAnd this trend has big consequences.
\nBelow, we explore three ways phishing destroys your marketing ROI \u2014 and what you can do about it.
\n1) Phishing destroys brand trust
\n2) Phishing reduces email marketing performance
\n3) Phishing erodes email marketing revenue
\nThe reality is, no matter how sophisticated email authentication protocols become, some bad email will always reach the inbox.
\nEducating customers is a great way to mitigate the impact of those fraudulent messages.
\nCreate a customer education portal, or remind customers that you\u2019ll never ask them for certain information over email.
\nLink: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=1d84986009&e=20056c7556<\/p>\n
When should push come to shove over cybersecurity?
\nSo how can business respond to their slick phishing emails and social engineering ruses?
\nOne school of thought within cybersecurity circles argues for an aggressive stance, urging companies to force their employees to regularly change their passwords.
\nThey argue that letting passwords go stale only raises the odds that hackers, given more opportunity to guess the right combination, will eventually hit pay dirt.
\nFTC Chief Technologist\u2014and Carnegie Mellon computer science professor\u2014Lorrie Cranor, argued recently that it\u2019s time to rethink mandatory password changes.
\nShe noted that when organizations force employees to frequently change their passwords, people \u201ctended to create passwords that followed predictable patterns.\u201d
\nIn the end, however, the onus falls on the backend systems.
\nIt\u2019s up to the organization to equip administrators with tools to monitor the network for anomalies, which might suggest someone has attempted to access a legitimate user account.
\nWith a window into the system, security monitors can discern the last time that users logged in to determine whether they are responsible for failed attempts at logging in.
\nLink: http:\/\/paulgdavis.us3.list-manage1.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=82cb45f97e&e=20056c7556<\/p>\n
Here’s what your personal data is going for on the dark web
\nHere is what security software company Trend Micro claims this type of data is commanding today:<\/p>\n
Credit card credentials: $15-$22
\nSpotify account: $2.75
\nHulu account: $2.75
\nNetflix account: $1\u2013$3
\nNOAA.gov account (FTP or SFTP access): $476
\nUSPS.gov account (FTP or SFTP access): $680
\nCDC.gov account (FTP or SFTP access): $340
\nWestern Union account: $6.80<\/p>\n
Link: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=610e106211&e=20056c7556<\/p>\n
Tools & Training To \u2018Hack Yourself\u2019 Into Better Security
\nIf you can implement a \u201chack-yourself\u201d program effectively, you can improve the effectiveness of your defense-in-depth strategies by having a blue team capable of carrying out red team exercises to gain a better awareness of how attackers might approach certain network vulnerabilities.
\nWhen your network is under attack, your most valuable asset is time.
\nThe faster you understand you\u2019re being attacked and the quicker you understand what\u2019s happening, the faster you can identify where the attackers are and what they\u2019re doing.
\nResponding to attacks quickly and efficiently requires an advanced level of preparation that many security teams haven\u2019t yet achieved.
\nThe first step in improving preparation is theoretical training in the latest tools, techniques and procedures.
\nCybersecurity conferences such as Black Hat, DefCon, BSides and the Chaos Communication Conference can provide the higher-level, theoretical learning to get your security team moving toward proper awareness and preparation.
\nThe next step is to introduce red team exercises.
\nRed team exercises with third-party consultants can help large enterprises spot critical vulnerabilities in their networks.
\nHowever, many companies rely on these red team exercises to the point that they don\u2019t maintain the proper level of internal cybersecurity awareness.
\nExternal red team exercises offer a level of expertise that most organization don\u2019t have internally.
\nBut there is also real value in implementing a \u201chack-yourself\u201d program to build your security posture from the inside — and arm your blue team with the necessary skills to think like the red team and improve your security posture.
\nOne way to ensure your security team has the proper training to carry out an advanced \u201chack-yourself\u201d program is to invest in the Cyber Guardians program from the SANS Institute.
\nThe Cyber Guardians program consists of four core courses and corresponding certificates.
\nLink: http:\/\/paulgdavis.us3.list-manage1.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=ffc116efea&e=20056c7556<\/p>\n
Location, location, location: Does it really matter where your data is stored?
\nAccording to a recent study conducted by Red Brick Research on behalf of Volta Data Centres, 87 per cent of UK consumers would feel more confident if they knew their data was stored in the UK.
\nThe survey clearly indicates that customers care about where their data is stored.
\nDespite clear concerns regarding companies\u2019 data policies, the majority of consumers are still unaware of how their personal data is stored \u2013 81 per cent fail to check how a company stores their personal data or for how long that data is held.
\nThis is in stark contrast to the 49 per cent that actively check that security status of the website.
\n72 per cent specifically more confident about data being stored in London compared to other cities.
\nThe primary concern is privacy laws \u2013 with 69 per cent admitting they would worry if they knew that their personal information was being held in countries that had different data protection laws to the UK.
\nOf these, 44 per cent would be most worried about their personal data if stored in Africa, followed by Asia (18 per cent) and Eastern Europe (17 per cent).
\nIn addition, 67 per cent would worry if they knew that their personal information was being held in countries that had different security requirements to the UK.
\nThe good news for businesses is that this level of awareness is driving demands for more information about a company\u2019s data storage policies \u2013 and the younger generation is even more likely to be swayed by an organisation\u2019s data location strategy. 72 per cent of 25 to 54 year olds confirm they would have more trust in an organisation that provided information about where it stored data \u2013 this rises to 87.8 per cent of 18 to 24 year olds.
\nLink: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=03ffbabc9d&e=20056c7556<\/p>\n
Digital trust could be the key to ensure personal health data
\nRachel Delphin, Tanium’s new head of product communications, joined the company from Twitter and joined us to discuss why the ‘broken system’ of cybersecurity lured her in, and why education is key to stopping threats.
\nSo who is Tanium’s audience?
\nThere are the obvious audiences, the people who cover engineering and innovation, and of course it’s people who will become customers of Tanium.
\nBut it’s also engaged citizens and the companies they trust keep their information.
\nYou came from Twitter (NYSE: TWTR), itself an influential platform that’s also had its share of product challenges.
\nWhat did you take away from that experience?
\nProduct communications, generally speaking, is launching new products and features and communicating that to end audiences.
\nHere, the audience is different and obviously the products are different.
\nHow would you describe that goal at Tanium?
\nIt’s very much about the need to educate people on the state of the industry: that the system is broken, and the tools we\u2019re using are out of date.
\nThe transition into the era of electronic health records and health wearables has resulted in a plethora of electronic patient information including dates of birth, home addresses, social security records, insurance details and medical data.
\nThis data is highly desirable on the black market.
\nBut there are ways to prevent the risk for fraud.
\nI recently spoke to Brian Kalis, managing director of digital health at Accenture, to learn more.
\nKalis and many others place great credence in the notion of \u201cdigital trust,\u201d a combination of cybersecurity, privacy and \u201cdata ethics.\u201d It extends beyond the notion of data security to an ethical viewpoint about \u201cthe handling, control and providence of data. about making sure data is accurate and handled effectively.
\nDigital ethics expands data security beyond pure safety to the decisions and actions you take to ensure that you are using that information responsibly for the people you serve as a steward of that information.\u201d
\n\u201cWhat we\u2019re seeing is the raising of security up to the board level, executive level response, so a lot of the ways of protecting it start with the leadership and overall aspect of making security of data a priority and then extend this philosophy to all the employees in practice.
\nThen companies can move into more advanced ways of protecting the information internally, whether through using advanced analytics to detect both internal threats or misuses of information or external threats coming in.\u201d
\nKalis also believes the blockchain can be part of the solution, as it shifts the model from centralized control to decentralized power that\u2019s ultimately controlled by the individual.
\nHe cities the example of Estonia where blockchain technology is utilized to secure over a million healthcare records.
\nLink: http:\/\/paulgdavis.us3.list-manage1.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=d93ad6d880&e=20056c7556<\/p>\n
Why IT Service Desk Should be your First Line of Defence
\nThe best defense against cyber-crime is knowledge, namely, knowing exactly what is going on inside an organizations\u2019 network.
\nThat\u2019s why the IT Service Desk plays such a crucial role in identifying strange behaviors and meaningful trends.
\nAfter all, if a number of users\u2019 PCs are running slowly, or a business application is frequently crashing, it could easily be a symptom of a wider cyber-attack.
\nYet, users are unlikely to go running straight to the IT security department.
\nFor this reason, the Service Desk is best placed to notice if any trends begin to appear which could warrant further investigation.
\nThere are several measures that organizations can take to equip their Service Desk against cyber-crime.
\nAutomated patching should proactively manage operating systems and application vulnerabilities and endpoint protections should ensure that only authorized applications run.
\nTaking the time to arm your Service Desk with these sorts of defenses will result in efficiency and, consequently, a well-secured operating system that blocks the majority of incoming threats.
\nLink: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=7f1c3ebb40&e=20056c7556<\/p>\n
Data security and breach notification in China
\nArticle 13 of the Provisions on Protecting the Personal Information of Telecommunications and Internet Users imposes the following security requirements on telecommunications operators and internet service providers
\nThe Provisions on Protecting the Personal Information of Telecommunications and Internet Users also require that telecommunications operators and internet service providers provide staff members with training in the relevant skills and responsibilities relating to the protection of personal information.
\nThey must also conduct at least one self-audit of their data protection measures, record the results and promptly eliminate any security risks discovered during the audit.
\nThere are no national-level requirements regarding notification of breaches.
\nHowever, under certain local consumer protection regulations, such as those in Shanghai, security breaches must be reported to the data subjects.
\nIn the telecommunications and internet sector, if personal information is disclosed or may potentially be disclosed, service providers must take remedial measures immediately.
\nIf the incident has or may have serious consequences, the service provider must report it immediately to the relevant telecommunications administrations and cooperate in the investigation carried out by the telecommunications administrations pursuant to the Provisions on Protecting the Personal Information of Telecommunications and Internet Users.
\nLink: http:\/\/paulgdavis.us3.list-manage2.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=a3c2a2ee8c&e=20056c7556<\/p>\n
Data security and breach notification in Hong Kong
\nData users must take all practicable steps to ensure that personal data held by them is protected against unauthorised or accidental access, processing, deletion, loss or use.
\nIf any personal data is transferred to a data processor, the data user must adopt contractual or other means to ensure that the data processor protects the personal data from any unauthorised or accidental access, processing, deletion, loss or use.
\nWhile there is no statutory requirement to do so, voluntary notification is generally recommended by the privacy commissioner.
\nIndustry-specific regulators may also require companies in such regulated industries (eg, financial institutions) to notify individuals of any unauthorised access, use or loss of their personal data.
\nWhile there is no statutory requirement to do so, voluntary notification is generally recommended by the privacy commissioner.
\nIndustry-specific regulators may also require companies in such regulated industries (eg, financial institutions) to notify them in the event of any unauthorised access, use or loss of personal data.
\nLink: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=2b7467089b&e=20056c7556<\/p>\n
NASA Taps Former Microsoft Director as IT Security Chief
\nThe National Aeronautics and Space Administration has named a former Microsoft Corp. director as its associate chief information officer for IT security, the federal space agency said this week.
\nJeanette Hanna-Ruiz, who for the past three and a half years led teams at Microsoft\u2019s consulting services business, takes over the post early next month, the agency said.
\nMs.
\nHanna-Ruiz, who was also named as a senior agency information security official, has more than 20 years of experience in cybersecurity, at both public and private sector organizations, according to her LinkedIn profile.
\nAt Microsoft, she led the company\u2019s identity management team and was its \u201cpublic sector civilian\u201d lead for cybersecurity, among other roles, the agency said.
\nPrior to that, she was a director of cyber forensics and information assurance at Computer Sciences Corp., from March 2011 until December 2012.
\nLink: http:\/\/paulgdavis.us3.list-manage2.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=4a7e2ee2a4&e=20056c7556<\/p>\n
* Best practices in cyber vulnerability assessment
\n* Are Healthcare CISOs Suffering from Cybersecurity Solution Fatigue? An Expert Probes Some of the Issues
\n* Will Faster Payments Mean Faster Fraud?
\n* Accenture : Data theft, malware infection big threat to digital businesses
\n* Ponemon Institute: External Cyber Attacks Cost Enterprises $3.5M\/year, 79% of Businesses Lack Comprehensive Strategies to Manage these Risks
\n* 2016 Malware Levels Now Stand at Nearly Four Times 2015 Totals
\n* Twitter Hacking and Social Media\u2019s Risk to Executive Security
\n* Beyond Data: Why CISOs Must Pay Attention To Physical Security
\n* $2.7 Million HIPAA Penalty for Two Smaller Breaches
\n* Using compliance as a tool for change
\n* In the Breach War, File Protection Is Just as Important as Data
\n* Data security and breach notification in Finland
\n* ISO compliance in the cloud: Why should you care, and what do you need to know?
\n* Federal Privacy Commissioner Provides Submission on New Data Breach Notification and Reporting Regulations
\n* Breach notification reporting can be complicated without proper skills, tools
\n* Banks must do better on cyber security: KPMG
\n* Australia gets one-quarter of a minister for national infosec
\n* The Case for Continuous Security Monitoring
\n* Arbor Networks Releases Global DDoS Attack Data for 1H 2016
\n* 5 Best Practices for Outsourcing Cybersecurity
\n* Most CISOs and CIOs need better resources to mitigate threats<\/p>\n
Best practices in cyber vulnerability assessment
\nHere are the best practices for cyber vulnerability assessment.
\nFirst and foremost you should have a very clear understanding of why you need a cyber vulnerability assessment.
\nResearch other companies in your industry.
\nTo know exactly which parts of your business structure need an assessment, you need to research your company\u2019s processes with a focus on the systems that are critical to keeping your business running.
\nOnce you\u2019ve identified the systems that need an assessment, you should rank them according to both their importance to your overall business model and to the sensitivity of the information they contain.
\nNow that you know exactly which systems and software need an assessment and how they rank in terms of priority, you should make sure you\u2019re aware of the security systems you already have in place.
\nf you\u2019ve completely mapped out both your vulnerabilities and your already-in-place security, and your inter-departmental security task force is in agreement on what\u2019s needed, you\u2019re ready to perform your vulnerability scans.
\nf you did your homework on what you needed to assess and also on the vulnerability assessment tool you chose, then you should fully trust the results of your cyber vulnerability assessment and act on them.
\nDon\u2019t wait.
\nDon\u2019t second guess.
\nThe assessment will produce recommendations for remediation that you should act on right now.
\nLink: http:\/\/paulgdavis.us3.list-manage1.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=602ae81b4f&e=20056c7556<\/p>\n
Are Healthcare CISOs Suffering from Cybersecurity Solution Fatigue? An Expert Probes Some of the Issues
\nA recent Institute for Critical Infrastructure Technology report provided some intriguing thoughts about the pressure facing chief information security officers (CISOs) to keep their organizations secure and how they are combating information and vendor solution overload.
\n\u201cDue to the plague of APTs, malware, ransomware and other malicious initiatives by invisible adversaries, few C-level executive positions are as critical as the CISO,\u201d Scott writes.
\nIn a recent report, James Scott, a senior fellow at the Institute for Critical Infrastructure Technology (ICIT), a Washington, D.C.-based cybersecurity think tank, points out that a well-informed CISO can improve the engagement of the C-suite and improve the cyber posture of the organization.
\nWhile the report offers a cross-industry perspective of the CISO role and the challenge of vendor solution overload, the report author does spend moments focusing on healthcare organizations, specifically in a section detailing how CISOs can assess the return on investment of cybersecurity solutions.
\nThe report provides an interesting perspective about the need for CISOs to ignore the hype surrounding \u201csilver bullet\u201d solutions in order find the most effective cybersecurity solutions and strategies for their particular organizations, but at the same time, the report author also highlights the part that the vendor community plays in this problem.
\n\u201cIn many cases, CISOs operate under the unrealistic expectation that they should be able to prevent every breach with a finite budget.
\nThey are expected to have enough technical expertise to develop a strategy to protect the business and enough business acumen to convince the board to adopt that strategy because it aligns with the goals of the organization,\u201d he writes.
\nAnd, he asserts that modern CISOs tend to function more as Chief Information Risk Officers, managing the risk to data and technology.
\nAccording to the ICIT report, there is rapid burnout among CISOs, as the average turnover rate is 17 months.
\n\u201cVendor attempts to offer silver bullet solutions undermine the community at large and poisons the vendor-customer relationship.
\nThe culture promoting these inadequate solutions distracts CISOs, technical personnel and solution developers from the risks and threats in the threat landscape and it distracts them from designing the right solutions to address the market needs.\u201d
\nIn the report, the author offers strategic recommendations for calculating a cybersecurity solution\u2019s ROI and uses a healthcare organization as an example.
\nThe ROI of security solutions can be equated to the fiscal component of the impact that the organization would assume if an adversary exploited the vulnerability that the solution addresses, the author writes.
\nThe report concludes with statistics sourced from the Economist Intelligence Unit that indicates proactive CISO-led strategies can cut the success rate of cyber-breaches by more than 50 percent, hacking successes by 60 percent and ransomware infections by 47 percent.
\nLink: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=55c4946589&e=20056c7556<\/p>\n
Will Faster Payments Mean Faster Fraud?
\nCrowe contends that to ensure global payments interoperability, faster payments are a necessity.
\nThe U.S. will soon be at a competitive disadvantage if it does not enable faster payments, she argues.
\nParry says the most fundamental risk to payments is poor identity management.
\nAnd it’s a legitimate concern.
\nAfter all, poor identity management apparently enabled hackers to steal $81 million from the central bank of Bangladesh in February, as part of a fraudulent transaction that was approved by the Federal Reserve Bank of New York.
\nAnd in a real-time or near-real-time environment, once the money is gone, it’s gone.
\nUnlike in the United Kingdom, Australia and other economically advanced parts of the world, faster payments are not the norm in the U.S.
\nCrowe declined to touch the interchange issue. “Cost is not the No. 1 worry for the Fed when it comes to faster payments,” she noted during the summit.
\nThe top concern, she says, is “a faster process that is still secure for business.”
\nThe Secure Payments Task Force’s goals differ from the goals of the Faster Payments Task Force.
\nAnd the Secure Payments Task Force has identified four areas that must be addressed to ensure the ongoing security of the payments system in the U.S. going forward.
\nFaster payments will be part of that, but not all.”
\nLink: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=543bd979d5&e=20056c7556<\/p>\n
Accenture : Data theft, malware infection big threat to digital businesses
\nThe new report from Accenture and HfS Research say that 69 percent of respondents experienced an attempted or successful theft or corruption of data by insiders during the prior 12 months, with media and technology organizations reporting the highest rate (77 percent).
\nThis insider risk will continue to be an issue, with security professionals’ concerns over insider theft of corporate information alone rising by nearly two-thirds over the coming 12 to 18 months.
\nThe survey, “The State of Cyber security and Digital Trust 2016′”, was conducted by HfS Research on behalf of Accenture.
\nMore than 200 C-level security executives and other IT professionals were polled across a range of geographies and vertical industry sectors.
\nThe survey examined the current and future state of cyber security within the enterprise and the recommended steps to enable digital trust throughout the extended ecosystem.
\nThe findings indicate that there are significant gaps between talent supply and demand, a disconnect between security teams and management expectations, and considerable disparity between budget needs and actual budget realities.
\nDespite having advanced technology solutions, nearly half of all respondents (48 percent) indicate they are either strongly or critically concerned about insider data theft and malware infections (42 percent) in the next 12 to 18 months.
\nWhen asked about current funding and staffing levels some42 pe<\/p>\n","protected":false},"excerpt":{"rendered":"
[From the desk of Paul G Davis – his opinion and no-one else’s, apart from those of the authors of the articles.] And so, now the news * World Bank: Well-regulated FinTech boosts inclusion, fights cyber crime * FERC Federal Energy Regulatory Commission : Issues Final Rule Directing NERC to…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[29],"tags":[],"class_list":["post-2495","post","type-post","status-publish","format-standard","hentry","category-news"],"_links":{"self":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/2495","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/comments?post=2495"}],"version-history":[{"count":1,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/2495\/revisions"}],"predecessor-version":[{"id":4982,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/2495\/revisions\/4982"}],"wp:attachment":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/media?parent=2495"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/categories?post=2495"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/tags?post=2495"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}