Thursday, 30 April 2015

Google’s New Free Weapon to Fight Hackers

Google has introduced another weapon in the arsenal to fight phishing.

Password Alert, the search engine giant’s open source extension for Chrome, was released today with the goal of preventing phishing attacks that could leave a person’s digital private life exposed to hackers.

The extension works by storing a scrambled version of a user’s password.

A Google account holder who has downloaded the extension in Chrome will then receive an alert every time they type their Google password into a site that isn’t a Google sign-in page.

An alert will let the user know they are vulnerable and should change their Google password to ensure their account information remains private.

While the extension has been implemented to protect Google accounts, its open source code means it can be adapted for future uses to make sure a person’s other passwords stay protected.

As many as 2 percent of Gmail messages are fake emails designed to trick people into giving up their passwords, according to Google. The search giant found that the most effective of the scams succeed 45 percent of the time.

Source: http://ift.tt/1AmvRLp



from cyber security caucus http://ift.tt/1HVph4E
via IFTTT

Transparency & Trust in the Cloud Series: Mountain View, California

I was in Silicon Valley recently speaking at another Transparency & Trust in the Cloud event.Thank-you very much to all the customers that made time to join us at the Microsoft campus in Mountain View, California! This was another very well attended event with numerous large enterprise customers located in the vicinity in attendance.

Like all the Transparency and Trust events prior to this one, I learned from the attendees what their expectations are for a Cloud Service Provider when it comes to security, privacy and compliance. We had several lively discussions on a range of topics. These are some of the themes that emerged during our discussions:

  • How do customers move data from existing on-premise applications into new applications in the Cloud?
  • What compliance artifacts does Microsoft provide to its Cloud customers?
  • Does Microsoft provide architectural diagrams of what its cloud services look like to its customers?
  • What process does Microsoft use for incident response in the Cloud?

My next stop on this tour is San Diego on April 14th and there are still a few other opportunities to learn more about Microsoft’s approach to building the industry’s most trustworthy Cloud. Please refer to the Transparency & Trust Series event schedule. As always, your Microsoft account team is available if you have any questions about these events.

Source: http://ift.tt/1PU14hQ



from cyber security caucus http://ift.tt/1Amm08f
via IFTTT

Students’ sensitive data at risk after ‘Guild of Pirates’ hacktivists breach Guild IT security

A group of students, acting under the pseudonym ‘Guild of Pirates’, claim to have gained access to the Guild’s sensitive data this week.

To substantiate their claims, the group released a copy of this year’s Gradball ticket through their Twitter account @GuildofPirates, taunting: ‘We’ve got our Gradball ticket, have you?’ On Monday, April 27th, the group released another tweet under the hashtag #SecureTheGuild, purporting to have gained control over the Guild’s email server. This enabled them to send their open letter to all staff within the organisation seemingly from the CEO’s account

The letter, available in full at the Guild of Pirates’ website (http://ift.tt/1QPK3qw), alleges that ‘YOUR Guild of Students is failing you’ as it, ‘fails to protect its sensitive data and services.’  Their website, outlining the group’s motives and intentions, explains that the Guild’s IT infrastructure is relatively open to infiltration and accessible to anybody with a laptop, due to the widespread use of simple default passwords and ‘just plain negligence’.

In addition, they have issued an ultimatum warning that they will release the line up of this year’s Gradball should enough people follow their Twitter account before the Guild has taken sufficient action.

The group’s reasoning for conducting this activity follows a proposed motion, GC.2.15.8i, submitted to Guild Council in February. The motion states that the Vice President of Democracy, Resources and Sustainability, Bethan Dovey, is to report back to the Guild’s democratic body with an outline of the organisation’s data backup and network security policies. The need for this review is explained by the fact that the Guild holds numerous personal details of student staff and society members such as addresses, bank details, national insurance numbers and telephone numbers.

Branding Guild Council as ‘needlessly bureaucratic and tedious,’ the hackers maintain that they have no intention of reading the files or emails of any account on the Guild’s network and that their primary motive is to encourage the Guild to bolster its security.

A screenshot from the Guild of Pirates website (http://ift.tt/1QPK3qw)

Katie, a first year English and History student, said that the group ‘Don’t seem particularly malicious.’ However, she is ‘still concerned’ that her personal information could be accessed so easily, ‘It doesn’t fill me with much confidence that my personal details can be out in the open like that.’ Niall, a second year English Literature student, wonders ‘what a larger, more malicious organisation of hackers could do if it was so easy for a small group of students.’

The Guild has not yet been able to provide Redbrick with a comment. Meanwhile, the hacktivists, claiming to be a group of ‘concerned students’, are expected to release further information every few days until the Guild secures its systems.

Source: http://ift.tt/1bGX8Cb



from cyber security caucus http://ift.tt/1QPK5i1
via IFTTT

Threat Map exposes US as hackers paradise

Check Point release details source, target and malware of cyberattacks.

The US has emerged as a leading source and recipient of cyberattacks, according to data revealed in the Threat Map of security vendor

Hosted on the company’s website, the newly released map contains a real-time record of various cyberattacks taking place across the globe, including details of malware strains and the origin and destination of the attack.

Whilst the US leads on both fronts, the UK ranked seventh on the list of attacking countries, one place behind China but ahead of Germany.

“It can be hard for organisations to grasp the sheer speed and global scale at which cyberattacks happen,” said Marie Hattar, chief marketing officer for Check Point.

“We wanted to develop a tool to help businesses understand how rapidly the threat landscape is moving so that they can take steps to strengthen their security implementations and better defend themselves against attacks.”

Data on the map is based on Check Point’s ThreatCloud database, which analyses 250 million addresses for bot discovery and holds 11 million malware signatures and details of 5.5 million affected websites.

It catalogues several types of malware including backdoors, trojans and worms, and can also track advanced hacking campaigns known as advanced persistent threats (APTs).

“The ThreatCloud World Cyber Threat Map shows where attacks are starting, the types of attack and their targets in more detail than any other resource, because it uses real-time intelligence from Check Point’s installed base of security gateways,” Hattar said.

Source: http://ift.tt/1dxHVob



from cyber security caucus http://ift.tt/1GzFloC
via IFTTT

Growing cybercrime menace laid bare

Cyber attacks could cripple key infrastructure and mitigating against them has become crucial, an Internet security firm has said. By Sunil Gopal.

If you think Eskom’s load shedding causes disruptions, there’s potentially an even bigger problem for the economy waiting in the wings — a technology outage caused by a cyber attack.

The very functioning of modern economies is increasingly reliant on connected technology. Even purchasing something as basic as prepaid electricity relies on IT systems.

Kaspersky Lab deputy director for global research and analysis Sergey Novikov believes the risk to these systems is high.

In 1994, a new computer virus was released once every hour. By 2006, this had increased to one a minute. Now, there are 350 000 new samples every day, Novikov says.

Novikov says the most common cyber attacks are on ordinary users and are committed by “regular cyber criminals”. The next most targeted is the corporate sector, where cyber espionage has become a particular problem. The final level occurs in state-to-state attacks, where countries are increasingly engaging in cyber espionage and even terrorism.

From January to March 2015, there were 2,1bn attacks worldwide, 130m of which happened in Africa and the Middle East (including Turkey).

According to Kaspersky Lab data, there were 1,8m Internet-borne malware incidents recorded by its South African users in the first quarter of 2015.

Windows remains attackers’ preferred target platform, with 237m unique malicious software files or malware created for the software by January 2015. There are 13m pieces of malware for Android, with 12 000 for Apple’s Mac OS X users and just 283 for its iOS software that powers the iPhone and iPad.

Users are frequently attacked by malware spread via removable USBs, CDs, DVDs and other “offline” methods. Removable devices were responsible for more than 70% of malware infection in the Africa and Middle East region in the first quarter of 2015.

In the first quarter of the year, there were 468m attacks registered worldwide, with 32m being in Africa and the Middle East. South Africa is second in the region for the development of malware, Kaspersky says.

Other methods used to attack computers include drive-by downloads, where users are tricked into downloading malicious software, phishing-related e-mails and social networks, where even clicking on the photo can allow viruses into a system.

Oracle’s Java platform is a favourite platform exploited by attackers, with Windows and Android also targeted.

Kaspersky says there has been an increase in attacks using point-of-sale malware in retail outlets. Every time you swipe your credit or debit card at a point-of-sale device it provides an opportunity for a cyber attack, it says. With some point-of-sale devices handling thousands of transactions daily, they provide an ideal opportunity for cyber criminals.

Ransomware, where a user’s files are encrypted by an attacker and money demanded to obtain decryption keys, is another growing threat. Often military grade encryption is used.

Smartphones have become another platform for attack by malware developers. The first example of mobile malware was detected just 10 years ago; last year, there were 296 000 known viruses targeted at mobile devices — with 98% focusing on Android.

Mobile devices allow criminals to gain access to various types of information including SMS messages, business e-mails and contacts, personal photos, users’ GPS co-ordinates, banking credentials and calendar apps. These open up users to a whole new world of potential victimisation, according to Kaspersky.

There has also been an increase in advanced persistent threat or APT attacks. These usually involve a large number of people and huge resources that go after specific targets, usually companies, for weeks or even months on end.

They usually involve large criminal syndicates or in some cases even governments. The first well-known such attack was the Stuxnet computer worm, which attacked users running Windows and Siemens’ Step 7 software. The main countries infected were Iran, Indonesia and India, with speculation that Iran’s nuclear programme was targeted specifically.

Since Stuxnet, there has been a rapid increase in APT attacks. Among the most prominent so far this year was the Carbanak attack, which targeted banking networks. It literally allowed ATMs to dispense cash or used international banking systems to transfer money.

Sometimes bank accounts balances were inflated using accounting practices and the extra money was transferred to criminals accounts without bank clients even suspecting anything. It’s estimated that attackers were able to steal more than US$1bn.  — (c) 2015 NewsCentral Media

  • The writer travelled to a Kaspersky Lab conference in Lisbon, Portugal as a guest of the company

Source: http://ift.tt/1FxsZkQ



from cyber security caucus http://ift.tt/1DF3vff
via IFTTT

Are you cyber resilient? A quick overview of ASIC Report 429.

ASIC’s latest report notifies its regulated population of the importance of being prepared for cyber-attacks, being the use of electronic technology to commit (or attempt to commit):

  • an attack on the integrity of a firm’s computer system/server; or
  • traditional crimes including fraud, identity theft and forgery.The report stresses the importance for businesses not to only have a ‘prevention plan’ in place but take the plan a step further and implement a full cyber resilience plan including measures to:
  • While cyber-attacks are common in the US (with President Obama declaring at the State of the Union address in January 2015 that cyber security is a government priority), it is a relatively new area of risk for Australian businesses. Given the rate of increase of such attacks over the last two years, it is likely that cyber-attacks will become more prevalent in Australia over time.
  1. prevent the cyber-attack;
  2. prepare for the cyber-attack;
  3. responding to the cyber-attack; and
  4. recovering from the flow on effects of such attack.

As such, ASIC has released a series of ‘Health Checks’ that can be found within Report 429 and further recommends that its regulated population consider obtaining tailored cyber insurance liability cover.

Often these attacks involve the hacker requesting a ransom being paid in exchange for the release of the information, which will hurt the working capital of a business. Given the rapid change in technology such attacks are likely to become more dynamic and varied over time.

By obtaining tailored cyber insurance liability cover, businesses will be in a better position to recover from the consequential losses that may flow from cyber-attacks as outlined at stage (4) above including the costs associated with:

  1. third party claims for data/privacy breach, infringement/breach of intellectual property;
  2. costs associated with ransoms/extortion threats; and
  3. loss of trade due to dealing with such threats.

Source: http://ift.tt/1QPgjdl



from cyber security caucus http://ift.tt/1EvwiH0
via IFTTT

China Opposes U.S. Cyber Security Strategy’s Accusations

China on Thursday opposed a new Pentagon cyber security strategy, saying it makes groundless accusations against Beijing and will increase the online arms race.

“We are following the new U.S. cyber security strategy and concerned about it…The report makes groundless accusations about China, and we resolutely oppose it,” Chinese Defense Ministry spokesman Geng Yansheng said at a monthly press briefing on Thursday.

The 33-page cyber security strategy, the second released by the Pentagon following a first strategy in 2011, says the Defense Department “should be able to use cyber operations to disrupt an adversary’s command and control networks, military-related critical infrastructure and weapons capabilities.”

The strategy lists China, Russia, Iran and the Democratic People’s Republic of Korea as potential targets. It also includes a section on U.S. concerns about Chinese cyber espionage against U.S. companies and agencies.

“With its great edge in cyber technology and the strongest and largest cyber force in the world, the U.S. declaration of offensive cyber strategy will not help manage or settle differences in cyberspace, but will strain conflicts and increase the arms race,” Geng said.

China has been the victim of cyber attacks and has opposed hacking in any form, Geng said, urging the United States to abandon its double standards and stop disparaging other countries.

Stressing that China proposes a peaceful, safe, open and cooperative cyberspace, Geng said China opposes cyber warfare and an online arms race. “We oppose turning cyberspace into a new battlefield,” said Geng.

The United States should do more to promote common security in cyberspace rather than seek its own security using its military strength, Geng said.

Source: http://ift.tt/1PazvPg



from cyber security caucus http://ift.tt/1QP8nsw
via IFTTT

Botswana to beef up cyber security

United Kingdom government, through the Commonwealth Telecommunications Organisation (CTO), has pledged to assist Botswana to develop a National Cybersecurity Strategy.

The strategy is expected to establish a national cybersecurity policy framework, develop and harmonise appropriate legislations to address the cybersecurity challenges, create capacity building and public awareness on cyber security issues, and establish a National Computer Emergency Response Team (CERT).

Botswana’s Minister of Transport and Communications, Tshenolo Mabeo has called for the strengthening of cyberspace security because, as he claims, this resource facilitates economic and social interaction and ‘is a force to be reckoned with’.

“It is very important that we jealously guard the safety, security and resilience of the cyberspace, so that we can enjoy its socio-economic benefits,” Mabeo said.

He added that the evolution and use of the cyberspace on shared principles, norms and procedures as an open access system is one of the greatest innovations that mankind has ever experienced.

“The open access and non-discriminatory principles allow the communities to freely communicate without any fear in the cyberspace and allows them to communicate and access markets globally.”

Mabeo said maintaining pluralism and open access principle, while steering away from breaches of privacy and infringements of intellectual property rights, remains a challenge.

“I believe that all democratic governments must jealously guard against erosion of this principle by avoiding filtering and blocking of internet access,” Mabeo said, adding that his government applies light regulations on the internet to ensure the resource remains open and a public forum for freedom of expression.

Mabeo warns that the global internet society faces challenges of an increased extremism in the use of the cyberspace ecosystem which poses a threat to law and order, safety and security of nations.

“We have seen how the internet has been used as a platform for committing crimes, abuse, defamation, and to show extreme hate of different forms. These acts are very disturbing and causing a dilemma on how the legal fraternity can intervene for remedial action.”

Mabeo called for international cooperation among countries to tackle global cyber threats.

“As developing countries we are battling with these challenges, where people are committing crimes in social media platforms under the pretext that their identities are unknown.”

Source: http://ift.tt/1DN16AD



from cyber security caucus http://ift.tt/1zgFCzm
via IFTTT

China says worried by new U.S. cyber strategy

China’s Defence Ministry expressed concern on Thursday at the Pentagon’s updated cyber strategy that stresses the U.S. military’s ability to retaliate with cyber weapons, saying this would only worsen tension over Internet security.

The strategy presents a potentially far more muscular role for the U.S. military’s cyber warriors than the Pentagon was willing to acknowledge in its last strategy rollouts in 2011 and singles out threats from Russia, China, Iran and North Korea.

China is frequently accused by the United States and its allies of engaged in widespread hacking attacks, charges Beijing always vociferously denies.

Defence Ministry spokesman Geng Yansheng said that as the world’s most technologically advanced nation when it came to the Internet, the United States was only worsening tension over cybersecurity with its new strategy.

“This will further exacerbate contradictions and up the ante on the Internet arms race. We are concerned and worried about this,” Geng said.

The United States should stop blackening China’s name when it came to cybersecurity, and was in any case hypocritical in its criticism because of the U.S. National Security Agency’s Prism snooping program, he added.

The militaries of the world’s two largest economies have had a rocky relationship despite efforts by both sides to improve ties.

Geng also took aim at recent drills between the United States and the Philippines in the South China Sea, a strategic waterway 90 percent of which is claimed by China.

Large-scale drills will only create tension and are not helpful for regional peace and stability, he said.

“In the present situation, with the holding of such large-scale drills, we have to ask, who is it really who is creating regional tensions, and who is it really threatening regional peace and stability?”

Source: http://ift.tt/1P9B3cg



from cyber security caucus http://ift.tt/1GIVs5S
via IFTTT

Tripwire Study: C-level Executives Cyber Security Confidence Gap

C-level executives at Fortune 500 firms less confident in cyber security risk presentations than technology executives

PORTLAND, Ore.–(BUSINESS WIRE)–Tripwire, Inc., a leading global provider of advanced threat, security and compliance solutions, today announced the results of a study conducted by Dimensional Research on improving the cybersecurity literacy of Fortune 500 boards and executives. The study examined corporate executives’ view of cybersecurity risks, as well as measured their confidence and preparedness in the event of a security breach. Study respondents included 200 business executives and 200 IT security professionals at U.S. companies with annual revenues of more than $5 billion.

Key findings include:

  • C-level executives are less confident (68 percent) than non C-level executives (80 percent) that cybersecurity briefings presented to the board accurately represented the urgency and intensity of the cyberthreats targeting their organizations.
  • C-level executives (65 percent) were less confident than non C-level executives and IT executives (87 percent and 78 percent respectively) in the accuracy of the tools their organization uses to present cybersecurity risks to the board.
  • 100 percent of C-level executives and 84 percent of non C-level executives consider themselves “cybersecurity literate,” despite ongoing cyberattacks and high profile breaches.

“The lower level of confidence on the part of C-level executives reflects a sea change in the way that executives handle cybersecurity risks,” said Dwayne Melancon, chief technology officer for Tripwire. “The reality is that an extremely secure business may not operate as well as an extremely innovative business. This means executives and boards have to collaborate on an acceptable risk threshold that may need adjustment as the business grows and changes. The good news is that this study signals that conversations are beginning to happen at all levels of the organization. This is a critical step in changing the culture of business to better manage the ongoing and rapid changes in cybersecurity risks.”

While the results of the Tripwire study indicate an increased preparedness on the part of IT professionals, they expose the uncertainty at the C-level and point toward the need to increase literacy in cybersecurity and its attendant risks in the near-term. Competitive pressures to deploy cost-effective business technologies may affect resource investment calculations for security; these competing business pressures mean that conscientious and comprehensive oversight of cybersecurity risk at the board level is essential.

“I’m not surprised that C-level executives are less confident than their boards or IT executive staff,” said Melancon. “That lack of confidence comes, in large part, from the networking and informal benchmarking that takes place among C-level executives at the peer level. There is a lot of ‘comparing notes’ that happens between C-level peers. When this happens, you are able to get a more informed view of where you are in your overall cyber risk preparedness. This is in direct contrast to IT professionals who generally have a more insulated view of their own cyber risk, which can lead to a false sense of security. That difference in perspective – internal inputs vs. external inputs — may very well explain the confidence gap this survey highlights.”

To download the whitepaper of this study, please visit: http://ift.tt/1GINiu8.
Tripwire offers a range of cyber security literacy resources at http://ift.tt/1FA2Em0.

About Tripwire

Tripwire is a leading provider of advanced threat, security and compliance solutions that enable enterprises, service providers and government agencies to confidently detect, prevent and respond to cybersecurity threats. Tripwire solutions are based on high-fidelity asset visibility and deep endpoint intelligence combined with business-context and enable security automation through enterprise integration. Tripwire’s portfolio of enterprise-class security solutions includes configuration and policy management, file integrity monitoring, vulnerability management and log intelligence.

Source: http://ift.tt/1GINh9D



from cyber security caucus http://ift.tt/1FA2Cux
via IFTTT

Wednesday, 29 April 2015

ISO 27001 PROFESSIONALS NEEDED TO COMBAT 20% INCREASE IN CYBER ATTACKS ON AUSTRALIAN BUSINESSES

IT Governance urges Australian businesses to combat this increase in cyber attacks by hiring ISO 27001-qualified professionals.

Employing ISO 27001-qualified staff will give your organisation the guidance and knowledge it needs to make implementing the Standard a lot smoother
— Alan Calder, founder and executive chairman of IT Governance

SYDNEY, AUSTRALIA, April 29, 2015 /EINPresswire.com/ — The ABC reports that “cyber attacks on Australian businesses and government increased by 20% last year” and that the most commonly targeted sectors were “banking and finance, resources and energy, defence capability and telecommunications.”

IT Governance, the global cyber security solutions provider, urges Australian businesses to combat this increase in cyber attacks by hiring ISO 27001-qualified professionals.

ISO 27001 is the international cyber security standard that sets out the requirements of an information security management system (ISMS) – an enterprise-wide approach to information security that addresses people, processes and technology. The Standard has been implemented by businesses around the world to protect against cyber attacks, and is internationally recognised as a best-practice approach to cyber security.

ISO 27001’s risk-based approach enables organisations to implement cyber security controls based on the risks they actually face, and by achieving certification to ISO 27001, businesses can demonstrate their commitment to cyber security to their stakeholders as well as meeting their obligations under various data protection laws. Certification to the Standard is accepted worldwide as a demonstration that an organisation maintains cyber security best practice.

In order to implement the Standard effectively, however, businesses need qualified ISO 27001 professionals. Alan Calder, founder and executive chairman of IT Governance, emphasises the need for ISO 27001 professionals in Australia:

“With ISO 27001 certification in Australia growing 22% year-on-year, businesses are beginning to see the importance of achieving certification to such a high-profile standard. Employing ISO 27001-qualified staff will give your organisation the guidance and knowledge it needs to make implementing the Standard a lot smoother.”

Accessible by anyone in the world with an Internet connection, IT Governance’s Live Online ISO 27001 training courses provide expert guidance on how to lead, implement, design and audit an ISMS aligned with ISO 27001. They also deliver the opportunity to achieve industry-standard IBITGQ qualifications that support the development of senior careers in information security management and IT governance.

Source: http://ift.tt/1zqtj43



from cyber security caucus http://ift.tt/1KuIlGP
via IFTTT

AIG partners with cybersecurity firms to enhance risk mitigation and prevention services

American International Group has partnered with K2 Intelligence, BitSight Technologies, RSA, and Axio Global, in a bid to provide enhanced risk mitigation and prevention services to its cyber insurance clients.AIG offers CyberEdge risk management and insurance product that allows clients to manage the expanding threat of cybersecurity attacks and failures.

Under the deal, the firms will allow AIG CyberEdge policyholders to access their pre-breach threat intelligence, governance tools, and the latest best practices to understand cybersecurity exposure, including the responsiveness of insurance program to a cyber attack.

AIG professional liability global head Tracie Grella said: “The threat of cyber attack continues to grow. Companies are becoming more aware that the costs can be steep for those that fail to understand, mitigate, and transfer cybersecurity risk.”

Through the new partnerships, AIG will offer new services to its CyberEdge clients, including customized threat intelligence from K2 Intelligence.

K2 Intelligence uses advanced sophisticated intelligence gathering techniques and investigative tools to collect and analyze chatter about an organization from the deep web and dark net, hidden areas of the Internet where cyber criminals will carry out business.

AIG will offer BitSight Security Ratings from BitSight Technologies. The company analyzes externally observable data such as botnets, malware, and spam to continually rate a company’s cybersecurity posture.

RSA’s NIST Cybersecurity Framework will allow companies to identify key functional areas of improvement to achieve an improved cybersecurity risk posture.

Axio Global, which develops cyber risk management solutions, will address the full range of potential cyber losses, including physical damage, bodily injury, environmental damage, and other advanced forms of loss.

Source: http://ift.tt/1Ahs41Q



from cyber security caucus http://ift.tt/1OFaZe2
via IFTTT

Cybersecurity firm Seccuris announces new sales and partner management representatives in the United States

Seccuris Inc., a leading North American cybersecurity consulting and managed services firm, announced the addition of Stacey Cochran as its new Information Security Consultant for Texas and the South, and the appointment of Marshall Sansbury as the company’s new Partner Manager.

Stacey Cochran will be responsible for developing the Texas marketplace, focusing on Dallas, Houston, and Austin, as well as fifteen other states along the Gulf of Mexico and East Coast. He is a results oriented sales and technical consulting professional with fifteen years of experience in sales development, account management, practice building, and solutions architecture, including multi-million dollar, global IT transformation projects for enterprise customers. Before joining Seccuris, he was Senior Solutions Architect for a major global systems integrator. Prior to that, Stacey owned and managed his own consulting firms in the area of IT consulting and sales and marketing strategy. He can be reached at 214-412-9451.

Former Seccuris Texas Account Executive, Marshall Sansbury, has taken on the responsibilities for partner and reseller management in the United States. In this new role, Marshall will help continue to build the company’s partner network and sales revenues. Marshall joined the Seccuris team two years ago and has been a major force in the growth of the company’s U.S. sales revenue. Before Seccuris, Marshall spent over ten years working with successful technology startup companies from pre-launch. His responsibilities included managing business and technology teams that consistently exceeded customer expectations, as well as developing repeatable/documented business processes that enabled scalable growth.

“Stacey and Marshall are dedicated professionals with the drive to provide outstanding results for our clients and partners,” said Patrick Hayes, Managing Director for Seccuris’s U.S. operations. “Stacey has a talent for recognizing the real needs and challenges of cybersecurity clients, so he can offer solutions to meet their specific long-term security goals. Though his main focus has been sales and client relations, Marshall has also been a key factor in the development of our partner base. Making him the lead for partner management was a logical move that will greatly benefit our company.”

Source: http://ift.tt/1EDAztp



from cyber security caucus http://ift.tt/1bEhDz7
via IFTTT

Vantiv’s quiet CEO talks (very briefly) about firm’s growth

Although he was very, very brief, VantivInc. CEO Charles Drucker was clearly fired up Tuesday about the growth that his payments processing company has lately generated.

“We’ve moved to the second-largest merchant acquirer,” said Drucker, of his Symmes Township-based firm, in a two-minute conversation after the meeting.

That’s two minutes longer than he typically talks; Drucker also doesn’t give a presentation during the meeting, as most public company CEOs do.

Drucker chatted long enough, however, to point to e-commerce, integrated payments – which tie payments to other business applications in a single software system – and merchant processing as key drivers of Vantiv’s growth. The company’s revenue shot up 22 percent last year and is now up 59 percent in three years, dating back to when it completed an IPO and went public in March 2012, shortly after spinning off from Cincinnati-based Fifth Third Bancorp (Nasdaq: FITB).

Acquisitions have made a huge difference. Vantiv (NYSE: VNTV) bought e-commerce payments processor Litle & Co. in November 2012, boosting that segment. And two more recent deals, including the acquisition of Mercury Payment Systems in June, lifted its sales in the integrated payments area.

I also asked Drucker about how Vantiv is dealing with cybersecurity. Hackers have infiltrated plenty of electronic payment systems, putting that topic in the news more often than processors would like.

“We’ve always been a leader in that area,” Drucker told me. “After being carved out from the bank, we’ve always been very focused on that.”

He said Vantiv offers security services such as point-to-point encryption and “tokenization” – which hides sensitive payment data – to help customers guard against hackers.

Source: http://ift.tt/1zpSvaG



from cyber security caucus http://ift.tt/1dtBHW9
via IFTTT

Cyber Threats Undetected On Government Networks Average Of 16 Days

Although the numerous high-profile, damaging data breaches in the past year brought the importance of cybersecurity to the forefront, government agencies are still struggling to develop a proactive approach to securing against cyber threats, according to a new report by MeriTalk, a public-private partnership focused on improving the outcomes of government IT.

In “Go Big Security,” MeriTalk and software provider Splunk Inc., surveyed 302 government cybersecurity professionals from federal, state and local agencies to examine current cybersecurity strategies and help organizations leverage big data for security.

The study found government IT managers estimate cyber threats exist on their networks for an average of 16 days before they are detected. More than three-quarters of respondents say their security team is often reactive instead of proactive.

However, government cyber professionals believe big data analytics can help organizations better detect threats, monitor streams of data in real time, and conduct a conclusive root-cause analysis following a breach. Even so, only one in three say they are prioritizing big data analytics for cybersecurity.

“Government organizations have access to a wealth of cyber threat information,” said Kevin Davis, area vice president, public sector, Splunk. “The challenge is managing that data and connecting the dots in real time. That’s how we get immediate insight into threats. Agencies need to detect threats faster and start to predict when and how they will occur.”

Most agencies are working to improve cybersecurity including by upgrading existing security technologies, deploying network analysis and visibility solutions, investing in advanced skills training for current security personnel, and hiring additional security personnel.

However, only 28 percent of organizations are leveraging big data analytics to connect and correlate information.

Although 86 percent of respondents believe big data analytics would significantly improve their organization’s cyber security, a number of challenges have prevented these agencies from embracing big data analytics.

Government organizations are overwhelmed by the volume of security data they collect, leading many to struggle with managing and analyzing the data. Consequently, 78 percent of data goes unanalyzed. In addition, many agencies are held back from leveraging big data analytics because of a lack of skilled personnel, lack of management support, inability to justify investment, too much data to store, and lack of effective solutions.

Cyber professionals believe they need management support, funding, and training to move to a proactive cyber security strategy. The report recommended that organizations rethink data management, call on big data analytics, and push fora more proactive approach to security through management support, funding, and training.

“Moving from compliance to risk management is a mindset shift,” said Steve O’Keeffe, founder, MeriTalk. “Agencies need to think about ‘big security’ alongside big data. CDOs need to be on the court. Data is the MVP.”

Source: http://ift.tt/1JTaVAv



from cyber security caucus http://ift.tt/1zpBwFE
via IFTTT

Wrongheaded policy for innovation, privacy and cybersecurity

Consumers want their personal digital data to remain private. App developers and our business partners are working hard to make sure personal data remains private. Networking companies, ISPs, retailers, credit card companies, device manufacturers and digital services are investing tens of millions of dollars to upgrade data security and use encryption to stop cyberhackers and identity thieves. Inexplicably, the FBI is trying to reverse this trend.

For several years the FBI has promoted encryption “to protect the user’s personal data.” But more recently and quite vocally, the FBI has urged Congress to prohibit companies from securely encrypting communications data, and to guarantee the FBI a back door to every digital device. And though it has not yet been said, we are confident that the FBI will extend its call for back doors to cover every app, digital service, networking device, connected car, thermostat and even your Fitbit.

The current debate is just beginning, but its origins were in the early 1990s. Digital innovators were deploying the first wave of digital networks and privacy-focused innovators were deploying first generation encryption technologies. Spurred by urgent cries from the FBI, Congress passed the Communications Assistance for Law Enforcement Act – known as CALEA – that requires traditional telecommunications companies to build law enforcement back doors into broadband and Voice-Over-IP networks and equipment. Somehow this law withstood judicial review, notwithstanding our traditional American rights to privacy and the requirement that police have court-approved warrants prior to tapping phone lines or searching our homes.
Much has changed since CALEA became law in 1994. Devices have become smarter and more powerful. Consumers are transitioning from voice calling to messaging, voice messaging, emailing and in-app communication. The FBI is feeling left out and left behind, so it is asking Congress to help it play technological catch-up by requiring law enforcement back doors into every device, every network and soon into every app.

Consumers and businesses are also smarter today than they were in 1994. People justifiably feel threatened by hackers and data thieves who steal for fun and profit. Consumers and businesses have heard privacy advocates and government officials evangelizing data protection vigilance, and they are demanding more – including encryption – from technology providers, banks and retailers. Moreover, after 20 years of empty promises the world’s citizens and are also much more skeptical of U.S. law enforcement promises that we first heard 20 years ago – that unfettered access to digital networks would be utilized judiciously and only for qualified law enforcement needs.

Recently the White House Review Group on Intelligence and Communications Technologies recommended that the U.S. Government promote national security by “fully supporting” commercial encryption. President Obama urged private industry to protect U.S. citizens’ privacy and civil liberties, saying “[w]hen consumers share their personal information with companies, they deserve to know that it’s going to be protected.” And later the President forcefully noted that “there’s no scenario in which we don’t want really strong encryption.”

Industry has responded appropriately to government and consumer demand. New credit cards are being issued, encrypted Blackphones are for sale, and encryption protections are being embedded in devices and services offered by large companies and new startups. Now the FBI is pushing back, causing uncertainty, consumer confusion and inhibiting innovation in encryption and other data protection technologies. If the U.S. Government demands that digital products and apps have privacy-breaching back-doors, then other governments will demand their own back doors or punish all the apps that comply with the U.S. back door mandate.

“Protect and encrypt (but not too well)” is not a slogan that marketers will celebrate or consumers will rally behind – but it will be heartily endorsed by cyberthieves and hackers. The American people, America’s businesses and America’s innovators deserve better.

Source: http://ift.tt/1Gwtaci



from cyber security caucus http://ift.tt/1EDdWW3
via IFTTT

Cyber industry shifting from hobbyists to professionals

The cyberthreat environment has changed from individuals casting wide nets to large, well-funded, organized groups with precise, targeted attacks.

The average length of time an attacker is now inside an organization before detection is 200 days, and an increasing amount of harm is done from the inside.

Panelists at an AFCEA C4ISR symposium Monday said that data analytics used to interpret activity versus pinpoint odd usage will become increasingly important, and that security is being implemented on a far wider scale. Companies and organizations are looking at this all the way down the supply chain.

“[Cyberthreats have] gone from being a hobbyist activity for people wanting to try to get something out of data to a full-scale criminal enterprise,” said Andrew Lee, CEO ofESET North America and the co-chair of San Diego’s Cyber Center of Excellence.

This means that attackers have access to buy the same tools as those on the defense side of the wall, and are getting more creative in their phishing efforts.

Chuck Kelley, information security and risk management officer at Qualcomm (Nasdaq: QCOM), said the telecom giant has seen this play out in two ways.

First, companies that Qualcomm has announced interest in acquiring or merging with are getting hacked a year or two before integrating. Hackers remain dormant, waiting for Qualcomm to connect to the new company’s networks.

Second, security vetting now extends to the whole supply chain.

“We’re seeing a significant shift in information security throughout the industry,” Kelley said.

“Part of my team goes to China and works on business development and does threat assessments on our supply chain — that wasn’t done five years ago,” he said.

In the past, suppliers would make the required products with no thought to their security or the integrity of their intellectual property protections.

“We have a licensing business in China, right,” he said. “So we have employees performing contractual-type activity with various partners. So we’re going into those offices and helping them, securing their email, making sure we have … secured communications to all their partners … all the way through the supply chain. That’s a significant shift.”

But as the attackers get more creative, so do the defenders. Lee said that because hacking is a business with actors seeking financial gain, like any other, the key is to keep raising the stakes to make it increasingly expensive for them to breach layers of defense.

Kelley said when Qualcomm did this, it discovered a trickier problem: insider attack.

“Historically, I was told insider threat was negligible — all your problems are malware,” Kelley said. “We solved for malware and, in fact, now we’re seeing the huge insider threat problem.”

How huge of a problem is it? Kelley said in a recent round of 300 layoffs, 25 to 30 percent of that group “was caught trying to steal data prior to departure — 25 to 30 percent. Some intentional, some not intentional.”

He suggested monitoring employee access to certain networks and putting in place a corporate policy to handle these situations.

Then there’s the outright theft of intellectual property in such places as China, where Kelley said Qualcomm knows there is a threat, with people going so far as stealing or going through laptops at the airport.

Their strategy is to “out-innovate” faster than data can be stolen, and to pay what panelists call the “cybertax”: the cost of doing business in places with less-than-ideal intellectual property protection in the form of increased expenses on information security.

“There’s a cost of doing business in cyber and I think one of the keys to this is that when you look at the attack profiles of 99.999 percent of attacks, it’s low-hanging fruit, and they’ll go somewhere else because it’s more expensive to attack you than it is to attack the next guy,” Lee said.

“You just want to make it really expensive for the attacker to go after you versus someone else.”

Large corporations may have the resources for this, but new, small startups entering the Internet of Things’ playing field often don’t — or won’t — put their money there.

“What scares the hell out of me, if I think about Microsoft or HP, these companies have been around for a long time, they understand security, they had their hard knocks and went through the whole process like the rest of the industry,” Kelley said.

“Now you have some startup that’s going to make some little device for you that you can plug into the Internet. He’s going to throw it into the cloud, you have no idea how he handles privacy or data or anything.

“So I think from a consumer perspective, I’m very scared about trying these new devices. I can’t imagine Frigidaire knowing how to secure the Internet, so I don’t want my refrigerator connected.”

Solutions to data and information security don’t come easy. The lag between technological development and legislation would make regulation almost futile.

Because cybersecurity is a global problem, protocols the United States might require wouldn’t protect a device interacting with information and devices around the world that don’t follow the same regulations.

Lee said he believes the solution is in ensuring all connected devices are built with privacy as a priority. Kelley said the development of guiding frameworks for cloud companies and device makers — along with requirements to abide by them, especially in the consumer sphere — will be crucial.

Todd Heberlein, senior analytics scientist at FICO (NYSE: FICO), said placing liability will also become necessary.

“It’s a tough proposition because we in the software field have always had this little box that comes up when you install new software that says ‘This software may totally destroy your system and you cannot hold us liable for that,’” Heberlein said.

“At some point, we’re going to have to move past that and start thinking that people who start putting these devices and people who start putting software on your machines might need to be held liable.

“As someone who’s owned a small business for years and years, government intrusion scares me. But at the same time, I see the attack surfaces, and that scares me too.”

Source: http://ift.tt/1InyJyf



from cyber security caucus http://ift.tt/1GFz25B
via IFTTT

K2 Intelligence Pushes Into Cyberdefense

cybersecurity and data analytics business.

On Tuesday, the company announced the hire of Austin Berglas, the FBI agent who oversaw the criminal investigation into the cyberattack at JPMorgan Chase last summer. And last week, AIG announced that it had acquired a minority stake in K2 Intelligence for an undisclosed amount, saying the companies would co-develop products and services meant to help clients mitigate cyber risk.

K2 Intelligence is one of a growing number of cybersecurity consultants that work closely with law firms to address the cybersecurity needs of their clients. Among its competitors are IBM and Mandiant, which does instant response when a company experiences a breach.

K2 Intelligence’s predecessor, Kroll, was well known to Am Law 100 lawyers and their clients for pioneering a business around private investigations for corporations, governments, banks and other high-profile clients. Founded by Jules Kroll, the company was often hired by law firms to conduct deep investigations into the backgrounds of people and companies that involved knocking on doors, soliciting information from strangers and, in at least one case, digging through trash. According to a 2009 New Yorker profile of Jules Kroll, the firm’s clients included Nokia and Motorola, the government of Kuwait, Bill Clinton’s presidential campaign and the Russian Federation, among many others.

Kroll was bought by the insurance broker Marsh & McLennan in 2004 for $1.9 billion, then sold in 2010 for $1.13 billion to the global security firm Altegrity Inc., which filed for Chapter 11 bankruptcy this year.

In 2009, Kroll and his son Jeremy started the new company now known as K2 Intelligence, with an office in London. They opened offices in Madrid and New York the following year and also have an office in Tel Aviv. Jeremy Kroll, who, according to the New Yorker article, spearheaded a computer forensics arm at the old Kroll, says the new company’s focus reflects a change in the types of risks big companies face today.

“In the foundation as we laid it for this new company, we’ve woven big data, analytics, visualization and cybersecurity,” he says.

Though the new company does respond to crises, it seeks to offer more preventative services than the old Kroll.

“More than half our revenue is derived from risk mitigation,” the younger Kroll says.

The company’s relationship with law firms is different, too. K2 Intelligence offers technological expertise and the ability to sift through huge amounts of data, then translates it into a format that’s easy to analyze and communicate to clients.

“Lawyers are not technologists. They are good at strategy, knowing the law and lawyering. What we’re good at is finding the facts,” Kroll says. “We’re distinguishing ourselves in the research area by being able to do deep Web and dark Web research.”

For example, when Baker & Hostetler was brought on as trustee of Ponzi schemer Bernie Madoff’s bankruptcy, the firm amassed 20 terabytes of data related to the case. K2 Intelligence came in to analyze the data in order to help facilitate the recovery of assets. The firm worked with the data analysis company Palantir to make connections between transactions, phone records, emails, texts and other documents.

A partner at one global law firm, who did not want to be named, says he works with K2 Intelligence on numerous client issues. He says the company brings to the table an understanding of data and information that once was not necessary.

“You used to go find documents in warehouses somewhere,” he says. “Now it’s there for you, but you have to have people to understand how to collate it. That’s where you need guys like this.”

Read more: http://ift.tt/1beyGaz



from cyber security caucus http://ift.tt/1HRhTHy
via IFTTT

Show time: 8 finalists to compete for $100,000 from Steve Case

By RICK SMITH, WRAL TechWire Editor

Steve Case’s “Rise of the Rest” tour is coming to the Triangle on May 5, and eight startups will be making pitches directly to the AOL founder. One of the eight will land $100,000 in financing.

Case starts his day with breakfast at the Governor’s Mansion. Then it’s on to the Triangle startup show.

This just in: Raleigh-based Groundfloor will be pitching Case in Atlanta.

Case has already invested in Triangle startups Mati Energy, Automated Insights and Windsor Circle.

Here are the finalists in the Raleigh-Durham Pitch Competition:

• Tom and Jennys – cavity-preventing, sugar-free candy
• Personalized Learning Games – social and emotional learning platform for K-8 students
• ELXR Health – platform for behavioral patient consent and data exchange
• Archive Social – social media archiving, monitoring, and analytics for legal compliance
• Stealz – social media engagement tool that turns customers into brand ambassadors.
• Reveal Mobile – mobile audience platform that improves mobile ad targeting
• Antenna – platform to react to any content or product on the internet
• RocketBolt – platform for intelligent lead tracking throughout a customer’s experience

The full schedule

Case will have a full day in the Triangle, starting with breakfast at the Go vernor’s Mansion with Gov. Pat McCrory.

Here’s the calendar with times and places:

8:30 AM – 9:00 AM:

Press availability, Governor’s Mansion, 200 N. Blount Street

9:00 AM – 10:30 AM:

Startup Crawl: American Underground (AU) @ Raleigh (213 Fayetteville Street, Raleigh, NC) and HQ Raleigh (310 S Harrington St, Raleigh, NC)

11:30 AM – 12:15 PM:   

Rise of the Rest discussion with Steve Case and college students at Frontier, 800 Park Offices Drive, Durham, NC

12:30 PM – 1:00 PM:

Startup Crawl (continued): American Underground @ Main (201 W Main St, Durham, NC)

1:00 PM – 1:30 PM:

Lunch with companies that Steve Case previously invested in (Mati Energy, Windsor Circle, Automated Insights), American Underground @ Main (201 W Main St, Durham, NC)

2:00 PM – 3:00 PM:            

Fireside Chat with Steve Case (Revolution), moderated by Frank Gruber, Tech Cocktail, Carolina Theatre, 309 W Morgan St, Durham, NC

3:00 PM – 5:00 PM:

Rise of the Rest Pitch Competition, Carolina Theatre, 309 W Morgan St, Durham

Judges: Steve Case (Revolution) Frank Stasio (NPR correspondent) Sarah Yarborough (Raleigh Denim) with more to be announced

5:00 PM – 7:00 PM:

Startup Celebration and Happy Hour to award $100,000 to pitch competition winner, American Underground, 201 W. Main Street, Durham, NC

7:00 PM:     

Steve Case throws first pitch at Durham Bulls game

View the original content and more from this author here http://ift.tt/1zdsR8F



from cyber security caucus http://ift.tt/1bevDz2
via IFTTT

Study predicts global infosec workforce shortage of 1.5M by 2020

By George Jackson

In April, ISC(2) released their annual report on the global information security workforce. It predicts a perfect storm in cybersecurity — an escalating number of concerns coupled with a huge workforce shortfall.

Dan Waddell, ISC(2)’s director of government affairs for the National Capital Region, discussed trends in cyber with Government Matters from the RSA Conference in San Francisco.

 

View the original content and more from this author here: http://ift.tt/1zdsQSm



from cyber security caucus http://ift.tt/1bevDiF
via IFTTT

Rise of the Rest – Spring 2015 Edition: Pitch Competition Participants Revealed!

By Revolution Team

In just one week, we’ll kick off the third installment of the Rise of the Rest Tour, which will traverse through the Southern U.S. from May 4th-8th. Hot off the presses, we’re excited to briefly introduce the 40 startups who will line up to pitch Steve Case for a chance to win a $100,000 investment. Which promising young startup will rise to the top in Richmond, Raleigh-Durham, Charleston, Atlanta, and New Orleans? Follow our live Road Trip Journal on riseofrest.tumblr.com to find out.

We’re excited to once again be joined by Google for Entrepreneurs and UP Global as presenting partners for the tour, with support from both new and previous tour partners including Salesforce for Startups, Engine, Tech Cocktail, Startup Grind, Village Capital, and Seed Here Studio.

This promises to be one of the liveliest Rise of the Rest tours thus  far – we’ll be joined by public and private sector luminaries like Governors Nikki Haley and Pat McCrory, Senators Mark Warner and Tim Kaine, Sallie Krawcheck, Walter Isaacson, and jazz legend Irvin Mayfield.  And in addition to the startup crawls, fireside chats and pitch competitions that are the hallmark of every Rise of the Rest stop, on this swing we will tour the Atlanta Belt Line to discuss redevelopment, hold the first ever pitch competition aboard a Navy Ship (the USS Yorktown in Charleston), a live pitch fest on a Mardi Gras style float as it travels through the streets of New Orleans with music playing and beers served (for those over 21), a first pitch at a Durham Bulls Game, and a gathering of college students in Research Triangle – to name a few.

Our tour through the Southern U.S. will put new miles on the Rise of the Rest bus, which has already traveled more than 2,000 miles by bus to nine U.S. cities: Detroit, Pittsburgh, Cincinnati, Nashville, Madison, Minneapolis, Des Moines, Kansas City, and St. Louis.  We’ve met incredible startups and visionary leaders in each of these startup ecosystems who understand the important role that all sectors – public and private – play in helping the entrepreneurial economy thrive. And, Steve has personally invested $1 million in great startups along the way.

So, without further ado, we’re excited to share the list of companies who will have the opportunity to join our growing Rise of the Rest portfolio, along with the names of some of the all-star judges who will join us.

MAY 4TH: RICHMOND, VIRGINIA

  • Guest judges include: Steve Case, Revolution, Aneesh Chopra, Hunch Analytics and former Chief Technology Officer of the United States, Ting Xu, Evergreen Enterprises, Aaron Montgomery, Carlotz, Tige Savage, Revolution Ventures, and Eric Edwards, Kaleo.
  • Pitching companies:
    Rockin’ Baby – premium baby carriers and clothing brand
    Marilyn & Michelle – products to help comfort women with breast issues
    Painless 1099 – smart bankling platform to help freelance workers save for and file taxes
    Nutriati – plant-based ingredient nutrition company
    WealthForge – solution to make private placement transactions more efficient
    Luminary – multichannel CRM platform
    Hourwise – on-demand back office support for trades-people
    Vibeats – mobile web platform for dining reservations

MAY 5TH: RALEIGH-DURHAM, NORTH CAROLINA

  • Guest judges include: Steve Case, Revolution, Frank Stasio, NPR correspondent, J.D. Harrison, The Washington Post, Talib Graves-Manns, and Sarah Yarborough, Raleigh Denim
  • Pitching companies:
    Tom and Jennys  – cavity-preventing, sugar-free candy
    Personalized Learning Games – social and emotional learning platform for K-8 students
    ELXR Health – platform for behavioral patient consent and data exchange
    Archive Social – social media archiving, monitoring, and analytics for legal compliance
    Stealz – social media engagement tool that turns customers into brand ambassadors.
    Reveal Mobile – mobile audience platform that improves mobile ad targeting
    Antenna – platform to react to any content or product on the internet
    RocketBolt – platform for intelligent lead tracking throughout a customer’s experience

MAY 6TH: CHARLESTON, SOUTH CAROLINA

  • Guest judges include: Steve Case, Revolution, Eric Bowman, Sparc, Sallie Krawcheck, Elevate Network, Bobby Ocampo, Revolution Ventures, Herbert Drayton III, Vertical Holdings, Bobby Hitt, South Carolina Secretary of Commerce
  • Pitching companies:
    Dynepic – creating a playground for smart toys
    Good Done Great – revolutionizing the way corporations and people give back
    Eatabit – API that prints electronic food orders inside restaurants
    Bidr – platform to help fundraiser’s increase performance
    Charleston Gourmet Burger – unique, all natural gourmet burger seasonings
    OpenAngler – platform to find and book fishing charters
    Bublish – cloud-based tools, metrics and resources for authorpreneurs
    Echovate – replicating top performers through data-science machine learning

MAY 7TH: ATLANTA, GEORGIA

  • Guest judges include: Steve Case, Revolution, Tom Foster, Inc. Magazine, Bridgette Beam, Google, David Cummings, Pardot and Atlanta Tech Village, Paul Judge, Pindrop Security and Monsieur, and David Hall, Revolution Ventures
  • Pitching companies:
    Partpic – visual search technology for replacement parts
    Groundfloor – lending club for real estate
    Cooleaf – employee engagement software for top workplaces
    LocalRoots – mobile marketplace for local farms to sell direct to consumers
    eCredable – leverages alternative credit to connect “no credit” consumers to creditors
    Zyrobotics – provide personalized technology that makes the world accessible to everyone
    Reveal Estate – Turbo Tax-like platform that empowers home buyers and saves them money
    The Village Microfund – helps develop the economic landscape of low-income communities in the US.

MAY 8TH: NEW ORLEANS, LOUISIANA

  • Guest judges include: Steve Case, Revolution, Jean Case, The Case Foundation, Irvin Mayfield, American jazz trumpeter and bandleader, Zach Strief, New Orleans Saints
  • Pitching companies:
    GoToInterview – on-demand video interviewing platform for high-turn industries
    PlantBid – business to business marketplace for the professional horticulture products industry
    WhereY’Art –  marketplace and social network connecting artists/buyers
    Servato – industrial internet of things solution provider
    Get Healthy – software and services powering direct primary care revolution
    Million Dollar Scholar – transforming how schools and parents prepare students to pay for college
    Welcome to College – helps colleges optimize the college visit and enroll optimal fit students
    Community Health TV – multicultural, multi-platform health media company

The tour is part of a national effort to shine a spotlight on one of the most important trends shaping the U.S. economy moving forward: a confluence of factors ranging from technological innovation to public policy reforms that are making it easier for high-growth startups to launch and create jobs in cities and towns nationwide, not just in Silicon Valley. Learn more about the previous winners from the tours HERE

For a full schedule and to RSVP to public events on the Spring 2015 tour, visit RiseoftheRest.com, and follow us on Twitter @RiseOfRest and Instagram.

View the original content and more from this author here: http://ift.tt/1zdsNWH



from cyber security caucus http://ift.tt/1bevDiw
via IFTTT

Budget Increase: Check — Now how do you build out an effective security program and team?

HP Security StrategistsBy HP Security Strategist Stan Wisseman

The constant stream of security incidents have convinced your executive leadership and Board to take action – they’ve asked you to build out an information security program and provided the funding to do so. Where to start? It’s possible to spend a lot of money on information security enhancements that are ineffective against today’s threats. What are the most important cyber-related risks to address? How can the information security program support the mission of the organization? How can the program get properly resourced?

Baselining against a Framework

A good place to start is by leveraging a cyber-security control framework. Use of a framework isn’t a silver bullet, but it gives you a vetted reference model of best practices to work with. There are several frameworks to consider, including: ISO/IEC 27001:2013, NIST Cyber Security Framework (CSF), and the SANS Critical Security Controls for Effective Cyber Defense. I’ve used ISO 27001/2 as a framework with some success. The difficulty with all ISO standards, in my opinion, is that the revision cycles are long and the standards may not adapt quick enough to the evolving threat landscape. Also, ISO standards can be bloated with excessive wording, long lists, and unnecessary prescriptive text. SANS helpfully prioritizes their list of 20 critical controls to help you focus on what they view as the most effective measures. Some prefer the SANS top 20 due to its practical nature. The NIST CSF leverages existing cybersecurity best practices (ISO 27001, COBIT, ISA 99, etc.) and is divided into five “core functions” with sub-categories. Chart

The CSF was built with the flexibility to add new categories and subcategories as new requirements arise. You can also use more function-specific frameworks like Cigital’s Build Security In Maturity Model(BSIMM) for software security, or HP’s Security Operations Maturity Model (SOMM) for security operations.

Whichever framework(s) you select, it’s a good practice to assess your organization’s current security posture against the framework to establish a baseline capability and identify functional gaps. Don’t get discouraged by the results! We are all on a journey to enhance the maturity of our security control environments. As reflected in a recent post by Brian Krebs, understanding where your organization is on the maturity scale is valuable reference as you develop your program roadmap. You will want to focus on the most impactful enhancements to mitigate gaps and enhance program maturity. As was shown in HP’s 2015 Cyber Risk Report, these could be a combination of dealing with the basics (e.g., secure platform configurations) as well as more advanced capabilities (e.g, user behavioral analytics). I recommend development of a multi-year roadmap that aligns with overall organization goals and manages InfoSec risks within the risk appetite of the organization. Now you’ve got to resource the plan.

Developing a Cybersecurity Workforce

Resourcing, however, is the next challenge – developing a workforce with the abilities to execute the roadmap. It’s difficult to find individuals with a balance of technical skills and necessary soft skills to constructively engage with business partners. I recommend a competency-based talent approach rather than one solely based on experience or certifications (the NICCS National Cybersecurity Workforce Framework is a useful reference). You also need to be open minded when recruiting given the demand for cybersecurity skilled professionals has outstripped supply in the US with an estimated 209K jobs going unfilled. You may need to develop from within through professional development programs, or consider outsourcing some functions.

Once you’ve captured your workforce requirements, you can determine which roles are better filled by employees or which can be provided by external parties. In certain cases, outsourcing cyber security functions provide benefits which include lower costs, additional expertise, operational efficiencies and lower burden on management. For small to medium businesses, outsourcing makes it possible to have many of the same capabilities as larger organizations, but at a lower cost than building the capability in house.

It is critical that you have a flexible and well-rounded team, whether they are in-sourced, outsourced, or a hybrid. A great analogy is NASA’s Mission Control Center (MCC). The MCC has an integrated team of flight controllers certified in particular disciplines such as electrical power, thermal control, trajectory, payload, or medical. All of them have a general understanding of the mission parameters but each team member has a unique knowledge. If a mission incident does occur, combining their collective wisdom, a comprehensive and effective plan can be developed (think of the MCC of Apollo 13). NASA

Likewise, you need a battle hardened team composed of SME’s in various domains (e.g., software security, network defense, cyber operations, digital forensics) and they should be well versed in their respective domains.  Most importantly, you need to see how the whole program hangs together in order to create a “mission plan” as well as a team that effectively responds when there is a newly discovered vulnerability, breach or attack.

Learn more about HP Enterprise Security.

View the original content and more from this author here: http://ift.tt/1bb9fXp



from cyber security caucus http://ift.tt/1bevFXM
via IFTTT

Cybersecurity legislation only a partial solution

Data breaches have grabbed headlines in recent months, and arguably none was more shocking than the one that occurred at Anthem, the nation’s second largest health insurer. That breach compromised the Social Security numbers, dates of birth and e-mail addresses of about 80 million current and former Anthem members and employees. That’s the equivalent of the combined population of California, New York, Illinois and Maryland.

In the wake of the Anthem and Sony breaches, the Senate Intelligence Committee recently passed the broadly bipartisan Cybersecurity Information Sharing Act (CISA), which would make it easier for private sector companies to share information about cybersecurity threats with government agencies. That bill is expected to be fast-tracked through Congress this spring.

The Center for Strategic and International Studies estimates that the total economic loss associated with cyber-attacks runs as high as $400 billion per year. That’s why Congress will likely act quickly to address the problem. While in committee, CISA received 12 amendments to help safeguard privacy. As the bill moves forward, organizations like the nonprofit Center for Democracy and Technology are calling for Congress to remove consumers’ personally identifiable information – in our world, HIPAA data – before it gets shared with government agencies. With those safeguards in place, it will be a bill worth passing.

But legislation alone won’t be a total solution, especially in healthcare.

The shocking truth is that only about 6 percent of healthcare data breaches to date (as reported on the Health and Human Services “Wall of Shame”) are the work of hackers. The other 94 percent are the result of simple human errors and transgressions, usually made by a provider’s own employees or business associates. The miscues run the gamut from snooping into celebrity health files and improperly disposing paper records to losing laptops containing unencrypted patient data. In short, a hospital or health system might congratulate itself on avoiding an Anthem-scale breach, only to get stung by smaller breaches that can still tarnish its reputation and cost millions to remedy.

The minimum regulatory fine for a HIPAA violation involving willful neglect is a staggering $1.5 million per violation – and most data breaches involve multiple HIPAA violations.

Sadly, too few healthcare organizations have a formal process for benchmarking the maturity of their information risk management (IRM) programs. (The FBI made this clear in an August 2014 alert.)

The healthcare field lags far behind most other industries in this critical benchmarking process. For example, most large retailers routinely use maturity models to test the efficacy of their supply chain management. The consulting firm Accenture even has a “green” maturity model to assess its IT clients’ environmental and sustainability programs.

Source: http://ift.tt/1EoG8KW



from cyber security caucus http://ift.tt/1ODSHde
via IFTTT

SEC’s Investment Management Team Offers Cybersecurity Tips

The U.S. Securities and Exchange Commission’s investment management division is recommending that financial services firms protect themselves against cybersecurity risks by removing all nonessential software programs, services, usernames and logins from their computer systems, according to an April newsletter.

The SEC’s Investment Management Division said in the guidance update that firms trying to stop hackers should try to more tightly control user credentials and authentication, firewalls and access to sensitive data and networks. Funds and advisers affiliated with other entities sharing common networks should consider whether

Source: http://ift.tt/1behPos



from cyber security caucus http://ift.tt/1FxDjcB
via IFTTT

Tuesday, 28 April 2015

FBI READIES MULTIMILLION CONTRACT FOR CYBER EXPERTISE

Finding the right workforce talent is never easy, but it’s a particularly challenging feat for the Federal Bureau of Investigation, which frequently requires subject matter experts with high clearances and diverse skill sets.

To fill its growing list of unique openings — especially in the cybersecurity arena — the FBI plans to contract out professional, management and support services for up to $100 million, according to a request for proposal synopsisposted last week.

The upcoming RFP, expected to be released by May 6, seeks a contractor with “the ability to recruit, retain and replace” operational subject matter experts.

The experts “will perform a wide range of daily support services,” including consulting, data collection and analysis, and program development, according to the synopsis.

The contract will cover six branches within the FBI, including the Intelligence Branch, the National Security Branch, and the Criminal, Cyber, Response and Services Branch. The synopsis suggests cybersecurity experts with high-level clearances will be particularly in demand within the FBI’s Cyber Division.

The synopsis describes the division as applying the “highest level of technical capability and investigative expertise toward combating cyber-based intrusions targeting U.S. national security, critical infrastructure and the economy.” That includes terrorist acts, hostile foreign intelligence operations and cybercrime.

That the agency faces a shortage of cyber talent shouldn’t come as a surprise. The National Security Agency has the same issue thanks to slower government hiring patterns and lower pay rates compared to commercial counterparts.

This mirrors a governmentwide trend. According to a recent report from the Partnership for Public Service and consultancy Booz Allen Hamilton, 2014 was the second consecutive year in which the number of civilian federal cyber employees leaving government eclipsed new cyber hires.

Source: http://ift.tt/1z6TIDe



from cyber security caucus http://ift.tt/1AcACXI
via IFTTT

The CyberSecurity Challanges of Telemedicine

On today’s edition of Coffee and Markets, Brad Jackson is joined by Francis Cianfrocca to discuss the breach of White House email by Russian hackers, why surgical robots are vulnerable to hacking and the tempting targets of digitized healthcare.

Source: http://ift.tt/1Ed9cVv



from cyber security caucus http://ift.tt/1FvfdiE
via IFTTT

Locking Down Super-Users for Maximum Cybersecurity

In Privilege We Trust: Locking Down Super-Users for Maximum Cybersecurity

Privileged Identity Management (PIM) is the lowest common denominator in today’s most treacherous corporate and governmental security breaches. Or more accurately: PrivilegeMismanagement. Sony, Target, Anthem, JP Morgan Chase, the city of San Francisco and many others succumbed to the reality that the identity of a single super-user account can be subverted for the purposes of manipulating sensitive organizational data, correspondence, commercial goods and intellectual property.

It’s a numbers game. Think of the janitors who can open all the doors, or the card dealers who take in all the chips, or the bank tellers who process all the cash. These positions are analogous to IT administrators who, while they don’t rank as high as the CEO in the organizational hierarchy, nonetheless hold the keys to the kingdom. So when a rogue government wants to find out who among their ranks is leaking information to foreign media, they don’t hack individual human-rights reporters or their bosses. They hack the network and email administrators at whichever publications revealed the worst of their transgressions.

According to a 2014 study from IBM and Ponemon, corporations pay an average $145 per record in a data breach, with an average total cost of $3.5 million. The overall cleanup cost of breaches for some of the US’s major retailers ranged from just over $4 million to more than $100 million. Lost revenue ranged from approximately $40 million to more than $1 billion. The study also revealed that more than 37 percent of data breaches involved a malicious or criminal attack; 35 percent concerned a negligent employee or contractor (the human factor); and 29 percent involved glitches that included both IT and business process failures.

Today’s IT infrastructure is disjointed and scattered
One of the biggest challenges facing PIM is an increasingly decentralized IT infrastructure. The number of exposed surfaces has multiplied from the days of a single onsite server to now include cloud servers, mobile devices, the Internet of Things (IoT) and offsite facilities such test labs and production centers. In fact, as more enterprises embrace the cloud, privileged accounts increasingly lie outside physical headquarters and belong both to internal IT and remote third parties such as contractors and vendors. Therefore it is no surprise that privileged accounts are easy and automatic targets for hackers and malicious insiders alike.

When it comes to securing all of the fragmented pieces of an enterprise network mosaic, challenges rise in four distinct pillars:

  1. Whereas in the past IT administrators operated under the radar for hackers, now they are prime targets
  2. Big Data and the decentralization of systems and infrastructure have vastly increased the scale of privileged accounts; they now span thousands of servers instead of one or two
  3. The consumerization of IT has spawned “Shadow IT,” which has multiplied privileged accounts even further
  4. The number of people who actually merit privileged access has increased, due to outsourcing and third-party vendors; in many cases even core IT is outsourced to a third party

It’s not just outsiders who have the potential to wreak havoc. Disgruntled insiders can cause damage as well. Consider the infamous case of San Francisco city employee Terry Childs, who was arrested after refusing to grant City Hall access to its own network. The system contained emails, payroll information, police records and a host of other sensitive data. Childs handed over passwords when his one condition was met, which was a private, jailhouse meeting with Mayor Gavin Newsom.

Complicating matters even further, not all insider threats are proactive. A 2014 data breach report from Verizon revealed that half of all IT vulnerabilities and security and operational issues were the result of user and administrator mistakes. In other words, accidental threats have the same potential as malicious ones to cause harm with data, infrastructure and reputations. More than ever, privileged accounts are central to the health and wellbeing of the enterprise and therefore must be carefully guarded.

Source: http://ift.tt/1JynVPw



from cyber security caucus http://ift.tt/1JynVz1
via IFTTT

Can Your Flight Be Hacked?

A tweet from a cybersecurity expert suggesting he could hack into an airline’s onboard system has officials downplaying vulnerabilities resulting from increasingly Internet-connected airplanes.

(TNS) — When it comes to security, airlines have never been known for their sense of humor.

That became particularly apparent this month to a cybersecurity expert who joked during a flight about hacking into a commercial airplane’s avionics computers through its wireless Internet system.It prompted a quick response from airlines, plane manufacturers and onboard Wi-Fi providers who insist that it cannot be done. Security experts say nothing is impossible.

The debate erupted after cybersecurity expert Chris Roberts, founder of One World Lab in Denver, sent a tweet while he was a passenger on a United Airlines flight suggesting he could hack into the airline’s onboard system to trigger the oxygen masks to drop.

When the plane landed in Syracuse, FBI agents were waiting to question him and confiscate his electronic devices, according to a statement from Roberts’ attorneys.

United Airlines also was not amused and banned Roberts from flying on the carrier.

Roberts’ tweet came a day after the U.S. Government Accountability Office released a report saying modern planes are increasingly connected to the Internet, opening the risk that hackers could access the aircraft’s avionics system. The GAO recommended more cooperation among federal agencies to study the threat.

United Airlines released a statement about Roberts saying “we are confident our flight control systems could not be accessed through techniques he described.”

Global Eagle Entertainment, a Los Angeles company that provides onboard Wi-Fi, entertainment and technology for 150 airlines worldwide, said it is not possible to hack into the airline’s avionics system through its Wi-Fi because the two systems do not share any wiring or routers.

Airline manufacturers Boeing Co. and Airbus both issued statements downplaying any hacking vulnerability. Still, the FBI and the Transportation Security Administration posted a notice to the nation’s airlines, warning them to be on the lookout for any “suspicious activity involving travelers connecting unknown cables or wires to the (in-flight entertainment) system or unusual parts of the airplane seat.”

The notice was first published by Wired magazine.

The FBI declined to elaborate, saying only that the agency “routinely provides information to private industry in order to help partner entities remain aware of observed or reported threats.”

Source: http://ift.tt/1zkJMGV



from cyber security caucus http://ift.tt/1PT3Fsl
via IFTTT

Lynch vows cyber focus at DOJ

Cybersecurity got prominent mention during Attorney General Loretta Lynch’s swearing-in ceremony on Monday.

The issue is expected to consume a significant portion of Lynch’s tenure at the head of the Department of Justice (DOJ), which has been struggling to combat the rapid rise of remote hackers and potential cyber terrorists.

In closing her speech after officially becoming DOJ head, Lynch outlined several goals she thinks the department should pursue.

“We can protect the most vulnerable among us from the scourge of modern-day slavery — so antithetical to the values forged in blood in this country,” she said. “We can protect the growing cyber world. We can give those in our care both protection from terrorism and the security of their civil liberties.”

Lynch has been lauded for her background battling cyber crime as a federal prosecutor in New York. While promoting her nomination, Lynch’s supporters repeatedly pointed to a successful prosecution of eight New York-based members of an international cyber crime ring that hacked bank accounts and emptied $45 million from ATMs around the world.

“She has actually prosecuted so many of these cases and she knows what this is like,” Senate Intelligence Committee ranking member Dianne Feinstein (D-Calif.) told The Hill in February. “She knows the agenda, she knows the viciousness.”

Senators hammered on the growing cyber threats during Lynch’s at-times combative confirmation hearing.

On cyber, however, lawmakers on both sides of the aisle came away impressed.

“I think she’s very sincere, really good background, I think she’s a tough prosecutor and on the cyber threat, her answer was excellent,” Sen. Lindsey Graham (R-S.C.), who pressed Lynch on cyber terrorism during the hearing, told The Hill afterward.

It’s expected Lynch will play a pivotal role in reshaping the DOJ’s approach to cybersecurity.

During her tenure, Lynch’s department will work to clarify vague legal definitions for digital crimes, prosecute and capture elusive foreign cyber crooks, and help decide how the National Security Agency’s (NSA) surveillance programs might be reformed.

In recent months, the DOJ has already taken some initial steps to refocus its cyber crime approach.

In late 2014, the agency reorganized its national security division and U.S. attorneys offices to make cyber threats a greater priority. It also launched a dedicated cybersecurity unit within the criminal division.

But Lynch will still have to determine exactly what role the DOJ plays in a cluttered cyber field at the federal level.

The FBI, Secret Service and Department of Homeland Security all play a role in cyber investigations. The NSA even steps in from time to time.

Sen. Sheldon Whitehouse (D-R.I.) raised the overlapping jurisdictions as a point of concern during Lynch’s hearing. Lynch vowed to help delineate her agency’s role if confirmed.

On Monday, Lynch reaffirmed her commitment.

“I cannot wait to begin that journey,” she said.

Source: http://ift.tt/1GtddU4



from cyber security caucus http://ift.tt/1Ik18VW
via IFTTT

Cybersecurity, transportation policy and more discussed at Providence Chamber event

WARWICK, R.I. — Along with apple pancakes, sausage and fruit cups, some 500 Rhode Island business leaders got helpings of cybersecurity, transportation policy and patent control at the Greater Providence Chamber of Commerce’s annual Congressional breakfast Monday morning.
Senators Jack Reed and Sheldon Whitehouse and Representatives James Langevin and David Cicilline fielded questions from Chamber president Laurie White and several preselected members of the audience.
Barbara Cottam, executive vice president of Citizens Financial Group, asked the legislators about the prospects of a bill dealing with cybersecurity and consumer protections being passed soon.
“There’s no perfect solution to cybersecurity,” Langevin told the crowd. “We will never solve cybersecurity.”
But, he continued, leaders in Congress are moving toward a bill that would require companies to notify consumers if their information had been compromised during a data breach.
“We need to do that as soon as possible,” he said, adding that it seemed that a limit of 30 days from the breach was becoming the consensus.
“The average American is blissfully ignorant of the threat cyber presents,” Whitehouse said. “This is really a big deal.”
He called digital industrial espionage the “biggest illicit transfer of wealth in human history.”
Langevin put numbers to the threat: $400 billion a year world wide, including money lost through hacking bank and credit card accounts. Of that $400 billion, $100 billion affects U.S. companies and citizens.
Cicilline underscored the business concerns that weigh on legislators as they consider cybersecurity legislation: how much should Congress require businesses do to prevent data breaches and how severe should the penalties be in the case of a breach.
In response to an audience question about T.F. Green Airport, Reed said leaders had to look beyond projects such as extending the Green’s main runway, a project already underway and expected to finish in 2017, to find ways to make Rhode Island’s main airport more competitive. As an example, with the longer runway, which allows planes to take off laden with more fuel to reach farther destinations, Green could become a gateway to America for European travelers if Amtrak added stops at the airport train station.
“We have to not sit back and say, ‘They’ll come.’ We have to go out and get them,” Reed said.
On patents, the Congressional delegation addressed the growing abuse of “demand” letter abuse, in which someone falsely claims a business has infringed on that person’s patent. Although such demands can be obviously false, many businesses will pay to license the patented technology, rather than pursue costly litigation.
Whitehouse said legislators generally agree such letters should be stopped, perhaps by making false demand letters an unfair trade practice. But the danger is that, once patent reform is opened, a wide range of parties want to add their interests to the legislation, increasing the chances of the bill stalling.

Source: http://ift.tt/1dmqOpa



from cyber security caucus http://ift.tt/1ENFHgn
via IFTTT

RSA Conference 2015: Cybersecurity industry growth requires collaboration and skilled talent

US goes on offensive with new cyber security policy

Defensive stance an insufficient deterrent

The United States armed forces have released a new cyber strategy that aims to integrate offensive options to strike back at adversaries’ networks.

In the plan released last week, the US Department of Defense said the more aggressive stance could mean offensive cyber operations are conducted against foes.

The DoD believes offensive options will be a more effective deterrence against hostile cyber actions than a defensive posture, and could be used to manage escalations during conflicts with other nations.

“During heightened tensions or outright hostilities, DoD must be able to provide the President with a wide range of options for managing conflict escalation. If directed DoD should be able to use cyber operations to disrupt an adversary’s command and control networks, military-related critical infrastructure, and weapons capabilities,” the fourth strategic goal of the report [pdf] states.

In an earlier speech this year, detailing the development of the new cyber strategy, Secretary of the DoD Ash Carter, promised more transparency around the cyber missions.

Carter also said his department would operate under rules of engagement that comply with international and domestic laws.

By 2018 the US military wants to have 133 cyber mission teams ready. Rolled into the Cyber Mission Force (CMF), the teams will be tasked with defending the DoD networks, US national interest and infrastructure, and to support the country’s armed forces in conflicts.

The capacity of the CMF will be assessed by the US Cyber Command, which leads the country’s digital warfare capabilities.

As part of the implementation of the new cyber strategy, the report recommends maintaining a persistent training environment for staff, along with viable career paths. This includes recruiting civilian personnel as well as drawing on the US National Guard and the Reserves of the armed forces.

Technology and know-how exchange programs with the private sector are to be developed and implemented by the DoD, which will also roll out policies to support the US National Initiative for Cybersecurity Education scheme in educational institutions.
Read more: http://ift.tt/1bzXcDs



from cyber security caucus http://ift.tt/1bzXb2s
via IFTTT

Five Ways to Reduce the Cost and Complexity of Cyber Security

If it seems there are more cyber-security breaches in the news recently, there’s a reason. The volume of breaches grew at an alarming 48 percent in 2014, according to a recent global study by PwC. The study also found that total financial losses from security breaches increased 34 percent during 2013. One of the most staggering findings was that the number of organisations reporting financial losses over $20 million as the result of a cyber-attack grew by 92 percent over the previous year.

How do we explain these disturbing figures?

First and foremost, it is now dramatically cheaper and easier for a cybercriminal to launch an attack than it is for an organisation to defend against one. It is cheaper than ever for hackers to purchase ready-made attacks, rent botnets and even buy complex malware as a subscription services—complete with 24/7 customer support! Because cyber-criminals are able to effectively execute their plans and make money at it (without much fear of getting caught) the trend will only accelerate.

The impact on organisations of all sizes is severe. Ironically, while the cost of committing cyber-crime has never been lower, it is getting substantially more complex to ensure an adequate security posture, and the costs of cyber security are mounting at an unprecedented pace.

Large enterprises may be able to afford a sophisticated security-in-depth architecture and teams of experts. However, organisation with limited budgets—small and mid-size businesses (SMBs), schools and local governments—must often make a perilous trade-off between quality of protection and overall cost.

Fortunately, there are key steps every organisation can take to improve their overall security without breaking the bank. We’ve identified five ways to build an enhanced security posture, while significantly reducing cost and operational complexity.

1.Reduce Deployment Complexity and Cost

Security products have traditionally been offered as hardware appliances that are installed within an organisation’s network. However, on premise security products are notoriously costly, time consuming and complex to procure and deploy. The cost of the hardware is actually just the tip of the cost iceberg: data centers, power, bandwidth, software and the specialised labor resources and time required to install, configure, and maintain these complex products add substantially to the overall cost equation.

It’s time to take a closer look at cloud-based solutions as well as hosted services offered by managed service providers (MSPs). Cutting down on hardware deployment and configuration tasks means the IT team can spend more time on meaningful security tasks—assessing, monitoring, and remediating issues in real time.

2.Eliminate On-Going Management Headaches

IT organisations are faced with an overload of security point products from multiple vendors. These products are typically impossible to integrate with each other, requiring substantial daily administration and dedicated IT resources. Servers must be internally monitored and managed, and frequently upgraded and patched. In addition, the lack of integration results in dangerous limitations in security visibility, weakening the overall security posture.

When faced with such daunting financial and staffing requirements, many companies bury their heads in the proverbial sand, hoping against hope that they won’t be breached. Security solutions must be more accessible, with easy set-up, automatic updates, flexible pricing models, and comprehensive coverage from a single vendor.

3.Improve Security Posture

Perimeter-focused, inflexible, stuck-in-silos security approaches are no longer a sufficient defense. IT teams don’t have the time or resources to address each threat vector in isolation; they need to maximise the effectiveness and efficiency of every IT dollar they spend. Integration, automation and flexibility are imperatives if companies hope to detect and remediate enough critical vulnerabilities to stand a chance against cybercriminals.

In an interconnected world, organisational boundaries are fluid and vulnerabilities are shared. Supply chains, third party vendors, and outsourced services all introduce potential entry points for bad actors. The more visibility IT has across the organisation, the easier it is to prioritise the protection of valuable assets, identify and fix gaps in coverage, enforce usage policies, and continuously monitor for unexpected activity.

A strong security posture is not only important because it protects your employees, customers, data, IP, and infrastructure. It also protects your partners; more and more it is a prerequisite for doing business with large enterprises. Many government regulations, industry compliance mandates, and insurance audits include security-related parameters. As everyone from suppliers to customers becomes more security-conscious, building confidence in your security status creates sustainable competitive advantage.

4.Keep Users Protected At All Times

On-premise security products were designed to defend the network against external attack. This was all very well when users, corporate applications and data operated from behind the corporate firewall and stayed there. However, those days are long gone.

In the era of BYO, organisations are concerned about employees and guests connecting to the corporate network from their personal mobile devices, accessing corporate data stored in public cloud applications, and working remotely while connected to public Wi-Fi. The potential attack surface has expanded from being the corporate network perimeter, which was challenging enough to protect, to encompassing a completely unbounded environment of personal devices, public network infrastructure, mobile and cloud applications, and service providers. In this scenario, multi-billion dollar legacy investments in perimeter security now offer little to no value.

5.Stretch Your Cash Flow

Even though the security landscape is getting more complex and the cost of traditional security protection is increasing, most IT departments are faced with flat budgets and rising demands on limited resources. The total cost of a cloud security solution is typically much lower than an on premise alternative. The difference in payment models between on premise products and cloud services amplifies the financial benefits of the cloud approach. Per-user pricing models, typical of cloud-based services, make it easier to scale in response to market fluctuations or rapid business growth.

On-premise security products are typically funded out of capital expense (CapEx) budgets. For example, a hardware product costing $30,000 would need to be paid upfront and then would be amortised as an accounting expense, typically over a period of three years. Contrast that with a cloud solution priced (for the sake of illustration) at $10,000 per year, funded out of the operating expense (OpEx) budget.

Although the annual expense impact on the company’s profit and loss in both scenarios would be the same –$10,000—the hardware product requires $30,000 of cash to be used upfront, whereas the cloud solution only requires $10,000 per year. Not only does the cloud service make better use of the organisation’s cash but, unlike a static hardware appliance, the cloud service is continually updated with the latest technology. In fact, chances are that the hardware appliance will need to be replaced much sooner than the three years over which the initial expense is amortised – at which point the organisation would be faced with another $30,000 expense!

This is one of the key reasons that so much technology spending is moving from on premise to cloud services. Categories such as sales force management, accounting, data storage, document management and telephony have made this switch. Over the next couple of years we will see security undergo a similar paradigm shift, as the multifaceted benefits of cloud-based solutions prove their merits.

Looking Forward

The more things change, the more we need to be ready for it. There’s not much in the digital realm that stays the same, and that goes for digital crime, too. Everything about the way we work, play, shop, and communicate online is in a state of flux. Technology innovation seems to happen at warp speed these days; security products and services have to find a way to keep pace. Cloud technology is proving indispensable to meeting these challenges.

Multi-layered, cloud-based security services will play a huge role in the very necessary democratisation of security solutions. In order to make true cyber security accessible to all types and sizes of organisations, deployment and maintenance must be vastly simplified. Cloud-based security solutions directly address business and government needs for safer data, protected customers and partners, and reduced risk exposure. The best of these solutions should also deliver on the promise of reduced costs and complexity, relief from regulatory headaches, improved agility, and the opportunity to focus more energy and time on building sustainable and successful businesses.

Source: http://ift.tt/1HNMLbU



from cyber security caucus http://ift.tt/1Ab95pI
via IFTTT