[From the desk of Paul G Davis – his opinion and no-one else’s, apart from those of the authors of the articles.]
\nAnd so, now the news<\/p>\n
* Telcos not responsible for monitoring piracy – Milan court
\n* Site Security: Background Checks
\n* Machine Learning for Risk Management
\n* New MobileIron report details most common mobile threats and blacklisted apps
\n* Famed hacker Mudge creates new ratings system for software
\n* Cyber security slated to become standalone practice area [Law]
\n* MasterCard workers go “phishing” for malware
\n* The CISO Insomniac: What\u2019s Keeping Them Awake at Night?
\n* HR Heads to the Front Line as Cybercrime Combatants
\n* The True Cost of Cybercrime in Brazil
\n* \u2018BSides\u2019 Las Vegas Offers Fresh Cybersecurity Insights from Industry Leaders<\/p>\n
Telcos not responsible for monitoring piracy – Milan court
\nA Milan court has rejected a request from Mediaset that telecommunications operators be required to monitor sites that illegally stream live football broadcasts, according to a statement from industry group Asstel.
\nMediaset had requested that Internet Service Providers (ISPs) be ordered to take down the calcion.at site and all links thereto, accusing the site of hosting streams to football matches for which it owns the exclusive rights, but the court issued a decision on 28 July confirming that operators weren\u2019t responsible for the conduct of third parties.
\nLink: http:\/\/paulgdavis.us3.list-manage1.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=9190f5d6dd&e=20056c7556<\/p>\n
Site Security: Background Checks
\nIf you require your vendors, including staffing agencies to conduct background checks, it\u2019s imperative that you do not leave it to them to define what a thorough background check entails.
\nSimilar to screening your own employees, the background screening package should be tailored to each position.
\nFor example if driving a vehicle is required, then it is important to discover if they have a valid driver\u2019s license as well as examine their driving record.
\nIf a degree or professional license is required, you will want to verify these credentials.
\nIn the case of a professional license you may also be able to search for sanctions or other disciplinary actions imposed by the agency issuing the license.
\nIt is also important to define what information found in a background check is grounds for disqualification and who is responsible for making that decision.
\nSince the Equal Employment Opportunity Commission (EEOC) strongly discourages bright line policies such as, \u201ca felony conviction within the past five, or even 10, years is an automatic disqualifier,\u201d you\u2019ll need a mechanism that allows the candidate to provide additional details and extenuating circumstances about the information in the background check report.
\nMore importantly, you don\u2019t want to leave it to a junior level recruiter at a staffing agency whose commission is dependent on placing workers at an organization.
\nEmployers have a duty to provide a safe environment for their employees, and that includes exercising reasonable care when hiring new employees.
\nAs more employers come to recognize this, those whose criminal records would preclude them from being hired at such organizations will naturally gravitate to employers who do no background checks or whose screening is less than thorough.
\nThis may often be the case at staffing agencies that provide temporary or contract workers, unless you, their client contractually require a compressive background check and periodically check to make sure it is being done to your standards.
\nLink: http:\/\/paulgdavis.us3.list-manage1.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=bc6cca8182&e=20056c7556<\/p>\n
Machine Learning for Risk Management
\nIt all started as a normal day for David and John (not their real names).
\nOut of the blue, the Audit and Compliance team called them, seeking clarifications about some of their recent trades.
\nShortly afterward, David and John realised they had just become more victims of the rise of the machines.
\nBoth traders had engaged in inappropriate behaviours.
\nDavid had favoured a single counterparty at the expense of his employer but this had been cloaked by a complex trading pattern.
\nJohn, on the other hand, had built a position with an unauthorised risk profile and camouflaged this through after-hours orders and inappropriate communications with other traders.
\nFor months, both individuals had been able to evade detection but the bank had just implemented a new system of behavioural analysis based on artificial intelligence.
\nThey got caught.
\nThis tool now gives the bank the ability to process massive amounts of structured and unstructured data from multiple sources to reveal trends and detect deviations from expected behaviour, incorporating data-driven rules that learn and adapt to changes in the environment.
\nThis solution includes extensive business logic to review multiple trading activities.
\nIt also mines and analyses chat-logs and news.
\nWithin days of system deployment, David and John were identified.
\nThe benefits of predictive analytics and machine learning are not limited to the detection of rogue trading.
\nTake credit risk management, for example.
\nTraditional systems focus mainly on borrowers financials with limited assessment of their business dependencies and networks.
\nAssessments are conducted based on events such as user-initiated loan applications and regular annual reviews.
\nThe process is labour intensive and critically depends on the heuristics of individual judgements.
\nMachine learning technology can leverage on a range of different sources of information such as company financials, transactions, real-time market information, business networks and news.
\nThere is an emerging recognition in the financial services sector that leveraging advanced technologies, such as artificial intelligence and machine learning, is the key to deriving real value from big data infrastructure.
\nLink: http:\/\/paulgdavis.us3.list-manage1.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=4a14e2bc19&e=20056c7556<\/p>\n
New MobileIron report details most common mobile threats and blacklisted apps
\nThe report listed five threats that had either emerged, or gotten worse, over the last few months:
\n– Android GMBot – A spyware, usually from third-party app stores, that tries to trick users into giving up their bank credentials.
\n– AceDeceiver iOS malware – Malware that works to steal a user’s Apple ID.
\n– SideStepper iOS vulnerability – A technique that works in between the MDM server and a device to install unapproved applications.
\n– High-severity OpenSSL issues – Two OpenSSL flaws that can either decrypt traffic or corrupt memory.
\n– Marcher Android malware – A malware that pretends to be a bank website in hopes that users will give up their login credentials.
\nDespite these new and growing threats, security practices remain largely unchanged, meaning that many organizations are risking these threats becoming real problems.
\nIn addition to the aforementioned lack of app reputation software or enforcing of OS updates, 40% of companies had missing or unaccounted for devices, and 27% of companies had out-of-date policies.
\nBoth of these numbers had risen since the end of 2015.
\nLink: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=baf9927f95&e=20056c7556<\/p>\n
Famed hacker Mudge creates new ratings system for software
\nPeiter Zatko, known in the hacker world as Mudge, and his wife, former National Security Agency mathematician Sarah Zatko, are developing what amounts to a \u2018Consumer Reports\u2019-style rating system for software. \u2014 Reuters picPeiter Zatko, known in the hacker world as Mudge, and his wife, former National Security Agency mathematician Sarah Zatko, are developing what amounts to a \u2018Consumer Reports\u2019-style rating system for software. \u2014 Reuters picSAN FRANCISCO, Aug 3 \u2014 A famed hacker who nearly 20 years ago told Congress he could take down the internet in 30 minutes is now going after the computer software industry, whose standard practices all but guarantee that most products will be vulnerable to cyber attacks.
\nNow Zatko and his wife, former National Security Agency mathematician Sarah Zatko, are developing what amounts to a Consumer Reports-style rating system for software.
\nThe initiative, if it catches on, could lead to major changes in the business practices of some of the world\u2019s largest software companies.
\nIt could also, he says, help deliver something that decades of the free market, the open-source movement, government commissions and well-paid lawyers have not: software that is consistently secure, or at least very expensive to compromise.
\nAmong the preliminary findings: on Apple\u2019s Macintosh computers, Google\u2019s Chrome web browser is significantly harder to attack than Apple\u2019s Safari, which in turn is much more secure than Firefox.
\nMany Microsoft products have scored quite well so far, but its Office suite for Mac did terribly.
\nThe Zatkos\u2019 system, which they have licensed in perpetuity to a new nonprofit, is a radical attempt to solve a problem that has vexed software customers for decades: There is no unbiased, consistent method for rating the security of programs.
\nThe new approach shows the critical role played by compilers, which turn source code to binary.
\nMajor strides have been made in preventing compiler flaws, but many vulnerabilities remain.
\nLink: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=5e77ee02ef&e=20056c7556<\/p>\n
Cyber security slated to become standalone practice area [Law]
\nThe rapidly increasing level and complexity of cyber security work conducted by lawyers, coupled with the introduction of mandatory data breach notification, could see cyber security become a standalone practice area, according to a global firm partner.
\nJones Day has recently established a standalone cyber security, privacy and data protection practice group, with partners in the US and in Europe solely dedicated to this area.
\nFor a long time, privacy law in Australia has been focused on the Australian Privacy Principles and their predecessor, the National Privacy Principles, meaning a lot of legal work around privacy was relatively simple, according to Mr Salter.
\n\u201cWith the development of technology and the enhanced use of technology in all manners of business, and the concerns about hacking of personal information, cyber security is becoming much more of an issue with clients who are concerned about liability, not only to end-user consumers but also in the context of breaching contracts with customers.\u201d
\n\u201cThe thing that hasn’t really hit Australia \u2013 it has certainly hit the US and I think it will come here \u2013 is the litigation arising out of data breaches, and the reason for that is there will now be a trigger for people to put their hands up and say, ‘We have had a serious data breach’,\u201d he said.
\nAnother factor that may contribute to the increase of cyber security-related work is the introduction of mandatory data breach notification legislation in Australia.
\nLink: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=a5abe5358d&e=20056c7556<\/p>\n
MasterCard workers go “phishing” for malware
\nMasterCard CSO Ron Green touted his company’s latest effort to fight malware as not only being successful, but saying it also helps keep up employee moral by giving everyone a reason to keep an eye out for malicious acts.
\nGreen told SCMagazine.com in an exclusive interview at Black Hat that MasterCard wanted to come up with a way to not only spot the malware, but make everyone feel as if they are playing an important role in keeping the company safe.
\nThe answer, he said, was to hold quarterly phishing tourneys where each employee who spotted a malicious email would get credit.
\nMore points are gained for digging out a piece of malware and fewer for finding general spam.
\nPrizes range from goofy gifts to a monetary payout for those who find the most malware.
\nLink: http:\/\/paulgdavis.us3.list-manage2.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=b161df6fc2&e=20056c7556<\/p>\n
The CISO Insomniac: What\u2019s Keeping Them Awake at Night?
\nThere has never been a tougher time to be a Chief Information Security Officer (CISO).
\nRegulatory changes across the EU have led to the introduction of much more stringent controls on how businesses should manage the customer data they collect.
\nAny organization that suffers a data breach will be subject to a far larger financial penalty than before \u2013 something that no CISO wants to preside over.
\nNew Regulation, New Concerns
\nThe GDPR specifies fines of up to 4% of an institution\u2019s revenue per data breach.
\nSo with fines jumping to millions, potentially billions, of pounds for a single hack, many CISOs will endure sleepless nights getting the right security measures in place.
\nThe Bad Guys are Moving Faster than the Defenses
\nCISOs must also contend with the fact that the cyber attackers targeting western institutions always seem to be one step ahead.
\nIt\u2019s Not All Doom and Gloom
\nThese might sound like insurmountable odds and some CISOs may be resigning themselves to never sleeping again in the face of such worry, but there is hope.
\nThere are things that can be done to combat almost any threat.
\nThe good news is that, with the GDPR and the general awareness of cybersecurity risks growing, senior executives outside of IT are starting to take the threat seriously.
\nSo CISOs should be able to sleep better at night knowing that, at the very least, their concerns are shared.
\nLink: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=61edcc721c&e=20056c7556<\/p>\n
HR Heads to the Front Line as Cybercrime Combatants
\nIn the war against cybercrime, human resource professionals are being asked to join their companies\u2019 cyberdefense as \u201cboots on the ground,\u201d at the front lines.
\nThe reason: HR is home to valuable personal and corporate data, systems and processes that cybercriminals target day in, day out.
\nWhereas IT and other technology specialists work daily with the thought of protecting corporate networks, in today\u2019s cyber risk-laden world, HR professionals, despite their limited technical expertise, must work to protect sensitive data and operate in ways that mitigate the potential for attacks by technologically proficient cybercriminals.
\nIn a recent worldwide survey of 1,100 senior IT security executives by Vormetric, 85 percent revealed they keep sensitive data in the cloud and 70 percent admitted they are very concerned about the security of the data in this environment.
\nSo far this year, a record amount of personal information was stolen from W-2s and used to file fraudulent tax returns.
\nDespite the increased vulnerability of HR systems, many HR professionals still view themselves in the traditional role of workforce management, choosing to leave cyber risk management to other departments, notably IT.
\nAccording to a recent IBM security study released this year, 57 percent of chief human resources officers globally have rolled out employee training that addresses cybersecurity.
\nHowever, the respondents\u2019 positive percentages dropped noticeably when asked if they provided cybersecurity training that included measurable, results-based outputs, or if there was reinforcement throughout the year that provided more than a once a year cybersecurity training.
\nThe IBM report urged key executives in human resources, finance and marketing departments to be more proactive in security decisions, coordinate plans internally and to be more engaged in cybersecurity strategy and execution with the C-suite and IT.
\nLink: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=6618a78072&e=20056c7556<\/p>\n
The True Cost of Cybercrime in Brazil
\nIn the war against cybercrime, human resource professionals are being asked to join their companies\u2019 cyberdefense as \u201cboots on the ground,\u201d at the front lines.
\nThe reason: HR is home to valuable personal and corporate data, systems and processes that cybercriminals target day in, day out.
\nWhereas IT and other technology specialists work daily with the thought of protecting corporate networks, in today\u2019s cyber risk-laden world, HR professionals, despite their limited technical expertise, must work to protect sensitive data and operate in ways that mitigate the potential for attacks by technologically proficient cybercriminals.
\nIn a recent worldwide survey of 1,100 senior IT security executives by Vormetric, 85 percent revealed they keep sensitive data in the cloud and 70 percent admitted they are very concerned about the security of the data in this environment.
\nSo far this year, a record amount of personal information was stolen from W-2s and used to file fraudulent tax returns.
\nDespite the increased vulnerability of HR systems, many HR professionals still view themselves in the traditional role of workforce management, choosing to leave cyber risk management to other departments, notably IT.
\nAccording to a recent IBM security study released this year, 57 percent of chief human resources officers globally have rolled out employee training that addresses cybersecurity.
\nHowever, the respondents\u2019 positive percentages dropped noticeably when asked if they provided cybersecurity training that included measurable, results-based outputs, or if there was reinforcement throughout the year that provided more than a once a year cybersecurity training.
\nThe IBM report urged key executives in human resources, finance and marketing departments to be more proactive in security decisions, coordinate plans internally and to be more engaged in cybersecurity strategy and execution with the C-suite and IT.
\nThe cost of data breach report assessed post-breach costs incurred by 33 Brazilian companies in 12 different industry sectors.
\nThe research revealed that the average per capita cost of a data breach (per capita cost and cost per compromised record have equivalent meaning in this report) increased significantly, from R$175 (Brazilian Real) to R$225.
\nThe total organizational cost of data breach increased from R$3.96 million to R$4.31 million, according to the report.
\nSome sectors saw a steeper rise in costs than others.
\nSpecifically, services, energy and financial services had a per capita data breach cost substantially above the overall mean of R$225, with services topping out at R$398.
\nMeanwhile, public sector, transportation and consumer companies had a per capita cost well below the overall mean value.
\nThe report broke down root cause of data breach into three main categories: malicious or criminal attack, system glitch and human error.
\nAlthough a system glitch could have been ultimately connected to a human error, the report looked at whether an individual was directly connected to the breach.
\nMalicious incidents are not only more common, but they\u2019re also more costly.
\nThe per capita cost of data loss caused by a malicious incident was R$256.
\nSystem glitches had an average per capita cost of R$211 and human error was R$200.
\nAs shown in the graphic below, having an incident response plan, using encryption, involving the BCM team, and implementing employee training and threat sharing can significantly decrease the per capita cost of a data breach.
\nAvailability of an incident response team, for example, reduced the average cost of data breach from R$225 to R$192.4 (decreased cost = R$32.6).
\nLink: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=d71285f95f&e=20056c7556<\/p>\n
\u2018BSides\u2019 Las Vegas Offers Fresh Cybersecurity Insights from Industry Leaders
\nBSides Keynote Speaker Dr.Lorrie Cranor Discusses Misconceptions in Password Security
\nThe conference kicked off with an outstanding keynote speaker, Dr. Lorrie Cranor, Chief Technologist of the U.S.
\nFederal Trade Commission.
\nShe discussed a report by the University of North Carolina that studied 10,000 defunct accounts.
\nThe study found that people apply changes in predictable ways, making it easier for UNC to determine future passwords using an algorithm.
\nExpert Haydn Johnson Talks about Organizational Confusion with Information Security
\nJohnson described concerns about how to modify scanning tools to keep up with new security vulnerabilities.
\nHe advised that information security companies should differentiate themselves from their competition in the future by providing much-needed education to customers about business risks and the impact of security vulnerabilities.
\nCybersecurity Research Expert Keren Elazari Calls for Better Computer Software Content Identification
\nElazari discussed why security research matters for the coming decades and emphasized that third-party computer software needs to be better identified to determine potential vulnerabilities.
\nShe drew a startling comparison\u2014while candy bar labels are required to list all of their ingredients, software has no labels that explain elements of the software code.
\nBSides Conference Showcases Information Security Nonprofits
\nOne of the interesting tables on display at BSides was The Open Web Application Security Project (OWASP), a nonprofit focused on improving the security of software.
\nTheir mission is to make software security visible, so that individuals and organizations are able to make informed decisions.
\nLink: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=17256c8b7f&e=20056c7556<\/p>\n
* Best practices in cyber vulnerability assessment
\n* Are Healthcare CISOs Suffering from Cybersecurity Solution Fatigue? An Expert Probes Some of the Issues
\n* Will Faster Payments Mean Faster Fraud?
\n* Accenture : Data theft, malware infection big threat to digital businesses
\n* Ponemon Institute: External Cyber Attacks Cost Enterprises $3.5M\/year, 79% of Businesses Lack Comprehensive Strategies to Manage these Risks
\n* 2016 Malware Levels Now Stand at Nearly Four Times 2015 Totals
\n* Twitter Hacking and Social Media\u2019s Risk to Executive Security
\n* Beyond Data: Why CISOs Must Pay Attention To Physical Security
\n* $2.7 Million HIPAA Penalty for Two Smaller Breaches
\n* Using compliance as a tool for change
\n* In the Breach War, File Protection Is Just as Important as Data
\n* Data security and breach notification in Finland
\n* ISO compliance in the cloud: Why should you care, and what do you need to know?
\n* Federal Privacy Commissioner Provides Submission on New Data Breach Notification and Reporting Regulations
\n* Breach notification reporting can be complicated without proper skills, tools
\n* Banks must do better on cyber security: KPMG
\n* Australia gets one-quarter of a minister for national infosec
\n* The Case for Continuous Security Monitoring
\n* Arbor Networks Releases Global DDoS Attack Data for 1H 2016
\n* 5 Best Practices for Outsourcing Cybersecurity
\n* Most CISOs and CIOs need better resources to mitigate threats<\/p>\n
Best practices in cyber vulnerability assessment
\nHere are the best practices for cyber vulnerability assessment.
\nFirst and foremost you should have a very clear understanding of why you need a cyber vulnerability assessment.
\nResearch other companies in your industry.
\nTo know exactly which parts of your business structure need an assessment, you need to research your company\u2019s processes with a focus on the systems that are critical to keeping your business running.
\nOnce you\u2019ve identified the systems that need an assessment, you should rank them according to both their importance to your overall business model and to the sensitivity of the information they contain.
\nNow that you know exactly which systems and software need an assessment and how they rank in terms of priority, you should make sure you\u2019re aware of the security systems you already have in place.
\nf you\u2019ve completely mapped out both your vulnerabilities and your already-in-place security, and your inter-departmental security task force is in agreement on what\u2019s needed, you\u2019re ready to perform your vulnerability scans.
\nf you did your homework on what you needed to assess and also on the vulnerability assessment tool you chose, then you should fully trust the results of your cyber vulnerability assessment and act on them.
\nDon\u2019t wait.
\nDon\u2019t second guess.
\nThe assessment will produce recommendations for remediation that you should act on right now.
\nLink: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=8b359bf211&e=20056c7556<\/p>\n
Are Healthcare CISOs Suffering from Cybersecurity Solution Fatigue? An Expert Probes Some of the Issues
\nA recent Institute for Critical Infrastructure Technology report provided some intriguing thoughts about the pressure facing chief information security officers (CISOs) to keep their organizations secure and how they are combating information and vendor solution overload.
\n\u201cDue to the plague of APTs, malware, ransomware and other malicious initiatives by invisible adversaries, few C-level executive positions are as critical as the CISO,\u201d Scott writes.
\nIn a recent report, James Scott, a senior fellow at the Institute for Critical Infrastructure Technology (ICIT), a Washington, D.C.-based cybersecurity think tank, points out that a well-informed CISO can improve the engagement of the C-suite and improve the cyber posture of the organization.
\nWhile the report offers a cross-industry perspective of the CISO role and the challenge of vendor solution overload, the report author does spend moments focusing on healthcare organizations, specifically in a section detailing how CISOs can assess the return on investment of cybersecurity solutions.
\nThe report provides an interesting perspective about the need for CISOs to ignore the hype surrounding \u201csilver bullet\u201d solutions in order find the most effective cybersecurity solutions and strategies for their particular organizations, but at the same time, the report author also highlights the part that the vendor community plays in this problem.
\n\u201cIn many cases, CISOs operate under the unrealistic expectation that they should be able to prevent every breach with a finite budget.
\nThey are expected to have enough technical expertise to develop a strategy to protect the business and enough business acumen to convince the board to adopt that strategy because it aligns with the goals of the organization,\u201d he writes.
\nAnd, he asserts that modern CISOs tend to function more as Chief Information Risk Officers, managing the risk to data and technology.
\nAccording to the ICIT report, there is rapid burnout among CISOs, as the average turnover rate is 17 months.
\n\u201cVendor attempts to offer silver bullet solutions undermine the community at large and poisons the vendor-customer relationship.
\nThe culture promoting these inadequate solutions distracts CISOs, technical personnel and solution developers from the risks and threats in the threat landscape and it distracts them from designing the right solutions to address the market needs.\u201d
\nIn the report, the author offers strategic recommendations for calculating a cybersecurity solution\u2019s ROI and uses a healthcare organization as an example.
\nThe ROI of security solutions can be equated to the fiscal component of the impact that the organization would assume if an adversary exploited the vulnerability that the solution addresses, the author writes.
\nThe report concludes with statistics sourced from the Economist Intelligence Unit that indicates proactive CISO-led strategies can cut the success rate of cyber-breaches by more than 50 percent, hacking successes by 60 percent and ransomware infections by 47 percent.
\nLink: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=7d8b2626d2&e=20056c7556<\/p>\n
Will Faster Payments Mean Faster Fraud?
\nCrowe contends that to ensure global payments interoperability, faster payments are a necessity.
\nThe U.S. will soon be at a competitive disadvantage if it does not enable faster payments, she argues.
\nParry says the most fundamental risk to payments is poor identity management.
\nAnd it’s a legitimate concern.
\nAfter all, poor identity management apparently enabled hackers to steal $81 million from the central bank of Bangladesh in February, as part of a fraudulent transaction that was approved by the Federal Reserve Bank of New York.
\nAnd in a real-time or near-real-time environment, once the money is gone, it’s gone.
\nUnlike in the United Kingdom, Australia and other economically advanced parts of the world, faster payments are not the norm in the U.S.
\nCrowe declined to touch the interchange issue. “Cost is not the No. 1 worry for the Fed when it comes to faster payments,” she noted during the summit.
\nThe top concern, she says, is “a faster process that is still secure for business.”
\nThe Secure Payments Task Force’s goals differ from the goals of the Faster Payments Task Force.
\nAnd the Secure Payments Task Force has identified four areas that must be addressed to ensure the ongoing security of the payments system in the U.S. going forward.
\nFaster payments will be part of that, but not all.”
\nLink: http:\/\/paulgdavis.us3.list-manage2.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=bdd7c9598c&e=20056c7556<\/p>\n
Accenture : Data theft, malware infection big threat to digital businesses
\nThe new report from Accenture and HfS Research say that 69 percent of respondents experienced an attempted or successful theft or corruption of data by insiders during the prior 12 months, with media and technology organizations reporting the highest rate (77 percent).
\nThis insider risk will continue to be an issue, with security professionals’ concerns over insider theft of corporate information alone rising by nearly two-thirds over the coming 12 to 18 months.
\nThe survey, “The State of Cyber security and Digital Trust 2016′”, was conducted by HfS Research on behalf of Accenture.
\nMore than 200 C-level security executives and other IT professionals were polled across a range of geographies and vertical industry sectors.
\nThe survey examined the current and future state of cyber security within the enterprise and the recommended steps to enable digital trust throughout the extended ecosystem.
\nThe findings indicate that there are significant gaps between talent supply and demand, a disconnect between security teams and management expectations, and considerable disparity between budget needs and actual budget realities.
\nDespite having advanced technology solutions, nearly half of all respondents (48 percent) indicate they are either strongly or critically concerned about insider data theft and malware infections (42 percent) in the next 12 to 18 months.
\nWhen asked about current funding and staffing levels some42 percent of respondents said they need more budget for hiring cyber security professionals and for training.
\nMore than half (54 percent) of respondents also indicated that their current employees are underprepared to prevent security breaches and the numbers are only slightly better when it comes to detecting (47 percent) and responding (45 percent) to incidents.
\nLink: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=cbafeb002c&e=20056c7556<\/p>\n
Ponemon Institute: External Cyber Attacks Cost Enterprises $3.5M\/year, 79% of Businesses Lack Comprehensive Strategies to Manage these Risks
\nTORONTO–(BUSINESS WIRE)–Despite acute awareness of the millions of dollars in annual costs, and the business risks posed by external internet threats, security leaders highlight the lack of staff expertise and technology as a key reason that these attacks are unchecked, according to results from a new Ponemon Institute study sponsored by BrandProtect.
\nSeventy-nine percent of the IT and IT security practitioners polled indicated their defensive infrastructure to identify and mitigate those threats are either non-existent, ad hoc or inconsistently applied throughout the enterprise.
\nThe findings reveal that the companies represented in this research averaged more than one cyber attack per month and incurred annual costs of approximately $3.5 million because of these attacks.
\nThe report \u201cSecurity Beyond the Traditional Perimeter,\u201d sponsored by internet risk detection and mitigation expert BrandProtect, examined the threats, costs and responses of companies to external internet cyber attacks.
\nThese threats include executive impersonations, social engineering exploits, and branded attacks arising outside a company\u2019s traditional security perimeter.
\nSecurity professionals cited an acute<\/p>\n","protected":false},"excerpt":{"rendered":"
[From the desk of Paul G Davis – his opinion and no-one else’s, apart from those of the authors of the articles.] And so, now the news * Telcos not responsible for monitoring piracy – Milan court * Site Security: Background Checks * Machine Learning for Risk Management * New…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[29],"tags":[],"class_list":["post-2500","post","type-post","status-publish","format-standard","hentry","category-news"],"_links":{"self":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/2500","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/comments?post=2500"}],"version-history":[{"count":1,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/2500\/revisions"}],"predecessor-version":[{"id":4987,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/2500\/revisions\/4987"}],"wp:attachment":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/media?parent=2500"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/categories?post=2500"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/tags?post=2500"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}