How to improve international cyber-security

THE VAST stores of digital information generated by everyday lives—communications data, CCTV footage, credit-card records and much more—are now yielding invaluable clues about the terrorist attacks in Paris and are helping guide the hunt for the surviving plotters. But prevention is better than cure. The attacks have highlighted the failure of the authorities to share information across borders and agencies. How can this be improved?

Each government sets different rules for what data may be looked at, by whom and with what authority. This is partly due to politics (Belgium has numerous squabbling police forces); and partly because of legal restrictions—the European Parliament takes privacy extremely seriously, as does the German government. Many Europeans fear that any data shared with America will be snooped on by spy agencies. The attacks also reignited a long-running debate about encryption—encoding messages such as e-mails, in ways that even government intelligence agencies cannot break (it is easy to make a code, even with an ordinary computer, and much harder to break it). There is no proof, however, that the Paris attackers used encrypted communications. They seem to have mostly communicated by sending innocuous-seeming messages over regular mobile phones. Banning encryption, or forcing companies to weaken the services that they provide, would be ineffective: there are plenty of free encrypted-messaging services available. It would also be misguided: for security against the huge wave of cybercrime now afflicting individuals, businesses and governments, we should be using more and better encryption, not less and worse. For the full article click here 

from cyber security caucus http://ift.tt/1lTHpox
via IFTTT

A third of Singapore firms lack confidence in their ability to detect cyber attacks: survey

SINGAPORE – At least a third of Singapore organisations lack confidence in their ability to detect cyber attacks, going by a recent survey on Monday.

This is in line with the global figure, which stands at 36 per cent.

The annual survey, conducted by financial services consulting firm EY, also found that a large 56 per cent of the Singapore respondent believe their IT security budgets should be increased by up to 50 per cent to align their organisation’s need for protection with its management tolerance for risk. For the full article click here 

from cyber security caucus http://ift.tt/1OzhrQB
via IFTTT

Data breach at Hong Kong toy maker VTech highlights broader problems

The theft of toy maker VTech Holdings Ltd’s database highlights a growing problem with basic cyber security measures at small, non-financial companies that handle electronic customer data, industry watchers said on Monday.

The hacked data at VTech included information about customers who download children’s games, books and other educational content, the Hong Kong-based toy maker said. The breach also included information relating to children.

As more devices are connected to the Internet and as companies increasingly collect personal information about their customers, such attacks are expected to increase.

“Smaller companies might be targeted less often, but the implications … can be just as serious,” said the chief technology officer of cyber security firm FireEye Bryce Boland. “As larger companies implement stronger security measures, smaller companies become relatively easy targets for cyber crime.” For the full article click here 

from cyber security caucus http://ift.tt/1NDhM7R
via IFTTT

China and US hold cybersecurity talks

China and the United States on Sunday began the first ministerial-level talks on cybersecurity, acting upon agreements made during President Xi Jinping’s first official US visit in September, Beijing Times reported.

Guo Shengkun, Minister of Public Security, is in Washington for bilateral talks on combating cyber crime, as well as co-chairing a meeting with US Homeland Security Secretary Jeh Johnson.

The talks will be the first such meetings between the two since talks last year were suspended after the US charged five Chinese military officers with hacking. For the full article click here 

from cyber security caucus http://ift.tt/1NDhNss
via IFTTT

Michigan Small Business Development Center to host cybersecurity workshop

The Michigan Small Business Development Center, housed at Grand Valley State University, will host a workshop called “Small Business, Big Threat” from 8:30 to 10:30 a.m. Dec. 4 at the L. William Seidman Center, Pew Grand Rapids Campus, 50 Front Ave., Grand Rapids.

The workshop will address several security issues, including cybersecurity best practices, protecting company information, mobile security, password practices, buying and selling online and handling a security breach.

Participants are asked to complete a cybersecurity assessment provided by the MI-SBDC to determine if their company is at risk. The assessment is designed as a learning tool to increase understanding and preparation for managing business security risk. For the full article click here 

from cyber security caucus http://ift.tt/1IfEyjE
via IFTTT

Cybersecurity Expert Melissa Hathaway Explains The Threats Of A Ubiquitous Internet

For the past quarter century, communications technology has evolved and grown the point where practically every business, service, and family platform is connected to the internet.

But that interconnectivity was approached from a from a commercial development approach, according to cybersecurity expert Melissa Hathaway. That means the first-to-market, free market approach means security and resilience weren’t concerns as the internet was embedded in critical infrastructure.For the full article click here 

from cyber security caucus http://ift.tt/1MW9BOp
via IFTTT

Fed up with OPM cybersecurity

Oh, the irony! I just received my letter from the Office of Personnel Management (OPM), as one of the more than 20 million federal employees whose personal data was exposed in the agency’s data breach in June. OPM offered two years of credit and personal data monitoring though a contractor-administered program called “MyIDCare,” in an attempt to mitigate data exploitation.

I registered on OPM’s cybersecurity site for MyIDCare Protection. Two days later, I tried to access my account online, but it was locked; the only option available to unlock the account was to call the contractor. The technician asked for my name, Social Security number and the answer to one of my security questions, over the phone. I asked if that was even safe, and whether account verification could be done on a secure Web site. For the full article click here 

from cyber security caucus http://ift.tt/1IoLLc7
via IFTTT

Buyer Beware: Protect Yourself While Holiday Shopping

It’s no secret that Holiday 2015 shopping is in full swing. In fact, the nation’s transition from pumpkin to peppermint felt so much faster this year, many a Facebook feed near me growled and bemoaned the early onset of the holiday season.

That said, we all have shopping to do and during the mad rush, scams abound. It’s easy to see how the sensible, commonplace everyday security measures may fall through the cracks as we seek to make our lists and check them twice. Worse still, as hackers get slicker and more sophisticated, personal information hacks now go far beyond random entities calling, posing as our health care provider and randomly asking for a social security number.

We reached out to a few experts to see what they recommend for consumers. Here are some tips to protect yourself and your accounts during your holiday mad dash. For the full article click here 

from cyber security caucus http://ift.tt/1IoLLc3
via IFTTT

City of Ottawa faces ‘significant’ cyberattack risk, Auditor General Ken Hughes finds

City hall is facing a “significant” risk of cyberattack and security breaches if it doesn’t improve the way it responds to information technology issues, Ottawa’s auditor general is warning.

In his annual report tabled Thursday, Ken Hughes pointed out a number of potential holes in the city’s IT network.

For one, the city lacks a full inventory of all the programs and networks being used by its many departments, Hughes said. Some of those departments have installed cloud-based applications without the IT department being told, he added.

As well, there are city staff with “little or no technical training” responsible for identifying technological risks and coming up with strategies to handle them, said Hughes. For the full article click here 

from cyber security caucus http://ift.tt/1Xv9oqp
via IFTTT

PUSD MET Professional Academy students compete in cyber defense competition

Peoria Unified Medical, Engineering and Technology (MET) Professional Academy Cybersecurity and Technology students began training for the Air Force Association’s CyberPatriot Program, the nation’s premier Cyber Youth Education Program that seeks to promote Science, Technology, Engineering and Mathematics (STEM) opportunities through an annual cyber defense competition and other educational initiatives.

Nov. 13, junior and seniors from the MET Cybersecurity and Technology Department competed in the first round against similar teams across the country. Students had from 11:30 a.m. to 5:30 p.m. to complete the first round of the competition, which concentrates on Windows and Linux system administration.

While the two MET Cybersecurity teams did not make the top three spots, one of the teams still made the Open Division cutoff for the Platinum tier. This means it has the potential to make it to nationals. This tier consists of the top 30 teams in the North Continent. The other team made it to the Gold tier. For the full article click here 

from cyber security caucus http://ift.tt/1Xv8qdF
via IFTTT

Cybercrime and cybersecurity bill – stop the ANC government from breaking the Internet

The government published the Cybercrimes and Cybersecurity Bill (CAC) draft for public comment on 28 August, proposing a number of measures to combat computer-related crimes in South Africa.

Its broad approach to information and communication technology crimes was roundly criticised, with the Electronic Frontier Foundation weighing in on the copyright infringement portions of the bill.

Columnist Ivo Vegter recently wrote an article for the Daily Maverick on the matter, titled Government is breaking the Internet.

In the column he highlights the following problems with the bill: For the full article click here 

from cyber security caucus http://ift.tt/1Xv8pXh
via IFTTT

Hacking Health Care: When Cybersecurity Can Mean Life or Death

Millions of Americans rely on implantable medical devices to stay alive. These battery-operated devices communicate through wireless transmissions — and can be hacked like any other wireless device. For example, a wireless pacemaker regulates a person’s heartbeat and records the heart’s activity, and then transmits this information to doctors who can reprogram the pacemaker. The interconnectivity between medical devices and clinical systems leaves wireless medical devices vulnerable to security breaches.  For the full article click here 

from cyber security caucus http://ift.tt/1PRKja0
via IFTTT

OIG Identifies IT Security Issues Following OPM Data Breach

OPM’s IT security protocols are still underperforming, even in the healthcare data category, an OIG audit report shows.

Following the massive data breach at the Office of Personnel Management (OPM) earlier this year, the Office of the Inspector General (OIG) has released an audit report detailing several IT security issues at the agency.

Although the data breach prompted OPM to perform an overhaul of its IT security protocols, OIG still found considerable gaps in security, including in healthcare data security.

Although the OPM data breach included more than just health information, the OIG audit report shows a need to increase security for health information. For example, OIG found that healthcare and insurance information was one of seven categories that failed a security control testing metric.

Furthermore, healthcare and insurance is one of several categories that have overdue Plans of Action and Milestones (POA&Ms). OIG emphasized the urgency of OPM’s need to renew the systems’ POA&Ms.

Healthcare and insurance systems also failed to update their contingency plans, which are required plans according to the OPM handbook.

“Contingency Plans shall be reviewed, updated, and tested at least annually to ensure its effectiveness,” the handbook says.

Read more , Click Here

from cyber security caucus http://ift.tt/1NR0Tkm
via IFTTT

Federal Insecurity

SECURE THINKING BY TOM KEMP

Months after the devastating Office of Personnel Management (OPM) hack came to light — in which 21.5 million personnel records were stolen — the Government Accountability Office (GAO) has issued a report on the extent that US Federal Government is experiencing breaches. The report revealed that the number of security incidents impacting Federal agencies has grown from 5,503 in 2006 to 67,168 in 2014 — a massive 12x increase in 8 years — and that the US government is looking to hire 10,000 cyber professionals in the next year. In this blog post I will go over some of the highlights of the report and some of the short-term fixes being implemented.

So what are the threats facing the US Government? The Feds list out bot-network operators, criminal groups, hackers and hacktivists, malicious insiders, other nations and terrorists. In other words, not a trivial list of adversaries.

And what techniques or exploits are the bad guys using? You name it, they are facing it: cross-site scripting, denial of service attacks, malware, phishing, passive wiretapping, spamming, spoofing, SQL injection, war driving and zero-day exploits. Basically everything is being thrown at our government systems.

The net result is a 1121% increase in 8 years in security incidents that government knows about.

The GAO has quantified the five challenges that Federal agencies must address:

1. limiting, preventing, and detecting inappropriate access to computer resources;
2. managing the configuration of software and hardware;
3. segregating duties to ensure that a single individual does not have control over all key aspects of a computer-related operation;
4. planning for continuity of operations in the event of a disaster or disruption;
5. implementing agency-wide security management programs that are critical to identifying control deficiencies, resolving problems, and managing risks on an ongoing basis.

And those challenges were fairly consistent across the 24 agencies of the US Government:

For More , Click Here

from cyber security caucus http://ift.tt/1QJdEna
via IFTTT

Dell Computers Have Another Scary Security Hole

It lets hackers snoop on users’ encrypted Internet traffic

Just as the PC maker addresses a glaring security problem on its computers, another equally bad one surfaces.

Dell’s newest vulnerability, much like the previous one, involves the company installing a self-signed security certificate (a digital credential that authenticates websites) alongside a private key (which sort of serves as a password) on its customers’ computers. The combination, when met with a little reverse engineering, allows any technically savvy attacker to snoop on users’ encrypted Internet traffic, or to steal their sensitive information.

According to a Dell spokesperson, anyone who used the “detect product” function on the company’s support site for the month spanning between Oct. 20 and Nov. 24 is likely affected. For the full article click here 

from cyber security caucus http://ift.tt/1MEJeyg
via IFTTT

Equiniti looking to test biometrics technology for cyber security

November 25, 2015 –

Technology, finance and administrative services firm Equiniti announced it has partnered with the Centre for Secure Information Technologies (CSIT) in Belfast, which is the UK’s lead university center for cyber security technology research.

In partnering with the organization, Equiniti said is particularly interested in testing some of the biometric technologies being developed at CSIT.

One of CSIT’s key areas of technological development is intelligent surveillance systems which rely on face-recognition technology, including audio-visual gender profiling and multi-camera people tracking in 3D.

Equini said that these biometric technologies could offer a number of applications across its own business services to boost efficiency and reduce the chance of fraud. For the full article click here 

from cyber security caucus http://ift.tt/1MEJc9C
via IFTTT

Cybersecurity experts warn about ModPOS malware aimed at retailers

Just as millions of Americans are steeling themselves for the holiday shopping season, cybersecurity researchers are warning about a stealthy malware aimed at stealing credit card and debit card numbers from retailers.

Cybersecurity firm iSight Partners revealed research about the malware, dubbed ModPOS, which the company says is largely undetectable by current antivirus scans. The firm declined to name specific victims of the threat, but it said its investigation uncovered infections at “national retailers.”

The revelation comes as the retail industry is reeling from a wave of breaches uncovered since Target was hit during the 2013 holiday season. For the full article click here 

from cyber security caucus http://ift.tt/1XhRlck
via IFTTT

5 facts about the state of cybersecurity for the holiday season

consumers during the rest of the year to having their personal information breached, but during the flurry of end-of-year gift buying, shoppers are reminded to stay aware about fraud, said the chief executive officer of the nonprofit Identity Theft Resource Center.

Identity theft and breaches exposing personal and financial information remain at high levels, said Eva Velasquez, CEO of California-based Identity Theft Resource Center, which tracks reported data breaches and offers free assistance to identity theft victims. For the full article click here 

from cyber security caucus http://ift.tt/1MSXjX3
via IFTTT

Brussels to Make Cybersecurity Better

After a number of raids over the weekend, Brussels is still in high alert for terrorist activity. In an effort to find terrorists involved in the Paris attacks, the danger level for the city and the surrounding area continues to be at its highest, suggesting that the threat of an assault still significant.Brussels stays in lockdown with the metro service closed for a fourth day, along with schools and universities. Some companies in the location are recommending personnel to avoid going to work. It is most likely that visitor attractions will certainly be shut, or swarmed with home security employees. It was expected that the city, and many of its tourist attractions, would go back to business today, but the alert remains in place. It is anticipated some parts of the local area will resume labor tomorrow. For the full article click here 

from cyber security caucus http://ift.tt/1PNMLOL
via IFTTT

Cramer: Top winner in red-hot cybersecurity

One year after the large hack heard around the world for Sony, Jim Cramer sees most cybersecurity stocks struggling. But there is one best-of-breed cybersecurity play that has made a comeback, and Cramer has crowned it as the winner — Palo Alto Networks.

“I know a lot of people have been saying ‘yeah, yeah, sure, sure’ about Palo Alto because it is not yet profitable, but I think some very big free cash flow projections will ameliorate that concern,” the “Mad Money” host said.

Palo Alto reported earnings on Tuesday, and confirmed a stunning 61 percent billings growth year over year, and a 71 percent increase in deferred revenue. Cramer interpreted those numbers as meaning that, down the road, the profits will be there for Palo Alto. For the full article click here 

from cyber security caucus http://ift.tt/1N7n2tU
via IFTTT

Cybersecurity researchers warn of new, stealthy malware to steal card data

Just as millions of Americans are steeling themselves for the holiday shopping season, cybersecurity researchers are warning about a stealthy malware aimed at stealing credit card and debit card numbers from retailers.

Cybersecurity firm iSight Partners on Tuesday revealed research about the malware, dubbed ModPOS, which the company says is largely undetectable by current antivirus scans. The firm declined to name specific victims of the threat, but it said its investigation uncovered infections at “national retailers.”

The revelation comes as the retail industry is reeling from a wave of breaches uncovered since Target was hit during the 2013 holiday season. For the full article click here 

from cyber security caucus http://ift.tt/1PNMMC9
via IFTTT

Back UK fintech & cybersecurity: 5 tech demands for the Autumn Statement

News: EMC, SAP and others explain what they want from George Osborne.

As UK Chancellor of Exchequer George Osborne prepares to deliver another Autumn Statement, the tech sector gives CBR its views on what it would like him to say.

1. Time to back public sector tech

James Norman, UK Public Sector CIO, EMC, said:

“The sheer growth of digital citizen services has been astounding and the Government needs to understand the demand and expectations of the ‘information generation’.

Our recent ‘Future of Government Digital Services’ report found that over half of 18-34 year olds want more online services in business support, whilst businesses are losing an average of 33 working days a year as a result of inadequate online resources.

” In a world where ‘uberisation’ has become the buzzword of the year and companies like Airbnb are redefining the standards of customer service, government needs to see technology as not a costly disruptive influence but a fundamental tool to help better engage businesses and citizens. For the full article click here 

from cyber security caucus http://ift.tt/1N7n2tQ
via IFTTT

New York Department of Financial Services (NYDFS) Letter: “Potential” Cybersecurity Regulations for Insurers

On November 9, 2015, the New York Department of Financial Services (NYDFS) issued a letter that describes what insurers can expect from the Department’s ongoing assessment of cybersecurity measures. The letter parallels concerns raised in NYDFS’s February 2015 report, which noted low levels of CEO attention to cybersecurity issues and high levels of information sharing with third-party service providers.

The letter lists eight areas where “potential regulations” would set specific requirements. Given the Department’s concern for the security of consumer information held by large insurance entities, it is unlikely that this letter is merely a general statement of areas the Department is considering regulating. More likely, the eight areas analyzed below preview regulatory provisions in the works.

Cybersecurity Policies and Procedures: The Department outlines an extensive 12-point list of subject areas they expect to be addressed by entities’ cybersecurity policies and procedures. These include:

(1) Information security
(2) Data governance and classification
(3) Access controls and identity management
(4) Business continuity and disaster recovery planning and resources
(5) Capacity and performance planning
(6) Systems operations and availability concerns
(7) Systems and network security
(8) Systems and application development and quality assurance
(9) Physical security and environmental controls
(10) Customer data privacy
(11) Vendor and third-party service provider management
(12) Incident response, including setting clearly defined roles and decision-making authority

Though large insurers already have many of these policies and procedures in place, this list becomes more onerous when read in conjunction with Section 5. Section 5 states that “[e]ach covered entity would be required to maintain and implement written procedures, guidelines, and standards reasonably designed to ensure the security of all applications utilized by the entity.” If this formulation is preserved in the final regulations issued by NYDFS, it would be insufficient for insurers to merely implement these policies and procedures. Rather, they would also have to meet a standard of reasonableness in that implementation. As discussed in Section 5, this may prove challenging. For the full article click here 

from cyber security caucus http://ift.tt/1lffWx9
via IFTTT

FDIC Offers Additional Cybersecurity Resources

The FDIC today updated its suite of cybersecurity resources with additional online educational tools to help bank executives and directors address the growing threat of cyber crime. The new resources include two new cybersecurity awareness videos aimed at bank directors. The videos give an overview of the current threat environment and provide information on how banks can effectively adapt information security programs to respond to cyber threats while using the regulators’ Cybersecurity Assessment Tool.

The FDIC also added three additional vignettes — ransomware, ATL malware and DDoS as a smokescreen — to its online “Cyber Challenge,” a voluntary tool designed to encourage discussion among bank management about operational risk by responding to hypothetical scenarios. For the full article click here 

from cyber security caucus http://ift.tt/1lffWx3
via IFTTT

SIFMA Says Its Cyberattack Drill Was Successful, but More Action Is Needed

Just-released findings from the Securities Industry and Financial Markets Association’s Quantum Dawn 3 cybersecurity testing exercise show that while financial institutions and government agencies are making strides in instituting cybersecurity measures, more needs to be done.

More than 650 participants from 80-plus financial institutions and government agencies participated in SIFMA’s Quantum Dawn 3 cyber exercise on Sept. 16 including the Treasury Department, Department of Homeland Security, FBI, federal regulators and the Financial Services Information Sharing and Analysis Center (FS-ISAC). For the full article click here 

from cyber security caucus http://ift.tt/1R2QeIB
via IFTTT

5 ways the U.S. government can get security right

First there was the situation with Hillary Clinton’s official email, some of which was stored on a private server. In May, the IRS disclosed the theft of information on more than 100,000 Americans. And in June, the records of more than 21 million people — including Social Security numbers, birthdates and security-clearance information — were stolen from the Office of Personnel Management, making it one of the largest breaches in U.S. history.

And these security incidents are just the tip of the iceberg.. A survey this spring of 1,800 federal information security professionals revealed that the government’s security posture hasn’t improved over the past two years. Another recent survey found that the biggest threat to federal cybersecurity is the “negligent insider,” followed by zero-day attacks, mistakes by government contractors and then failure to patch known vulnerabilities. And the Government Accountability Office published data on Sept. 29 that found 15 to 24 federal agencies had persistent weaknesses in cybersecurity in 2013 and 2014. For the full article click here 

from cyber security caucus http://ift.tt/1NMNHN8
via IFTTT

Towns to combine Internet access

The government plans to ask municipal governments across the nation to consolidate their Internet access in prefectural blocks, as part of measures against cyber-attacks targeting the local governments, which manage information in the My Number identification system.

Municipal governments differ in the level of their measures to counter cyber-attacks, so the central government aims to raise the standard to enable them to quickly react to such offensives. The central government will ask the municipal authorities to take actions to that end next fiscal year.

Municipal governments use the Internet for such purposes as operating their websites, collecting information and accepting applications from residents for tax payment certificates. Each government manages the servers it uses to access the Internet and takes its own cybersecurity measures.

However, some municipal governments have not been able to secure staff with expert knowledge or experts in information cybersecurity. The governments also do not sufficiently exchange information with each other. For the full article click here 

from cyber security caucus http://ift.tt/1QDlzSO
via IFTTT

Pendulum swings to security

Europe is quickly reassessing its approach to gathering and sharing intelligence a week after terrorist attacks in Paris that killed 130 people.

The violence appears to have tilted the balance toward security and away from privacy, reviving legislation that would expand Europe’s surveillance capabilities.“My sense on the ground is that people are horrified and almost overnight, the public sense is much more, ‘Those bastards, whatever needs to be done to stop that has to be done,’” said Emily Taylor, an associate fellow at the London think tank Chatham House. “That’s a moment where the hawkish approach can carry the day.”

The shift mirrors a similar hardening of attitudes in the United States, where lawmakers have rushed to support stricter security controls and greater access to civilian data in response to the attacks.

Privacy is considered a fundamental right under the EU Charter, and public revulsion in Europe with U.S. surveillance programs unveiled by Edward Snowden shifted sentiment solidly in favor of personal liberties. For the full article click here 

from cyber security caucus http://ift.tt/1XkMMJ6
via IFTTT

Cybersecurity Expert: I’d Rather Hack Amazon Than Microsoft

It seems Amazon may be the more favored site for hackers now and no longer Microsoft. At least that’s just how Bryan Seely, a cybersecurity consultant based in Seattle, sees the situation now in the realm of cybersecurity.

In an interview with the Puget Sound Business Journal, Seely asserts that with cloud technology, Microsoft storing user’s data is like Fort Knox opening safety deposit boxes but Microsoft needed to prove the data is safe.

That proof would be the company’s new Redmond-based Cyber Defense Operations Center, a facility that serves to connect security experts who monitor threats with security partners, governments and enterprise customers. In addition, Microsoft is also building a new security group dedicated to large-scale enterprise customers to boost security. For the full article click here 

from cyber security caucus http://ift.tt/1MMvAXK
via IFTTT

How to safeguard yourself from cyber-risks of the future

As cybercrime is constantly on the rise businesses and individuals need to be well informed in order to protect themselves.

Companies need to focus oncybersecurity education for staff, implement mature, multi-layered Endpoint protection with extra proactive layers. Although it’s a no brainer companies still don’t regularly patch vulnerabilities early and often in order to affect usability, if companies decide to automate the process, they will experience a few changes every once in a while but will be much better protected. Companies also fail to notice the importance of securing everything that is mobile. Communications must always be encrypted and protection should enabled wherever possible. For the full article click here 

from cyber security caucus http://ift.tt/1Ob8Oxr
via IFTTT

DHS bulking up civilian agency cybersecurity

The Department of Homeland Security is embarking on an “aggressive” timetable to secure civilian networks in response to the cyber attack on the Office of Personnel Management.

“As the OPM breach painfully demonstrated, our cybersecurity efforts are not where they need to be,” Homeland Security Secretary Jeh Johnson said Nov. 18.

Johnson did not provide any further details on the timetable during his speech at the Federal Times CyberCon event in Arlington, Virginia, however he did outline a number of initiatives DHS is working on to increase government cybersecurity.

As Federal News Radio reported earlier this month, DHS’ automated, near real time information sharing system is up and running as of Oct. 31. For the full article click here 

from cyber security caucus http://ift.tt/1MFTx38
via IFTTT

Are Boards Missing an Opportunity to Mitigate Cybersecurity Risk?

You can’t read a corporate governance publication or blog today without getting advice about the board of directors’ role in incident response planning. It’s an expected reaction as corporate officers and directors come to terms with the idea that a breach is possible – maybe even probable. Many of us in the cybersecurity industry applaud this engagement as a component of the reactive part of the strategy, but we also share a concern — are boards and C- suite leaders underestimating their role in the organization’s strategy for day-to-day resiliency against the threats?

The timeline of a breach can be long. Weeks, months or even years go by before a large scale exfiltration or destruction of assets occurs. The point at which you discover a breach has a big impact on whether the damage is significant or not. Yet while many corporate leaders seem to be addressing the “crisis” part of a breach timeline – when revenue and reputation are severely at risk – they seem to be leaving oversight of the ongoing risk mitigation strategy in the hands of management. Frankly, if board oversight is limited to the crisis stage, we’ve failed on behalf of our shareholders and stakeholders.For the full article click here 

from cyber security caucus http://ift.tt/1MFTzbl
via IFTTT

The Cybersecurity Playbook

According to PricewaterhouseCoopers’ Global State of Information Security Survey 2016, 38% more security incidents were detected in 2015 than in 2014. The theft of intellectual property increased 56% in that same time period, according to the report, which relies on survey responses from more than 10,000 C-suite executives, VPs, and directors of IT and security practices hailing from 127 countries.

At the same time, the survey shows that firms are taking steps to address these threats. Respondents said they boosted their information security budgets by 24% between 2014 and 2015, and report that financial losses decreased 5%. So it would seems that many firms are finding a way to stem the tide; but the seemingly endless deluge of threats requires a level of vigilance that simply wasn’t required in, say, 1995 when the movie Hackers was released. For the full article click here 

from cyber security caucus http://ift.tt/1MYnfE0
via IFTTT

5 major cyber security vulnerabilities from the last few days

In the last few days, a series of quite major vulnerailtities have been discovered across a variety of apps and websites.

Here is everything you need to know.

Casino Malvertising

This attack was pumped out via 10 different ad domains that were mostly on websites offering pirated movies. Without being clicked, the ads would send users to a casino website, which ultimately led to the Angler exploit kit. The Neutrino exploit kit was also being pushed.

The attack has been going on for at least 3 weeks, exposing a large number of people to malware such as the Cryptowall Ransomware and the Bunitu Trojan.

Malwarebytes’ Jerome Segura “one of the largest malvertising campaigns in recent months”.

Blackhole resurfaces

The infamous Blackhole malware returned this week, again discovered and documented by Malwarebytes. The attacks were evening reusing the PDF and Java exploits used before. This is despite the fact that the hack behind the code, Paunch, was arrested in 2013.

The fact that the exploits are a bit old does not stop some computers being vulnerable, and it is thought that the old code, which is public is being updated. For the full article click here 

from cyber security caucus http://ift.tt/1jaINRO
via IFTTT

Cylance Becomes a Member of the Institute for Critical Infrastructure Technology (ICIT)

Cylance Executives Malcolm Harkins and Jon Miller Add Cybersecurity Expertise to the Washington, DC-Based Tactical Bipartisan Forum of Federal Agency Executives, Legislative Community, and Industry Leaders Focused on Solutions-Based Strategies to the Nation’s Critical Infrastructure Obstacles

IRVINE, CA–(Marketwired – Nov 18, 2015) –  Cylance, the company that is revolutionizing cybersecurity with products and services that use artificial intelligence to proactively prevent, rather than just reactively detect advanced persistent threats and malware, today announced that it has become a member of the Institute for Critical Infrastructure Technology (ICIT) Fellows Program. Cylance executives Malcolm Harkins, Global Chief Information Security Officer and Jon Miller, Vice President of Strategy have been named ICIT Fellows and expand the Institute’s growing expertise in preventative cybersecurity technologies and other national cybersecurity concerns.

Cylance has already contributed to several ICIT briefings including “Moving Forward: How Victims Can Regain Control & Mitigate Threats in the Wake of the OPM Breach“, the third in a series of ICIT briefs in support of the U.S. Government’s response to the OPM breach. This brief has since been turned into a series of videos, which are providing valuable guidance to the millions of federal employees victimized by the OPM breach. Cylance has deep expertise in Incident Response, Compromise Assessments, Penetration Testing, Industrial Control Systems (ICS), Critical Infrastructure and Key Resources (CIKR) in addition to its next-generation endpoint security product CylancePROTECT™.

On November 19, 2015 Cylance executive and ICIT Fellow Jon Miller will address senior legislative staffers and both public and private sector healthcare industry leaders on the top cybersecurity risks facing hospitals and other healthcare organizations as well as what can be done to mitigate them. The ICIT Briefing “Hacking Healthcare” held at the Senate in partnership with a congressional healthcare committee will also feature insights from federal agency technology leaders from the U.S Department of Health and Human Services (HHS), NASA and the National Institute of Standards and Technology (NIST).

Click Here to Read More

from cyber security caucus http://ift.tt/1kH6mn4
via IFTTT

Gaps Found in Healthcare Cybersecurity Threat Detection

“Cyber threat intelligence sharing still holds the greatest potential to enhance situational awareness and improve organizational cyber preparedness.”

Few healthcare companies actually contribute to a healthcare cybersecurity threat intelligence sharing and analysis organization, according to a recent report, which shows there are gaps when it comes to collecting data and then learning from it.

The Health Information Trust Alliance (HITRUST) found that just 5 percent of healthcare organizations contributed Indicators of Compromise (IOCs) to the HITRUST Cyber Threat XChange (CTX). However, 85 percent of organizations gathered information from IOCs in that same timeframe, according to The Health Industry Cyber Threat Information Sharing and Analysis Report.

• Current requirements and guidance regarding the submission of IOCs to the HITRUST CTX is deficient and contributes to under-reporting or inconsistent reporting of IOCs
• Current level of IOC collection is not representative of the level of cyber threats being perpetrated against the healthcare industry – nor are complete and timely IOCs available through existing government and other readily available commercial cyber threat sources

It is also important to note that just 50 percent of the contributed IOCs in the sampling period were considered “actionable,” meaning they could potentially be “useful in allowing preventative or defensive action to be taken without a significant risk of a false positive.”

“Cyber threat intelligence sharing still holds the greatest potential to enhance situational awareness and improve organizational cyber preparedness,” HITRUST CEO Daniel Nutkis said in a statement. “Development of the IOC collection requirements and our deployment of breach detection systems are a big step forward in advancing industry’s cyber intel sharing capability.” For the full article click here 

from cyber security caucus http://ift.tt/1SGT988
via IFTTT

Businesses seek fed cybersecurity work at San Antonio summit

The San Antonio Converge Summit today at UTSA drew a standing room only crowd of local businesses seeking to bring their cybersecurity expertise to the National Security Agency and Defense Department installations, such as the nearby 24th and 25th Air Force Cyber commands.

The daylong event was sponsored by the San Antonio Chamber of Commerce’s Cybersecurity San Antonio along with UTSA and the University of Texas.

Will Garrett, who heads Cybersecurity San Antonio, said the purpose of Converge was twofold – to showcase San Antonio’s cybersecurity ecosystem of defense missions, a private sector cybersecurity cluster, and UTSA’s top-rated cybersecurity program and to educate that ecosystem on ways they could support the NSA.

“The entire Department of Defense and intelligence community … they have aggressive goals to engage the small business community, the startup community,” Garrett said.

The Paris attacks came up as just one recent example of security threats playing out globally, Garrett said. For the full article click here 

from cyber security caucus http://ift.tt/1kGDRWB
via IFTTT

Mimecast Prices IPO at Low End of Range, Raising $78M

Email security firm Mimecast completed its initial public offering Wednesday, pricing its shares at $10 a piece and raising $77.5 million in funding.

The stock price is at the low end of the company’s previously expected range, of between $10-$12 a piece. Mimecast sold the expected number of shares at 7.75 million.

Mimecast, which is based in London and has its U.S. headquarters in Watertown, is listing on the Nasdaq under the symbol “MIME.” Shares are expected to begin trading on Thursday. Its valuation stands at $540 million based on the IPO price.

Mimecast has granted underwriters a 30-day option to purchase up to an additional 591,000 shares, which would increase the total size of the offering to about $83.4 million.

As of March Mimecast employed 169 in the U.S. and 524 overall. The company follows Boston-based cybersecurity firm Rapid7 (RPD), which went public in July. For the full article click here 

from cyber security caucus http://ift.tt/1X9Vr0G
via IFTTT

UK Announces Additional £1.9 Billion in Cyber Security Funding

Chancellor George Osborne announces government plan to almost double its investment in cyber security initiatives over the next five years, spending an additional £1.9 billion.

Speaking to intelligence officials at Government Communications Headquarters (GCHQ) on Tuesday, Osborne said that while British authorities are already monitoring cyber threats against numerous companies across the aerospace, defence, energy, water, finance, transport and telecoms sectors, the government will do more to protect firms and individuals from the threats posed by the so-called Islamic State (IS) and other terrorist groups. For the full article click here 

from cyber security caucus http://ift.tt/1O4KRrx
via IFTTT

Cybersecurity company CyberArk Software expects continuing strong sales growth

Israeli security company CyberArk Software, a market leader in privileged computer account management, expects the global market for its products to continue growing, even as public perceptions about the threat of cyber attacks seems to be tilting towards complacency.

CyberArk founder and chief executive Udi Mokady told the South China Morning Post that the company was unfazed by the current market perception that there are fewer major cyberattacks in the news recently.

“We are not dependent on attacks to drive business,” said Mokady.

The company is expanding to China and other Asian markets. On November 16 it signed a deal to partner with Chinese security company Haiyi Software. Located in Northeastern China, Haiyi has the required license to sell cyber security products in China and will develop new user interface for the Chinese versions of CyberArk products, Mokady said.

CyberArk New York-listed shares trade around US$38, or about half of its high of US$73 in June. The downward pressure on share prices is a reflection of the declining public interest and general complacency toward cyberattacks, accordign to industry professionals. For the full article click here 

from cyber security caucus http://ift.tt/1O4KT2y
via IFTTT

Britain Boosts Cybersecurity, Drone Program as ISIS Debate Swells Worldwide

As many nations consider how to deal with the radicalized terror group known commonly as the Islamic State (IS) or the Islamic State of Iraq and Syria (ISIS), the British government has vowed to increase cybersecurity to thwart potential attacks.

While many nations have openly discussed military action against the prolific extremist group, top British officials have said they will focus on cybersecurity and offense, as well as more typical physical responses to the organization’s recent violent attacks.

In a Monday speech at the Government Communications Headquarters (GCHQ), Chancellor George Osborne said more emphasis needed to be placed on protecting British infrastructure, like hospitals, airports and industry. For the full article click here 

from cyber security caucus http://ift.tt/1PzpuQy
via IFTTT

Cybersecurity a ‘top priority,’ PA banking secretary says

When asked why he robbed banks, notorious robber Willie Sutton replied, “Because that’s where the money is.”

Today, banks must prepare to face threats from dozens of virtual Suttons, who attack not through the front door, but the back door of a bank’s online systems, said Robin Wiessmann, who is the secretary of Pennsylvania’sDepartment of Banking and Securities.

“During (Sutton’s) criminal career (in the 1930s), a bank primarily had to worry about one person or a small group of people, presumably armed, entering a single branch through the front door in broad daylight business hours,” Wiessmann told a group of business leaders — mostly bankers — gathered Monday at the Spring Mill Manor in Northampton.

“Today, all businesses have to worry about thousands of Willie Suttons, and an assault on all angles. (Criminals) just have to have computer hacking skills and good Internet connections to rob all our offices on any given day, at any given time,” she added.

Wiessmann, an Upper Makefield resident and former state treasurer, said she’s made cybersecurity a priority for her department since being named secretary of the financial oversight agency by Gov. Tom Wolf in January. For the full article click here 

from cyber security caucus http://ift.tt/1MUhN0u
via IFTTT

Microsoft beefing up on cybersecurity

“This is so that, like any intelligence operation, we don’t have silos,” Ms Nadella said yesterday at a conference in Washington.

“We’ll have people who’ll be able to in real-time connect the dots across what’s happening across all of these services.”

Cybersecurity and preventing hacking and data theft has become a key challenge in the software industry after a number of high-profile attacks in recent months, including onSony, Anthem and JPMorgan Chase.

Microsoft has been working to bulk up security features as it seeks to boost sales in cloud and productivity products. (Bloomberg) For the full article click here 

from cyber security caucus http://ift.tt/1PzpuQw
via IFTTT

Top Info Officer Wants System To Deal With Cyber Security In Government Agencies

Since taking up his post earlier this year, the Government’s Chief Information Officer (CIO) Dr Louis Shallal says he has experienced a baptism of fire in regards to the cybersecurity threats that state agencies face.

It is for this reason that Shallal is introducing several measures to address the cybersecurity needs of the Government.

Shallal, who was a lead presenter at the third National Cyber Security Conference, spoke to the need for an enterprise information security architecture (EISA) system that would cater to the cybersecurity needs of all government agencies.

He indicated that he was currently preparing requests for proposals and seeking funding for the implementation of such a system. For the full article click here 

from cyber security caucus http://ift.tt/1MUhMKb
via IFTTT

Experts describe communication methods for Paris attackers

HOUSTON –Days after the deadly terror attacks in Paris, authorities are forming a clearer picture of the threat ISIS poses and the way terrorists may be communicating. They say the group communicates through video game consoles and cellphones.

“I believe terror through technology is a very scary thing,” said Oshea Phillips, who is concerned about cybersecurity.

According to intelligence officials, ISIS and its terror suspects have been known to use PlayStation 4 consoles to message and chat with one another. They also use smartphone apps designed to delete messages after a certain time frame.

“It’s a playground where you can hide in plain sight,” said Lance James, a cybersecurity expert. “You can put together a working group of members such as a terrorist organization, communicate on your plans and then dissipate and it’s gone.” For the full article click here 

from cyber security caucus http://ift.tt/1j4IkRb
via IFTTT

Wynyard Group signs Telstra in AU$3.2m cybersecurity deal

Crime analytics software company Wynyard Group has signed Telstra as its foundation customer for its Advanced Cyber Threat Analytics (ACTA) solution, which according to the company, discovers cyberthreats inside a network aimed at preventing infiltration.

The three-year, AU$3.2 million deal will see the New Zealand-based Wynyard charged with protecting high consequence cyberthreats against the telco giant.

According to Telstra CISO Mike Burgess, Telstra will leverage ACTA to identify anomalies and unusual patterns within the network which he said will provide the telco with a deeper understanding through the discovery of previously unknown threats.

“ACTA will provide Telstra with a powerful intelligence and analytics platform that will allow us to quickly identify and explore key cyberthreats and to contain those first seen cyber issues before they become a serious breach,” Burgess said.

“A data analytics capability that identifies true ‘unknown-unknowns’ should be a fundamental part of any organisation’s cyber defence.”

Telstra has been trialling the ACTA technology over the past year. For the full article click here 

from cyber security caucus http://ift.tt/1j4IkR9
via IFTTT

Osborne to seek £1.9bn cybersecurity budget to tackle Isis threats

The Islamic State (Isis) could launch cyberattacks in the UK which can cripple critical infrastructure, Chancellor George Osborne is expected to warn in a speech at the GCHQ. The attacks could target power stations, the National Grid and hospitals.

While acknowledging that the IS does not yet have the capacity to do this, Osborne is expected to announce that Britain will commit to doubling expenditure on cybersecurity to £1.9bn (€2.7bn, $2.8bn) by 2020. A “National Cyber Centre” at the GCHQ to respond to major attacks on Britain is also on the cards.

Isis has won more followers and attracted new recruits by effectively using the social media. While intercepting their communications, experts recently found that the militants have switched from open communication sources to embedded devices that cannot be tapped.

However, opinions differ on the technological capabilities of the militants. Many point out that the group has only been able to deface websites and indulge in minor hacking. A group of hackers claiming to be affiliated with the Isis had declared a “cyber caliphate” last year. Britain’s intelligence head Alex Younger has also warned that technology now allows militants to “see what we are doing and to put our people and agents at risk”. For the full article click here 

from cyber security caucus http://ift.tt/1j4IkR5
via IFTTT

Loyola Law School, Los Angeles to Offer an LL.M. in Cybersecurity

Loyola Law School in Los Angeles has announced the launch of a new LL.M. specialization in Cybersecurity and Data Privacy Law.

The program will cover a range of topics in security and data privacy, with classes like “Technology & Privacy,” “Cybersecurity & Regulatory Compliance,” and “Incident Response & Investigation.” Through electives, students will be able to delve into specialized topics like white collar crime and copyright.

Some of the courses will be delivered through a partnership with Loyola Marymount University’s Seaver College of Science and Engineering.

The LL.M. can be completed on either a full- or a part-time basis.

Relatedly, Loyola Law School has also announced that it is adding cybersecurity and data privacy curriculum to its JD and Master of Science in Legal Studies (MLS) programs. For the full article click here 

from cyber security caucus http://ift.tt/1j4IkQZ
via IFTTT

Demystifying an assurance fallacy

When situations go awry in an organization, there’s a tendency to create new, executive-level positions by establishing the classic “one throat to choke” policy if problems persist. For example, if tacit knowledge is leaving the organization without being captured, an organization might be compelled to establish a chief knowledge officer (CKO) position. If an organization fails to implement a meaningful strategy, a chief strategy officer (CSO) position is sometimes established. If an effective marketing strategy isn’t in place or the marketing strategy fails, perhaps a chief marketing officer (CMO) will solve the problem. Or when an organization encounters an oversight in a technology decision, they might create a chief technology officer (CTO) position.

Although there is value in the growing number of C-suite positions, my main concern is the unrealistic expectations that are often associated with desired results. One memorable quote that I come back to when I ponder this topic: “We don’t need more opinions, we need more hands!”

The Clinger-Cohen Act of 1996 established the federal CIO positon and area of responsibility. Still, theFederal Chief Financial Officer Act often empowered CFOs to perform tasks that ran counter to the CIO’s area of responsibility. The CTO position emerged as perceptions grew that CIOs often lacked the skills needed to lead the technical direction of an organization. Consequently, CIOs were essentially in figure-head roles because they lacked line and budget authority over staff who contributed to, or negatively impacted, their areas of responsibility. As more CxO positions were created in the technical realm (CTOs, CISOs), areas of responsibility became more fragmented. It’s a paradoxical situation for CxOs to be ultimately responsible for tasks over which they do not have line authority; albeit not uncommon.

For the full article click here 

from cyber security caucus http://ift.tt/1NzBVWi
via IFTTT

Homeland Security won’t wait for Congress on cybersecurity

Congress still might get around to completing action this year on cybersecurity information-sharing legislation, but in the meantime the private sector and even the ponderous Department of Homeland Security are pressing ahead with their own initiatives.

Spies, thieves and terrorists in cyberspace leave behind telltale “indicators” of their activities. Cybersecurity experts envision a future in which information on threats is shared at “machine speed,” or in real time, allowing rapid responses that minimize the impact of attacks.

Sharing information manually “takes hours, if you’re lucky,” William Nelson, the president and CEO of the Financial Services Information Sharing and Analysis Center, said last week at an event sponsored by law firm Arent Fox. Nelson’s group has collaborated with DHS on a project that brings that down to seconds. Under this new process, “Our worst case is 10 minutes. One second is our best case.” For the full article click here 

from cyber security caucus http://ift.tt/1HOjLU4
via IFTTT

DHS Secretary: ‘Minimal’ Use of Illegal Drugs in ‘Range of Normalcy’ for DHS Hires

Homeland Security Secretary Jeh Johnson downplayed concerns from civil-liberties groups like the ACLU, saying he is satisfied with the “adequate privacy protections” in the House and Senate versions of the cyber security bill.

“We worked very hard with the Congress to establish DHS, which is a civilian agency, as the single portal through which we are encouraging the private sector to provide indicators for which there is a limitation on civil and criminal liability if you do. And at DHS we have constructed a system for real-time and near real-time information sharing with a privacy scrub built into the system where a privacy scrub is necessary — and that is unique among all the federal agencies, and we’ve set it up that way,” Johnson said at the Council on Foreign Relations.“So when information is shared with other federal departments and agencies, we have vetted it to ensure privacy. And that was a critical component of the Senate bill in particular and there’s a different version of it in the House bill, which I hope gets worked out in conference, but I’m satisfied that both pieces of legislation provide for adequate privacy protections coming with respect to information from the private sector.” For the full article click here 

from cyber security caucus http://ift.tt/1HOjJvB
via IFTTT

PwC partners with cloud security firm Skyhigh Networks

PwC has agreed an alliance with Skyhigh Networks, a US-based cloud security company. As part of the partnership, the accounting and consulting giant will include Skyhigh Networks’ offerings as a standard proposition in its services portfolio.

In recent years the importance of (online) security has hit the roof, thrusted by the rapid increase of digital consumers and online connected devices*, with on the flip side the rise of digital crime, lured by the great potential to get hold of (financial) gains. According to a recent report from internet security software giant McAfee, worldwide losses stemming from cybercrime hit £266 billion last year, with the less conservative estimate stating the damage caused could be as high as £342 billion – between 0.5% and 0.8% of global GDP.  Another study, by PwC UK, found that the average cost of a cybersecurity breach to a large organisation in the UK now stands at between £1.5 million to £3.14 million.Despite the high costs that come with cybercrime, and the growing awareness and effort put into fighting e-crime, several studies have off late shown that organisations are still not sufficiently prepared for cyber-attacks, in part due to the evolving nature of the domain, as well as the professionalisation e-criminals are undergoing. A recent study by EY for instance reveals that only 12% of managers believestheir information security lines of defense fully meets the organisations’ needs.  For the full article click here 

from cyber security caucus http://ift.tt/1HOjLDJ
via IFTTT

World-Herald editorial: Joint effort is needed to combat cyberattacks

When asked what is the highest immediate threat to U.S. security, CIA Director James Clapper has a ready reply.

His answer: cyberattacks.

David Slayton, a national security expert at the Hoover Institution, agrees. “Put simply,” he says, “We’re just outgunned.”

Last year hackers linked to China penetrated the computer files at the federal Office of Personnel Management. They stole sensitive personnel data on 21 million Americans.

Last month, the Associated Press reported, “In each year from 2011 to 2014, the State Department’s poor cybersecurity was identified by the inspector general as a ‘significant deficiency’ that put the department’s information at risk.” For the full article click here 

from cyber security caucus http://ift.tt/1HOjLDE
via IFTTT

Cybersecurity expert discusses threat response

LOST PINES — By 2020, there will be 50 billion Internet-connected devices in use, and “every one of them expands the attack space,” Krish Prabhu, president and chief technology officer at AT&T Labs in Dallas, told scientists Friday at the Texas Research Summit.

“Every one of them can be used to launch an attack,” Prabhu said.

For AT&T, which handles roughly a third of U.S. Internet, mobile and video-viewing traffic, it’s meant a dramatic shoring up of cybersecurity defense capabilities.

“A few years ago, we had less than 100 security specialists,” he said. “Today, roughly 20 percent of our workforce is involved in security in one way or another. And this is just the tip of the iceberg as we look toward the next 10 years,” he added during his summit presentation. For the full article click here 

from cyber security caucus http://ift.tt/1H1JWGR
via IFTTT

Cyber security firm offers big bug bounty to hackers to break Tor’s Anonymity

Cybersecurity firm offers ‘premium’ cash rewards to hackers who can break Tor

Now that iOS 9 has been jailbroken and the bounty of $1 million paid to the hackers for doing it, security firm, Zerodium has turned its sights on another big service, Tor anonymity network. It is offering premium cash rewards to hackers who can break the Tor anonymity network and reveal the identity of users around the world.

Breaking Tor seems to everyone’s favourite hack this weekend as it comes less than 24 hours after the Tor Project developers accused the Federal Bureau of Investigation of paying Carnegie Mellon University $1 million to attack Tor.

Zerodium is a security research company which pays high cash rewards to hackers and security researchers who find zero-day exploits. It makes money by paying hackers for exploits and then selling these very exploits to governments around the world, corporations in the defense, technology firms, and finance industries. Zero-days are critical software vulnerabilities that no one else has yet discovered. The company made headlines earlier this month when it rewarded $1 million to hackers who compromised the latest Apple iOS 9 operating system. For the full article click here 

from cyber security caucus http://ift.tt/1SPu2kf
via IFTTT

Launching a cybersecurity war room

Cyberattacks on the healthcare industry are on the rise. In response, some larger systems, including Intermountain Healthcare in Salt Lake City, are setting up around-the-clock security operations centers, or SOCs, to better deploycybersecurity personnel, technology and processes in fending off the bad guys.

A SOC is a team, primarily composed of security analysts, organized to detect, analyze, respond to, report on and prevent cybersecurity incidents, according to Carson Zimmerman, principal cybersecurity engineer for the MITRE Corp., and author of a guidebook for setting up a SOC. Security operations centers have been fixtures in military and national security organizations for decades.

“At Intermountain, we had monitoring, we had detection, we just didn’t have people looking at it 24/7,” said Karl West, the system’s chief information security officer. “We’d go home and pagers would go off.” Intermountain began planning for its SOC in 2012, following a recommendation that was part of the system’s annual security risk assessment, he said.  For the full article click here 

from cyber security caucus http://ift.tt/1RV5t4t
via IFTTT

CoNetrix tandem Cybersecurity Assessment Tool wins the 2015 BankNews Innovative Solutions Award for Best Management/Operations/Processing Solution

LUBBOCK, Texas, Nov. 14, 2015 (GLOBE NEWSWIRE) — via PRWEB – CoNetrix is excited to announce its tandem Cybersecurity Assessment tool won the 2015 BankNews Innovative Solutions Award for Best Management/Operations/Processing Solution!

The tandem Cybersecurity Assessment tool, launched in July 2015, was developed to help financial institutions such as banks and credit unions complete the FFIEC cybersecurity self-assessment released on June 30th. Users log into tandem and complete a questionnaire to calculate their institution’s inherent risk profile and cybersecurity maturity level. Results live in tandem for tracking and reporting on a regular basis. More than 800 financial institutions have chosen to use tandem to help them complete their cybersecurity assessment.

The tool is an integrated module in tandem, an online software suite for managing information security and compliance. It was initially launched as a free tool, but now includes Pro and Pro Plus versions available for paid enhancements and professional services.

The 2015 Innovative Solutions Awards, sponsored by BankNews, recognize companies helping community banks improve their operations, be more competitive, enhance their technical capabilities and increase their profitability. The Innovative Solutions Awards are presented in four categories For the full article click here 

from cyber security caucus http://ift.tt/1RV5rcM
via IFTTT

Hill-Based OPSWAT Provides Cybersecurity

In our interconnected and device-laden world, cybersecurity has become a hot topic, especially after recent data breaches at the Sony and Target corporations. According to a study sponsored by Hewlett-Packard, cybercrime cost the average American firm $15 million in 2014, a 19 percent jump from the year prior. Average per company losses could top $40 million by 2020 if current growth rates continue. In addition to economically-motivated cyber-crime, there’s increasing concern that a cyber terror attack on critical national infrastructure – such as nuclear power plants and transport networks – could be imminent.

Taken together, the need for companies, government agencies, and even households to adopt robust cyber-security strategies has become more pressing. Part of that need is being met at the corner of Kansas and 17th streets, home to a major player in the cyber-security game: OPSWAT – Omni-Platform Security with Access Technologies – a software company that helps secure and manage information technology infrastructure. The 13 year old, 60-employee firm moved their main offices to Potrero Hill in 2013. For the full article click here

from cyber security caucus http://ift.tt/1Y8CFZZ
via IFTTT

UVa Board of Visitors discusses diversity, race relations, cybersecurity

The University of Virginia will hold a survey on diversity and race relations on Grounds next spring.

UVa President Teresa A. Sullivan made the announcement at a Thursday afternoon meeting of the Board of Visitors.

Sullivan said the survey would give the administration “a benchmark so we can understand where we have issues and show us how to address those issues.”

Those issues have prompted large-scale protests at other institutions around the country, including the University of Missouri, where top administrators stepped down under intense pressure from students. For the full article click here

from cyber security caucus http://ift.tt/1Y8CFJF
via IFTTT

Many small businesses aren’t prepared for cyber attacks

KUSA – The majority of small businesses are not prepared to combat cyber thieves, according to a new survey conducted by Nationwide insurance.

In fact, eight out of 10 small businesses do not have a secure plan in place, which makes them vulnerable to cyber thieves, according to the Denver Business Journal. 9NEWS Cyber Security Expert John Sileo said a lot of small businesses don’t believe they are at as much risk as larger corporations.

“I’m not that surprised that small businesses, 80 percent are unprepared. Frankly, 80 percent of large corporations are unprepared. I go around spending my time seeing these companies who have not done what they need to do, they get hit, suddenly they pay attention, but it’s many millions of dollars later,” Sileo said. “One of the problems here is that small businesses don’t think they’re at as much risk as the larger corporations, they’re actually at more risk. There’s more data breach. There’s about 60 percent of all breach happens in small businesses, so it’s not just a corporate problem.” For the full article click here

from cyber security caucus http://ift.tt/1Y8CFJz
via IFTTT

Jacksonville State expanding its cybersecurity focus

Jacksonville State is delving deeper into cybersecurity.

JSU announced Thursday it received $229,296 from the National Science Foundation, an independent federal agency, to train cybersecurity instructors on campus. In addition, the school was awarded a $134,924 grant from the U.S. Department of Defense and the National Security Agency to develop an intelligence monitoring system that is currently in “prototype form,” said Guillermo Francia, the JSU computer science professor who has been leading the school’s charge into cybersecurity.  For the full article click here

 

from cyber security caucus http://ift.tt/1Y8CFJr
via IFTTT

TalkTalk hack: perhaps we’ll finally take cybersecurity seriously

Many people are quite upset that telecoms firm TalkTalk recently fell victim to a hacker who relieved it of hundreds of thousands of customers’ personal details. However I am, in a way, quite pleased. I’ve nothing against TalkTalk, for whom the whole episode has been highly unfortunate, and I have sympathy for those customers affected. But how events panned our afterwards actually provide crumbs of comfort.

The incredible media coverage the attack received is welcome. There can be few people in Britain who are unaware that TalkTalk had a problem. This is extraordinary, because TalkTalk is just the latest to fall victim to something that is going on all the time. In fact, just days later Vodafone admitted it had suffered a breach of its own. For the full article click here

from cyber security caucus http://ift.tt/1HBXmt8
via IFTTT

Senate Approves Cybersecurity Information Sharing Act

The U.S. Senate passed the Cybersecurity Information Sharing Act (CISA), bringing it one step closer to becoming law. The House of Representatives is currently considering it. “Critics claim that the law will be a free pass to mass surveillance, and internet users are scrambling to find alternative ways to protect their privacy,” the press release notes.

CISA is intended to protect companies from data breaches by allowing them to share cybersecurity and customer information with the Department of Homeland Security without a warrant. Government agencies will analyze the data and share it with companies to help prevent security breaches. For the full article click here

from cyber security caucus http://ift.tt/1NsCz81
via IFTTT

Cybersecurity ETF ‘HACK’ Turns 1

A year ago, PureFunds was flying relatively under the radar as the company behind two defunct precious metals ETFs and a small silver fund. But fast-forward to today, and you’d be hard-pressed to find someone in the industry who hasn’t heard of the PureFunds ISE Cyber Security ETF (HACK | C-36), the first strategy to specifically target companies that are actively involved in providing cybersecurity technology and services.

HACK has grown to become a $1 billion-plus fund in a matter of months, having seen positive net inflows almost every month in the past year. Its performance has been nothing short of a roller-coaster ride, For the full article click here

from cyber security caucus http://ift.tt/1NsBVHG
via IFTTT

Cyber Security Company Cymmetria Raises $9M

November 12, 2015 | Israeli cyber security company Cymmetria has raised $9 million in their Series A fundraising round, led by Sherpa Ventures. Founded  in 2014 by a cohort from the Israeli Army’s elite technology unit 8200, Cymmetria has developed decoy servers called “honeypots” to distract would-be attackers away from their true targets. Based in Tel Aviv and San Francisco, the company has also received past investment from YC Combinator, Seedcamp, and Felicis. For the full article click here

from cyber security caucus http://ift.tt/1NsBVHD
via IFTTT

Canada Banks See Cybersecurity as One of Top Threats, Survey Shows

Technology risks such as cybersecurity are the greatest threats facing financial institutions, according to a survey of industry executives by the Global Risk Institute.

As Canadian banks are increasingly focusing on growth from digital channels, almost half of attendees at a conference of the Toronto-based research organization named technology risks as the No. 1 hazard facing the industry.

Executives expressed concerns about the theft of client information, including credit card data, and denial of service attacks which can disable a company’s computer systems, said Richard Nesbitt, President and CEO of the Global Risk Institute, in an interview.

“No one can go in and use your computers for perhaps days,” said Mr. Nesbitt, who is also a former executive at Canadian Imperial Bank of Commerce. “That’s terrifying to financial services institutions.” For the full article click here 

from cyber security caucus http://ift.tt/1RNuJti
via IFTTT

Banks Seek Coordination on Cybersecurity Requirements

The New York banking regulator announced Tuesday it was working on new cybersecurity requirements even as bankers pushed agencies to further harmonize their efforts. For the full article click here 

from cyber security caucus http://ift.tt/1RNuL4t
via IFTTT

Cybersecurity Council Begins Work to Curb Risks to Utilities, Agencies in Md.

COLLEGE PARK, Md. (Nov. 11, 2015) — Protecting Maryland’s utility infrastructure and state agencies from cyber threats is the top priority for a new advisory panel comprised of state and federal officials working alongside private-sector security experts.

The Maryland Cybersecurity Council plans to develop recommendations on how to take advantage of the cyber institutions in Maryland, create additional cybersecurity jobs and promote economic development, according to state Attorney General Brian Frosh, chair of the council.

The council, which met for the first time Tuesday, plans to develop statewide guidelines for a coordinated response in the event of cybersecurity attacks For the full article click here 

from cyber security caucus http://ift.tt/1HxskCO
via IFTTT

Cybersecurity treaties may be nice, but it’s really every country for itself

The United States and China are attempting to negotiate what would be the first cyber arms-control agreement to ban peacetime attacks on critical infrastructure. The talks reflect the commitment that Washington and Beijing made at the conclusion of Chinese President Xi Jinping’s recent U.S. visit to “identify and promote appropriate norms of state behavior in cyberspace.” The first ministerial-level meeting on cybersecurity is due to take place before the end of this year.

The two countries’ effort to limit the cyber arms race is being widely compared to Cold War nuclear arms-control treaties. But this Cold War analogy is flawed because of fundamental differences between the nuclear and cyber domains.

President Barack Obama acknowledges that an “international framework” to regulate great-power competition in cyberspace is unlikely to be “perfect” because it would not solve cybersecurity threats posed by “non-state actors and hackers.” Yet as the president told the Business Roundtable on Sept. 16, “there has to be a framework that is analogous to what we’ve done with nuclear power because nobody stands to gain.” For the full article click here 

from cyber security caucus http://ift.tt/1QhzePp
via IFTTT

KEYW shares fall in after-hours trading as quarterly loss widens

KEYW Corp.’s losses widened in the third quarter as the Hanover cybersecurity company keeps pushing for its business selling to the private sector to take off.

Its revenue grew by about 3 percent in the third quarter to $81.1 million, while its losses more than doubled to $8 million from $3 million in the same period last year. Its main federal contracting business was responsible for the increased sales, but that division was a third less profitable than in the same quarter of last year.

The results translated to a loss of 20 cents per share, compared with 8 cents a year earlier. Wall Street analysts had predicted KEYW would lose 11 cents per share in the quarter.

KEYW shares fell more than 15 percent in after-hours trading, to about $6.24. The stock’s lowest value over the past year is $5.60.  For the full article click here 

from cyber security caucus http://ift.tt/1HtmSkh
via IFTTT

Is Major Move Coming For First Trust NASDAQ CEA Cybersecurity ETF After This Wedge Up?

The stock of First Trust NASDAQ CEA Cybersecurity ETF (CIBR) formed an up wedge with $51.35 target or 184.00% above today’s $18.08 share price. The 5 months wedge indicates low risk for the $98.06M company. If the $51.35 price target is reached, the company will be worth $180.43 million more.
Rising wedges, especially for downward breakouts are tricky moments to trade. Investors must be aware that the break even failure rate for up or down breakouts is: 8% and 24%. The average rise is 28% and the decline is 14%. Wedges has high throwback and pullback rate: 73%, 63% and the percent of wedges meeting target is not more than 50%. The ETF is down 0.45% or $0.08 after the news, hitting $18.08 per share. About 1,885 shares traded hands. First Trust NASDAQ CEA Cybersecurity ETF (NASDAQ:CIBR) has risen 6.00% since October 10, 2015 and is uptrending. It has outperformed by 4.90% the S&P500. For the full article click here 

from cyber security caucus http://ift.tt/1L7OPJk
via IFTTT

A cybersecurity bill only a politician could love

As Congress moves to reconcile each chamber’s version of the Cybersecurity Information Sharing Act (CISA), civil liberties organizations and technology companies alike continue to pan the bill for threatening consumer privacy and covertly expanding government surveillance programs. Critics argue that strong cybersecurity should not come at the expense of diminished privacy — but this is a false dichotomy. CISA is unlikely to meaningfully improve cybersecurity because the bill addresses the wrong issues.

CISA is built on the premise that cyberthreat information is insufficiently shared among public and private entities. If organizations can quickly report new malware or intrusion techniques to other groups, the thinking goes, then those groups can proactively defend themselves against such threats and limit the overall risk of attack . For the full article click here 

from cyber security caucus http://ift.tt/1L7OPJi
via IFTTT

Bulgaria capital to host seminar on cybersecurity

Sofia. Central Military Club in the Bulgarian capital city Sofia will host a three-day seminar themed Cybersecurity of Young People in the Internet; Challenges before Cybersecurity.
The official partners of the event are the Bulgarian Ministry of Defence, Sofia Tech Park and the National Laboratory of Computer Virology with the Bulgarian For the full article click here 

from cyber security caucus http://ift.tt/1L7OPJh
via IFTTT

Cybersecurity Information Sharing Act and your privacy

Since the first computer virus in 1989, the US government has been struggling to keep up with the rapidly evolving world of cybersecurity. Hackers use constantly evolving methods while Congress sluggishly passes inefficient measures against these hackers. Over the past 30 or so years, multiple bills have been put in place to battle this misuse of technology. The most recent bill is the CISA.

The Cybersecurity Information Sharing Act passed in the Senate in Oct. with a whopping vote of 74-21. This bills main purpose is to help prevent data breaches like the famous Office of Personnel Managements breach that exposed the personal data of more than 20 million current and former federal employees.

CISA aims to do this by offering legal protection to companies who opt in, enabling these companies to share information without the risk of legal repercussion. In theory, when a company is attacked, the federal government is alerted immediately and the warning is distributed to all companies taking part in CISA. For the full article click here 

from cyber security caucus http://ift.tt/1MGrwHL
via IFTTT

Huawei Introduces Cyber Security Top 100 Requirements for Selecting Suppliers

ATLANTA, Nov. 8, 2015 /PRNewswire/ — Huawei today introduced its cyber security Top 100 requirements that organizations should consider when assessing suppliers’ capabilities to provide end-to-end cyber security. At the 26^thInformation Security Forum (ISF) Annual World Congress held in Atlanta, Huawei also showcased its latest security solutions and best practices that help businesses protect against cyber threats in today’s connected world.

At the Congress, Mr. Antonio Ierano, Cyber Security Expert for Huawei Enterprise Business Group, shared his insights during a keynote speech entitled “The Story behind Huawei’s Cyber Security Approach”. Mr. Ierano in his speech stated, “There is a lack of internationally recognized cyber security standards and regulations in the ICT industry and among governments worldwide. Huawei is committed to encouraging governments and the ICT industry to develop and adopt practical cyber security standards. Based on extensive research, we have developed the Top 100 requirements that organizations should consider when assessing suppliers’ end-to-end cyber security capabilities.”

The cyber security Top 100 requirements cover 11 key areas: strategy governance and control; standards and processes; laws and regulations; human resources; research and development; verification; third-party supplier management; manufacturing; delivering services securely; issue, defect and vulnerability resolution; and finally audit. Each area details a number of requirements organizations should consider exploring with their suppliers and the rationale behind these requirements. For the full article click here 

from cyber security caucus http://ift.tt/1M1luEh
via IFTTT

U.S, China to hold talks on cybersecurity

United States will host its global rival, China to a meeting on cybersecurity in Washington next month, the U.S. Deputy Assistant Secretary of State for East Asian and Pacific Affairs Susan Thornton has said.
Thornton, who disclosed this recently during Africa Regional Media Hub Telephonic Media Briefing on US-China Cooperation in Africa, said the two countries, during the Chinese President Xi Jinping’s visit to Washington, reached an agreement about the need to have high level exchanges and dialogues about various hacking and cyber intrusions.
Thornton, who was responding to question on issues of cybersecurity, said; “We have been working very hard with China…There is a lot of unregulated space in the cyber domain…So one of the things that we have found is that the lack of international agreements and regulations for how governments should act in cyberspace has been creating some problems.” For the full article click here 

from cyber security caucus http://ift.tt/1MucN70
via IFTTT

Cyber-criminal sphere a serious threat for SA

LAST year, SA had the most cyber attacks of any country on the continent. In 2014, losses from cyber crime reached an estimated R5bn annually. The year before, the Norton Report rated SA third on the list of the number of cyber victims in the world. Russia and China topped the list.

It is difficult to determine the level of cyber crime in SA as there is no legal requirement to report cyber-related crimes. But there is general acceptance that the country faces a major challenge. SA’s laws have been improved to deal with emerging threats in cyber space. This was underscored by the recent tabling of the Cybercrimes and Cybersecurity Bill.

The number of data-protection laws in Africa has increased. But only once implemented can further studies be conducted to check how successful they have been.

Last year, the African Union (AU) accepted the Convention on Cyber Security and the Protection of Personal Information. Though far from perfect, it highlights the AU’s concern with cyber issues. There have not been any real developments in the past year, even though most, if not all, member countries have signed.

The South African bill defines a wide range of cyber crimes and proposes penalties for infractions. It creates cyber structures that would provide a range of services.

The cyber hub allows anyone to report any cyber crime. All complaints will be investigated. The complainant will receive feedback. The cyber hub will also roll out cyber-awareness campaigns in SA. For the full article click here 

from cyber security caucus http://ift.tt/1M1lunX
via IFTTT

ISACA Joins The Institute for Critical Infrastructure

The Institute for Critical Infrastructure Technology formally welcomed ISACA to the ICIT Fellows Program in October.  One of the largest professional cybersecurity organizations in the world, ISACA engages in the development, adoption and use of globally accepted, industry-leading knowledge and practices for information systems and adds to the Institute’s growing expertise in cybersecurity workforce development and training.  ISACA will be represented by Fellows Robin “Montana” Williams (Senior Manager, Cybersecurity Practices) and Thomas Lamm (Director).

Cybersecurity training and workforce development are top priorities for cyber-aware organizations.  As a leader in this space, ISACA brings its decades of expertise and globally recognized cybersecurity training programs to ICIT and its educational efforts.  To help kick-off cybersecurity awareness month, Mr. Williams contributed to ICIT”s “Town Hall” on minority underrepresentation in cybersecurity, a briefing sponsored by Congresswoman Sheila Jackson Lee (D-TX) and held at the Rayburn House Office Building.  Rep. Lee was joined by Congresswoman Linda T. Sánchez (D-CA), Chair of the Congressional Hispanic Caucus and Congresswoman and Judy Chu (D-CA), Chair of the Congressional Asian Pacific American Caucus in hosting the “Town Hall” meeting.

R. “Montana” Williams, Senior Manager, Cybersecurity Practices & Cyber Evangelist states, “ ISACA’s partnership with ICIT is an important component of our efforts to create a global paradigm shift in the way cybersecurity professionals are trained and certified.  By creating the first holistic cybersecurity workforce development program that addresses the global critical infrastructure cybersecurity skills shortage, ISACA seeks to work with the ICIT Fellows Program to drive changes in the way we train and certify cybersecurity professionals. This change requires a transition from a knowledge-based education, training, and certification approach to education and training that is skills-based and a certification process that is performance-based.”

“With a projected 1.5 million workforce shortfall in the field of cybersecurity, ISACA’s addition to the Fellows program add to the Institute’s ability to educate stakeholders on the role training plays in the development of skilled cybersecurity practitioners.”

About ICIT: The Institute for Critical Infrastructure Technology (www.ICITech.org) is a non-partisan think tank providing objective advisement on cybersecurity and technology issues to the House and Senate, federal agencies and critical infrastructure sector stakeholders.  ICIT Fellows contribute their expertise and cutting edge research to legislative briefs and other publications as well as participate in legislative briefings and speaking engagements to help educate our Nation’s technology leaders.

About ISACA: ISACA (isaca.org) helps global professionals lead, adapt and assure trust in an evolving digital world by offering innovative and world-class knowledge, standards, networking, credentialing and career development. Established in 1969, ISACA is a global nonprofit association of 140,000 professionals in 180 countries. ISACA also offers the Cybersecurity Nexus™ (CSX), a holistic cybersecurity resource, and COBIT®, a business framework to govern enterprise technology.

from cyber security caucus http://ift.tt/1NVRp9S
via IFTTT

Cybersecurity: It’s About Maximizing Trusted Routines, Resources

In Massachusetts, cybersecurity is all about leveraging trusted routines and resources, such as the Multi-State Information Sharing & Analysis Center.

That’s the message Kevin Burns, chief information security officer for Massachusetts Office of Information Technology, spotlights in his interview at Government Technology’s Massachusetts Digital Government Summit.

Burns also noted a best practice: Before standing up new a application that’s going to host confidential information, he says it’s best to use a third-party entity to conduct a penetration test against that code, and make sure that both code and the environment in which it is housed are secure. For the full article click here 

from cyber security caucus http://ift.tt/1Qa3sDW
via IFTTT

Asia trade deal impacts cybersecurity, telecoms and open Internet policy

The final draft of the long-awaited Trans-Pacific Partnership agreement, a sprawling text of 30 chapters and over 2,000 pages, dedicates three of its chapters to issues that the tech world has called critical in the context of loosened international regulation: intellectual property, telecommunications and e-commerce.

A pact of 12 pacific rim nations — Brunei, Chile, New Zealand, Singapore,Australia, Canada, Japan, Malaysia, Mexico, Peru, the United States andVietnam, with the notable exception of global superpower China — the TPP establishes an enhanced legal framework for trade, cutting up to 18,000 international tariffs on made-in-America products in signatory nations, while simultaneously raising concerns about the implications of new rules on international data flows and the activities of white hat cybersecurity researchers. For the full article click here 

from cyber security caucus http://ift.tt/1RE015V
via IFTTT