[From the desk of Paul G Davis – his opinion and no-one else’s, apart from those of the authors of the articles.]
\nAnd so, now the news<\/p>\n
* ThreatMetrix Cybercrime Report Reveals a 50% Increase in Global Attacks, With 1 in 10 New Account Applications Now Rejected
\n* Study Finds Consumers Can Be Convinced To Uninstall Ad Blockers
\n* External cyber attacks cost enterprises $3.5 million a year
\n* HID Global releases mid-year updates for top security trends in 2016
\n* 7 strategies to avoid CSO burnout
\n* ICO Reveals Latest City Council Data Breach \u2013 Training Is Not Enough To Prevent Breaches
\n* Data security and breach notification in Japan
\n* Cybersecurity Posture Grows In Importance In Mergers and Acquisitions
\n* Infographic: The 5 phases of a ransomware attack [LogRythm]
\n* Killer Interview Question: How Do You Learn About Your Field Of Work?
\n* \u2018Cyber Incidents\u2019 First Responder? The FBI
\n* Cisco wants incident responders to be more self-conscious.
\n* How cybersecurity mismanagement can destroy value
\n* Legal Sector’s Threat Intel-Sharing Group Grows
\n* Only a third of sensitive data stored in cloud-based applications is encrypted
\n* IT security experts struggle to measure ROI
\n* KPMG Study: Breaches Up, Security Spending Down<\/p>\n
ThreatMetrix Cybercrime Report Reveals a 50% Increase in Global Attacks, With 1 in 10 New Account Applications Now Rejected
\n\/EINPresswire.com\/ — SAN JOSE, CA–(Marketwired – July 27, 2016) – As part of its ongoing effort to thwart cybercrime, ThreatMetrix\u00ae, The Digital Identity Company\u2122, today released its Q2 2016 Cybercrime Report.
\nThe ThreatMetrix Digital Identity Network (The Network) detected and stopped a record 112 million cyber attacks this quarter, a 50 percent increase from last year.
\nThe report revealed that the rise in stolen identity credentials available in the market led to an increased level of attacks on new accounts, a 250 percent increase year-over-year.
\nFraudsters are using identity credentials obtained from the dark web to run substantial automated bot attacks that have increased 50 percent since last quarter.
\nThe Network detected 450 million such threats, thwarting millions of attacks on numerous individual companies.
\nOther key findings:
\n– Attacks are becoming more prevalent and are evolving in scope, depth and complexity
\n: 450 million bot attacks were detected and stopped this quarter, a 50 percent increase over last quarter.
\n-As mobile transactions increase, fraudsters’ mobile attacks evolve
\n-EMV has a noticeable impact on e-commerce attacks
\n-P2P media platforms see a spike in fraudulent activity ahead of the summer holiday season:
\nLink: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=6796f1d256&e=20056c7556<\/p>\n
Study Finds Consumers Can Be Convinced To Uninstall Ad Blockers
\nThe Interactive Advertising Bureau (IAB) on Tuesday released the findings of a new report which reveals that two-thirds of U.S. consumers using ad blockers could be convinced to uninstall their ad blocking software on their computers.
\nThe report reveals that the top methods for influencing Web visitors to turn off blockers on their computers include:
\n– Preventing access to content alongside a notice stating that content is blocked because of the use of an ad blocker.
\n– Ensuring that ads do not have auto-play audio or video in environments where they aren\u2019t anticipated by consumers.
\n– Making certain that ads do not block content.
\n– Safeguarding users from ads infected with malware\/viruses.
\n– Guaranteeing that ads do not slow down browsing.
\nOne of the study\u2019s surprising results was that while 40% of users believed they were using ad blockers on their computers, only one in four (26%) actually used the software on their PCs.
\nThe rest confused built-in pop-up blockers and security software with ad blockers.
\nThese stats “mean that self-reported ad blocking rates may be lower than originally expected due to misidentification of the software,” Gombert noted.
\nLink: http:\/\/paulgdavis.us3.list-manage1.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=67b0d30c9a&e=20056c7556<\/p>\n
External cyber attacks cost enterprises $3.5 million a year
\nSeventy-nine percent of the IT and IT security practitioners polled indicated their defensive infrastructure to identify and mitigate those threats are either non-existent, ad hoc or inconsistently applied throughout the enterprise.
\nThe findings reveal that the companies represented in this research averaged more than one cyber attack per month and incurred annual costs of approximately $3.5 million because of these attacks.
\nThe report \u201cSecurity Beyond the Traditional Perimeter,\u201d (http:\/\/paulgdavis.us3.list-manage2.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=13051dfb91&e=20056c7556) sponsored by internet risk detection and mitigation expert BrandProtect, examined the threats, costs and responses of companies to external internet cyber attacks.
\nThese threats include executive impersonations, social engineering exploits, and branded attacks arising outside a company\u2019s traditional security perimeter.
\nSecurity professionals cited an acute need for expertise, technology, and external services to address their growing concerns about these external threats.
\nSome of the key findings include:
\n\u00b0 Fifty-nine percent of respondents say the protection of intellectual property from external threats is essential or very important to the sustainability of their companies.
\n\u00b0 External internet attacks are frequent and the financial costs of these attacks are significant.
\n\u00b0 Seventy-nine percent of respondents described their security processes for internet and social media monitoring as non-existent (38%), ad hoc (23%) or inconsistently applied throughout the enterprise (18%).
\n\u00b0 Sixty-four percent of security leaders (directors or higher) feel that they lack the tools and resources they need to monitor, 62% lack the tools and resources they need to analyze and understand, and 68% lack the tools and resources they need to mitigate external threats.
\nLink: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=2dbbb3dd8e&e=20056c7556<\/p>\n
HID Global releases mid-year updates for top security trends in 2016
\nA mid-year update to HID’s top 2016 security trends has been released.
\nDuring the first six month’s of the year, HID stated continued progression in market adoption of mobile solutions and interest in the Internet of Things (IoT).
\nHID’s mid-year updates to the trends that the company forecast in January are as follows:
\nTrend #1: Mobilising security will make it more pervasive and personalised.
\nPhones will also work with RFID tags, adding security and trust to the IoT for proof-of-presence applications.
\nMid-year update: Demand for mobile solutions continues to grow, along with an increasing focus on security issues.
\nTrend #2: Security will move to a greater focus on the user experience, helping to close the gap between planning and compliance while ensuring that security adapts to, rather than defines, end-user habits and lifestyles.
\nMid-year update: Customers continue to want an easier, trustworthier way to use digital identities to access on-the-go services and applications.
\nBiometrics continued to emerge as an effective solution for bringing security and convenience together.
\nTrend #3: The industry will enter a new chapter of connected identities, using multi-layered security strategies that also include biometrics to bind these identities to their real owners.
\nMid-year update: A huge growth of trusted digital identities began ushering in new innovation opportunities
\nMid-year update: The need for embedded security and privacy technology has increased
\nTrend #5: Security policies and best practices will become as important as technology advances.
\nMid-year update: Two key policy issues emerged: protecting privacy by using a smartphone’s Bluetooth connection, and ensuring citizens can control what data is made available to others.
\nLink: http:\/\/paulgdavis.us3.list-manage2.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=0a3b80d792&e=20056c7556<\/p>\n
7 strategies to avoid CSO burnout
\nStrategy 1: After major incidents, take time for self-rejuvenation
\nStrategy 2: Hire very well, learn to delegate
\nStrategy 3: Realize what can and can\u2019t be controlled
\nStrategy 4: Take time for self within the 24×7 grind
\nStrategy 5: Understand the job never stops
\nStrategy 6: Communicate and then communicate some more
\nStrategy 7: Come to peace with the fact that success is silence
\nLink: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=63acf5c0d9&e=20056c7556<\/p>\n
ICO Reveals Latest City Council Data Breach \u2013 Training Is Not Enough To Prevent Breaches
\n\u201cThe ICO\u2019s latest report following a breach at Wolverhampton City Council demonstrates that local authorities and other organisations need to shift their data handling policies beyond training.
\nEmailing the wrong recipient is the most common digital cause of data security incidents reported to the ICO, and even a well-trained, vigilant employee can make that split-second mistake.
\n\u201cWhile regular data handling training should be standard, organisations can prevent these breaches by protecting all sensitive data directly.
\nAll files on the network should be classified by order of sensitivity, and confidential information such as payroll data can then be restricted to specific clearance levels, or marked as \u201cinternal use only\u201d so that it cannot leave the network at all.
\nClassified files are encrypted and can only be opened by authorised users, rendering them useless to anyone else.
\nThis means that even if an accident does happen, the data is kept safe and no breach will occur.
\nLink: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=d6db827722&e=20056c7556<\/p>\n
Data security and breach notification in Japan
\nBusiness operators governed by the Act on the Protection of Personal Information have a broad obligation to \u201ctake necessary and proper measures for the prevention of leakage, loss, or damage, and for other security control of the Personal Data\u201d.
\nNotifying individuals when a security breach has occurred is not required under the Act on the Protection of Personal Information, but it is mentioned in some guidelines.
\nWhile this is not required under the Act on the Protection of Personal Information, some guidelines require or recommend that the relevant minister be notified.
\nClick here to view the full article.
\nLink: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=7b0722ad7f&e=20056c7556<\/p>\n
Cybersecurity Posture Grows In Importance In Mergers and Acquisitions
\nIn mergers and acquisitions (M&A), corporate acquirers are increasingly aware of the need for vigorous cybersecurity due diligence, yet often lack the proper personnel to conduct thorough analyses, according to a new study by technology consulting firm West Monroe Partners and research firm Mergermarket.
\nAbout three quarters (77%) of the participants said the importance of cybersecurity issues at M&A targets had increased significantly over the last two years, due to the increase in corporate data breaches and the liabilities that can be incurred as a result.
\nAmong the key findings from the report: 80% of respondents said cybersecurity issues have become highly important in the M&A due diligence process; 70% said compliance problems are one of the most common types of cybersecurity issues uncovered during due diligence; more than one third (40%) of acquirers said they had discovered a cybersecurity problem at an acquisition after a deal went through, indicating that standards for due diligence remain low.
\nLink: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=4bcb02c9cb&e=20056c7556<\/p>\n
Infographic: The 5 phases of a ransomware attack [LogRythm]
\nHow to defend against attackers and avoid ransom demands.
\nRyan Sommers, manager of threat intelligence and incident response at LogRhythm Labs, recommended the following five steps of defense against ransomware….
\nLink: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=6abb58997f&e=20056c7556<\/p>\n
Killer Interview Question: How Do You Learn About Your Field Of Work?
\nThis week\u2019s KIQ comes from the CTO of global IT security company RSA.
\nIT security is a dynamic industry.
\nThose who are working in it need to stay abreast of the latest security news and technological developments.
\nIt\u2019s something that\u2019s at the forefront of RSA CTO Zulfikar Ramzan\u2019s mind when he\u2019s looking for new talent to join his company.
\nWhen he\u2019s interviewing security professionals who want to work for RSA, he will often ask the question: \u201cHow do you learn about your field?\u201d
\nLink: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=b3386c306c&e=20056c7556<\/p>\n
\u2018Cyber Incidents\u2019 First Responder? The FBI
\nThe FBI is now considered a key cyberleader.
\nAccording to the Presidential Policy Directive-41 (PPD-41) on U.S.
\nCyber Incident Coordination Policy, released on Tuesday (July 26) by the Obama administration, the FBI is one of the agencies taking the lead in three different cyber-response areas \u2014 threat response, asset response and intelligence support.
\n\u201cPPD-41 codifies the essential role that the FBI plays in cyber incident response, recognizing its unique expertise, resources and capabilities.
\nAnd as the bureau continues evolving to keep pace with the cyberthreat, the authorities contained in PPD-41 will allow us to help shape the nation\u2019s strategy for addressing nationally significant cyber incidents,\u201d FBI Assistant Director James Trainor of the Cyber Division explained in a post on the agency\u2019s website.
\n\u201cThis new policy,\u201d Trainor added, \u201cwill also enhance the continuing efforts of the FBI \u2014 in conjunction with its partners \u2014 to protect the American public, businesses, organizations and the economy and security of our nation from the wide range of cyberactors who threaten us.\u201d
\nLink: http:\/\/paulgdavis.us3.list-manage2.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=5caffbb881&e=20056c7556<\/p>\n
Cisco wants incident responders to be more self-conscious.
\nhttp:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=1f63ff2909&e=20056c7556
\nThe Borg’s seasoned computer security incident response team boffins Gavin Reid and Jeff Bollinger say a knock to the ego will help combat the Dunning-Kruger effect in which over-confidence and a steering away from the rule book can lead to dangerous oversights.
\nThe pair paint a picture of a junior incident response operative running malware in sandbox.
\nOn execution the malware runs through various commands and contacts a command and control server.
\nThe fictional flunk ceases their analysis once the domain is captured, assuming that the malware is simple.
\nThat misses a series of failover domains which are discovered when an experienced by-the-book incident response boffin analyses the malware.
\n“A measured, consistent, and creative approach to incident response and security monitoring delivers the most effective and efficient results for your organisation.”
\nCrudely put, Dunning and Kruger found the more hopeless a person is, the more they tend to overestimate their skills.
\nTest subjects in the bottom performance quarter had a larger illusionary complex than those in the top whose reflections best represented reality.
\nIncidence response boffins can peruse the six stages of IR penned by Griffiths University IR wonk Ashley Deuble, which covers preparation, identification documentation, containment, and recovery. \u00ae
\nLink: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=0d6e08748b&e=20056c7556<\/p>\n
How cybersecurity mismanagement can destroy value
\nIn surveying 403 CIO, CISO, CTO and CIOs in the automotive, banking, technology and retail sectors, KPMG found that 81 percent of executives admitted their companies had been compromised by cyber-attacks in the past 24 months \u2013 ranging from malware, botnet to other attack vectors.
\nRetail cyber executives reported the most breaches in the past 24 months, with 89% reporting yes, followed by automotive at 85% and banking and technology companies reporting 76%.
\nDespite these alarming admittances, 49% of these same executives said they have invested in information security in the past year.
\nBanks appear to be most proactive when it comes to investments in information security, with 66% of execs reporting investments made, followed by technology at 62%, retail at 45% and automotive at 32%.
\nThe report also found that some industries are more equipped to handle cyber-attacks because they have an executive whose sole responsibility is information security.
\nIndustry-wide, 69% of companies reported having a leader in place.
\nHowever, there is a vast discrepancy \u2013 85% of both banks and technology companies reported having a leader with retail and automotive lagging at 58% and 45% respectively.
\nSecurity executives acknowledged the ramifications of a breach citing reputation (53%), financial loss (50%) and job security (49%) as the top concerns associated with falling victim to cyber-attacks.
\nLink: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=51e9a9dcff&e=20056c7556<\/p>\n
Legal Sector’s Threat Intel-Sharing Group Grows
\nThe Legal Services Information Sharing and Analysis Organization (LS-ISAO), which was founded less than a year ago, now has more than 100 members and is regarded the \u201cfastest growing\u201d ISAO, the group said this week.
\nLegal services firms wishing to join LS-ISAO may contact membership@ls-isao.com
\nLink: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=74b179f1d5&e=20056c7556<\/p>\n
Only a third of sensitive data stored in cloud-based applications is encrypted
\nDespite the continued importance of cloud computing resources to organisations, companies are not adopting appropriate governance and security measures to protect sensitive data in the cloud, according to a new Ponemon Institute study that surveyed more than 3,400 IT and IT security practitioners worldwide.
\nAccording to 73 percent of respondents, cloud-based services and platforms are considered important to their organisation\u2019s operations and 81 percent said they will be more so over the next two years.
\nIn fact, thirty-six percent of respondents said their companies\u2019 total IT and data processing needs were met using cloud resources today and that they expected this to increase to forty-five percent over the next two years.
\nAlthough cloud-based resources are becoming more important to companies\u2019 IT operations and business strategies, 54 percent of respondents did not agree their companies have a proactive approach to managing security and complying with privacy and data protection regulations in cloud environments.
\nThis is despite the fact that 65 percent of respondents said their organisations are committed to protecting confidential or sensitive information in the cloud.
\nFurthermore, 56 percent did not agree their organisation is careful about sharing sensitive information in the cloud with third parties such as business partners, contractors and vendors.
\nAccording to respondents, 49 percent of cloud services are deployed by departments other than corporate IT, and an average of 47 percent of corporate data stored in cloud environments is not managed or controlled by the IT department.
\nHowever, confidence in knowing all cloud computing services in use is increasing.
\nFifty-four percent of respondents are confident that the IT organisation knows all cloud computing applications, platform or infrastructure services in use \u2013 a nine percent increase from 2014.
\nAccording to the survey, customer information, emails, consumer data, employee records and payment information are the types of data most often stored in the cloud.
\nSince 2014, the storage of customer information in the cloud has increased the most, from 53 percent in 2014 to 62 percent of respondents saying their company was doing this today.
\nFifty-three percent also considered customer information the data most at risk in the cloud.
\nOnly 21 percent of respondents said members of the security team are involved in the decision-making process about using certain cloud application or platforms.
\nThe majority of respondents (64 percent) also said their organisations do not have a policy that requires use of security safeguards, such as encryption, as a condition to using certain cloud computing applications.
\nLink: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=d57b9d3bda&e=20056c7556<\/p>\n
IT security experts struggle to measure ROI
\nThe majority of IT security experts actually struggle to measure the return on investment in security measures, Tenable Network Security says.
\nBased on a survey of 250 IT security professionals, conducted during the Infosecurity Europe 2016 summit, it says that the majority can only measure the return on less than 25 per cent of their security spend.
\nWhat\u2019s more, just 17 per cent were confident their investments were being distributed properly.
\nTenable also asked 33 security experts how they justify their security programs to business executives and the boardroom.
\nCollected recommendations, as well as best practices, can be found in the Using Security Metrics to Drive Action ebook.
\nLink: http:\/\/paulgdavis.us3.list-manage1.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=f5a151511f&e=20056c7556<\/p>\n
KPMG Study: Breaches Up, Security Spending Down
\nFinally, some numbers to put to one of business’s biggest security disconnects: More than 80 percent of “C” suite executives admitted their companies have been breached in the last two years, but less than half said they’ve actually invested in any kind of information security product or service as a result.
\nThe findings were part of a KPMG LLP’s Consumer Loss Barometer report, released this week, which surveyed 403 CIOs, CISOs, CTOs and CIOs.
\nRespondents in the retail sector counted the most breaches, with 89% reporting yes, followed by automotive (85%), and banking and technology companies (76%).
\nOn the spending side, 66% of banking respondents said they’d made some sort of security investment, followed by technology (62%), retail (45%), and automotive (32%).
\nThe disconnect between the high volume of breaches and low amount of security spending reflects a growing sense of overwhelm, particularly among CXOs, according to Greg Bell, KPMG’s cyber US leader.
\n“We started using the term ‘cyber fatigue’ about 18 months ago and it’s only accelerated,” Bell says.
\nIt’s not just an increase in the volume of breaches companies are experiencing, but also new kinds of risk that CXOs must learn about \u2013 and respond to strategically.
\nThere’s also concern among executives around security as they watch (and approve) lots of money getting spent to address vulnerabilities and improve safeguards, according to Bell.
\nBut yet the number of threats, hacks and actual breaches continues to increase.
\nSo while organizations may need to spend more on prevention and detection, there’s nothing that can ever completely eliminate the threats. “That’s been a mixed message to executives,” says Bell, “and we need to articulate that better.”
\nLink: http:\/\/paulgdavis.us3.list-manage1.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=84f6a5cd43&e=20056c7556<\/p>\n
* Best practices in cyber vulnerability assessment
\n* Are Healthcare CISOs Suffering from Cybersecurity Solution Fatigue? An Expert Probes Some of the Issues
\n* Will Faster Payments Mean Faster Fraud?
\n* Accenture : Data theft, malware infection big threat to digital businesses
\n* Ponemon Institute: External Cyber Attacks Cost Enterprises $3.5M\/year, 79% of Businesses Lack Comprehensive Strategies to Manage these Risks
\n* 2016 Malware Levels Now Stand at Nearly Four Times 2015 Totals
\n* Twitter Hacking and Social Media\u2019s Risk to Executive Security
\n* Beyond Data: Why CISOs Must Pay Attention To Physical Security
\n* $2.7 Million HIPAA Penalty for Two Smaller Breaches
\n* Using compliance as a tool for change
\n* In the Breach War, File Protection Is Just as Important as Data
\n* Data security and breach notification in Finland
\n* ISO compliance in the cloud: Why should you care, and what do you need to know?
\n* Federal Privacy Commissioner Provides Submission on New Data Breach Notification and Reporting Regulations
\n* Breach notification reporting can be complicated without proper skills, tools
\n* Banks must do better on cyber security: KPMG
\n* Australia gets one-quarter of a minister for national infosec
\n* The Case for Continuous Security Monitoring
\n* Arbor Networks Releases Global DDoS Attack Data for 1H 2016
\n* 5 Best Practices for Outsourcing Cybersecurity
\n* Most CISOs and CIOs need better resources to mitigate threats<\/p>\n
Best practices in cyber vulnerability assessment
\nHere are the best practices for cyber vulnerability assessment.
\nFirst and foremost you should have a very clear understanding of why you need a cyber vulnerability assessment.
\nResearch other companies in your industry.
\nTo know exactly which parts of your business structure need an assessment, you need to research your company\u2019s processes with a focus on the systems that are critical to keeping your business running.
\nOnce you\u2019ve identified the systems that need an assessment, you should rank them according to both their importance to your overall business model and to the sensitivity of the information they contain.
\nNow that you know exactly which systems and software need an assessment and how they rank in terms of priority, you should make sure you\u2019re aware of the security systems you already have in place.
\nf you\u2019ve completely mapped out both your vulnerabilities and your already-in-place security, and your inter-departmental security task force is in agreement on what\u2019s needed, you\u2019re ready to perform your vulnerability scans.
\nf you did your homework on what you needed to assess and also on the vulnerability assessment tool you chose, then you should fully trust the results of your cyber vulnerability assessment and act on them.
\nDon\u2019t wait.
\nDon\u2019t second guess.
\nThe assessment will produce recommendations for remediation that you should act on right now.
\nLink: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=717fb732b5&e=20056c7556<\/p>\n
Are Healthcare CISOs Suffering from Cybersecurity Solution Fatigue? An Expert Probes Some of the Issues
\nA recent Institute for Critical Infrastructure Technology report provided some intriguing thoughts about the pressure facing chief information security officers (CISOs) to keep their organizations secure and how they are combating information and vendor solution overload.
\n\u201cDue to the plague of APTs, malware, ransomware and other malicious initiatives by invisible adversaries, few C-level executive positions are as critical as the CISO,\u201d Scott writes.
\nIn a recent report, James Scott, a senior fellow at the Institute for Critical Infrastructure Technology (ICIT), a Washington, D.C.-based cybersecurity think tank, points out that a well-informed CISO can improve the engagement of the C-suite and improve the cyber posture of the organization.
\nWhile the report offers a cross-industry perspective of the CISO role and the challenge of vendor solution overload, the report author does spend moments focusing on healthcare organizations, specifically in a section detailing how CISOs can assess the return on investment of cybersecurity solutions.
\nThe report provides an interesting perspective about the need for CISOs to ignore the hype surrounding \u201csilver bullet\u201d solutions in order find the most effective cybersecurity solutions and strategies for their particular organizations, but at the same time, the report author also highlights the part that the vendor community plays in this problem.
\n\u201cIn many cases, CISOs operate under the unrealistic expectation that they should be able to prevent every breach with a finite budget.
\nThey are expected to have enough technical expertise to develop a strategy to protect the business and enough business acumen to convince the board to adopt that strategy because it aligns with the goals of the organization,\u201d he writes.
\nAnd, he asserts that modern CISOs tend to function more as Chief Information Risk Officers, managing the risk to data and technology.
\nAccording to the ICIT report, there is rapid burnout among CISOs, as the average turnover rate is 17 months.
\n\u201cVendor attempts to offer silver bullet solutions undermine the community at large and poisons the vendor-customer relationship.
\nThe culture promoting these inadequate solutions distracts CISOs, technical personnel and solution developers from the risks and threats in the threat landscape and it distracts them from designing the right solutions to address the market needs.\u201d
\nIn the report, the author offers strategic recommendations for calculating a cybersecurity solution\u2019s ROI and uses a healthcare organization as an example.
\nThe ROI of security solutions can be equated to the fiscal component of the impact that the organization would assume if an adversary exploited the vulnerability that the solution addresses, the author writes.
\nThe report concludes with statistics sourced from the Economist Intelligence Unit that indicates proactive CISO-led strategies can cut the success rate of cyber-breaches by more than 50 percent, hacking successes by 60 percent and ransomware infections by 47 percent.
\nLink: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=ab67b16c7d&e=20056c7556<\/p>\n
Will Faster Payments Mean Faster Fraud?
\nCrowe contends that to ensure global payments interoperability, faster payments are a necessity.
\nThe U.S. will soon be at a competitive disadvantage if it does not enable faster payments, she argues.
\nParry says the most fundamental risk to payments is poor identity management.
\nAnd it’s a legitimate concern.
\nAfter all, poor identity management apparently enabled hackers to steal $81 million from the central bank of Bangladesh in February, as part of a fraudulent transaction that was approved by the Federal Reserve Bank of New York.
\nAnd in a real-time or near-real-time environment, once the money is gone, it’s gone.
\nUnlike in the United Kingdom, Australia and other economically advanced parts of the world, faster payments are not the norm in the U.S.
\nCrowe declined to touch the interchange issue. “Cost is not the No. 1 worry for the Fed when it comes to faster payments,” she noted during the summit.
\nThe top concern, she says, is “a faster process that is still secure for business.”
\nThe Secure Payments Task Force’s goals differ from the goals of the Faster Payments Task Force.
\nAnd the Secure Payments Task Force has identified four areas that must be addressed to ensure the ongoing security of the payments system in the U.S. going forward.
\nFaster payments will be part of that, but not all.”
\nLink: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=64923e4059&e=20056c7556<\/p>\n
Accenture : Data theft, malware infection big threat to digital businesses
\nThe new report from Accenture and HfS Research say that 69 percent of respondents experienced an attempted or successful theft or corruption of data by insiders during the prior 12 months, with media and technology organizations reporting the highest rate (77 percent).
\nThis insider risk will continue to be an issue, with security professionals’ concerns over insider theft of corporate information alone rising by nearly two-thirds over the coming 12 to 18 months.
\nThe survey, “The State of Cyber security and Digital Trust 2016′”, was conducted by HfS Research on behalf of Accenture.
\nMore than 200 C-level security executives and other IT professionals were polled across a range of geographies and vertical industry sectors.
\nThe survey examined the current and future state of cyber security within the enterprise and the recommended steps to enable digital trust throughout the extended ecosystem.
\nThe findings indicate that there are significant gaps between talent supply and demand, a disconnect between security teams and management expectations, and considerable disparity between budget needs and actual budget realities.
\nDespite having advanced technology solutions, nearly half of all respondents (48 percent) indicate they are either strongly or critically concerned about insider dat<\/p>\n","protected":false},"excerpt":{"rendered":"
[From the desk of Paul G Davis – his opinion and no-one else’s, apart from those of the authors of the articles.] And so, now the news * ThreatMetrix Cybercrime Report Reveals a 50% Increase in Global Attacks, With 1 in 10 New Account Applications Now Rejected * Study Finds…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[29],"tags":[],"class_list":["post-2497","post","type-post","status-publish","format-standard","hentry","category-news"],"_links":{"self":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/2497","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/comments?post=2497"}],"version-history":[{"count":1,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/2497\/revisions"}],"predecessor-version":[{"id":4984,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/2497\/revisions\/4984"}],"wp:attachment":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/media?parent=2497"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/categories?post=2497"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/tags?post=2497"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}