Thursday, 31 December 2015

Westminster-based Coalfire establishes fund to honor late CEO

Coalfire Systems, a Westminster-based cybersecurity company, and The Denver Foundation announced on Wednesday the creation of a charitable fund honoring Coalfire co-founder and CEO Richard Dakin, who died while hiking in June.

The fund will support nonprofit organizations that focus on cybersecurity education.

“Rick was one of the original founders of Coalfire and a visionary in cybersecurity, and it is with great pride and humility that this fund has been created in his honor,” said Coalfire CEO Larry Jones in a statement. “This fund will help further the industry by providing individuals with access to cybersecurity-focused educational resources.”

Dakin, 63, died in June after suffering a medical emergency on Barr Trail in Pike National Forest near Colorado Springs. For the full article click here 



from cyber security caucus http://ift.tt/1YQtuBq
via IFTTT

Year of ‘fairly unsophisticated breaches’ underscores need for cyber hygiene, CISOs say

After a year of high-profile breaches, organizations should concentrate on reinforcing crumbling security foundations rather than adopting complex new software, said 25 chief information security officers in a survey by IT security content company Security Current.

“Looking back at 2015, I would say it was the year that redefined APT,” Brian Kelly, CISO of Quinnipiac University, told Security Current. “It went from the long-standing definition of Advanced Persistent Threat to Annoying Phishing Tactics.”

In the survey — which included comments from security professionals working in finance, health care, academia and big tech — each CISO offered a unique perspective on 2015’s cataclysmic string of hacks and forecasted the threat climate of the coming year. Yet, some had similar observations — chief among them was the need for basic “cyber hygiene” to ameliorate threats like phishing emails, which historically have been the most successful attacks despite their lack of complexity. For the full article click here 



from cyber security caucus http://ift.tt/1YQtuBk
via IFTTT

FBR sees improving cybersecurity spend, likes several stocks

“On the heels of another strong year for cybersecurity players, our recent field checks heading into 2016 suggest ‘robust’ deal momentum as enterprises and governments across the board upgrade to next-generation security platforms/software,” says FBR’s Dan Ives, reiterating his bullish stance on security tech upstarts.

Ives: “Based on our conversations with channel partners/customers over the last few weeks, closure rates look to be trending higher year over year, with seven-figure deals markedly up in the pipeline. This speaks to the massive firewall refresh that is underway, with hot areas of security (next-generation firewall, e-mail security, mobile/cloud) as the main beneficiaries.”

He expects next-gen firewall leader Palo Alto Networks (NYSE:PANW) to be a major beneficiary. Others expected to benefit include firewall/security software vendor Check Point (NASDAQ:CHKP), privileged account security software leader CyberArk (NASDAQ:CYBR), unified threat appliance leader Fortinet (NASDAQ:FTNT), e-mail/compliance security software firm Proofpoint (NASDAQ:PFPT), and Web app firewall and data security software firm Imperva (NYSE:IMPV). For the full article click here 



from cyber security caucus http://ift.tt/1YQtuBg
via IFTTT

5 cybersecurity trends to watch for in 2016, part 3

This commentary is the third of a three-part series featuring what cybersecurity thought leaders expect to see in the coming year.

Cyberattacks are continuing to increase in intensity and sophistication. Attackers are well funded and highly motivated, leveraging state-of-the-art techniques, operating across borders and rarely facing prosecution.

Cyberattacks are nothing new, but their consequences have recently become more significant – and are raising the stakes for information technology executives.

The expansion of the Internet of Things, the proliferation of connected devices and the growth of cloud computing all mean that an organization’s “attack surfaces” are growing. This target-rich environment makes it easier for hackers to find an entry point into organizations. For the full article click here 



from cyber security caucus http://ift.tt/1mrhpkx
via IFTTT

Wednesday, 30 December 2015

Consumers Facing New Cyber Security Challenges In Upcoming Year

Cyber security experts are predicting what kind of hacks we might face in 2016. Everything from your smartphone to your car may be a target.

The more you prepare, the more you can protect yourself.

Remember back when phishing emails were all we had to worry about online?

Cyber security expert Steven Weisman says his predictions for 2016 are a lot more frightening.

“Very frankly, what scares me the most is the possibility of the hacking of our infrastructure, our electric grid, our power stations.”

Last year Weisman foresaw hacks on the healthcare industry in his USA Today Column. For the full article click here 



from cyber security caucus http://ift.tt/1YSoZkv
via IFTTT

Cybersecurity Skills Gap Making Companies Vulnerable To Major Attacks

Although there are more than a million cybersecurity positions available worldwide, the global shortage of skilled cybersecurity professionals is set to continue to grow at rapid pace in 2016, putting public and private sector organizations at risk, according to a recent survey by Cybrary, the world’s first and only no-cost cybersecurity massive open online course provider.

The results of the survey of 435 senior level cybersecurity professionals revealed that the cybersecurity job market is growing four times faster than the overall IT market and 12 times faster than the overall job market. Moreover, 47 percent of companies plan to hire between one and 10 cybersecurity workers in 2016, compared to 42 percent in 2015.

Despite the burgeoning demand for cyber talent, there is a lack of professionals with the skills necessary to fill these open positions. More than 80 percent of respondents indicated that they always or sometimes have trouble recruiting skilled cybersecurity professionals.

According to the survey respondents, the greatest challenge to recruiting cybersecurity professionals is a lack of talent, as well as a lack of resources to find and attract talent. For the full article click here 



from cyber security caucus http://ift.tt/1VpeZz3
via IFTTT

Will a new cybersecurity law make us safer?

GWEN IFILL: Before the president and Congress left town for the holidays, they managed to enact a massive 2,000-page package of spending and tax cuts. Typically, these laws draw attention only for the chaos they create, like shutting down the government.

But there’s a lot more deep inside, in this case, a significant and controversial new law governing cyber-security and Internet data. The new law encourages private companies to share data about cyber-hacks with the government. It protects companies from liability, and it also allows data to shared with other companies and with the Department of Homeland Security.

Lawmakers from both parties said it was a good deal.

SEN. DIANNE FEINSTEIN, D-Calif.: If someone sees a particular virus or harmful cyber-signature, they should tell others, so they can protect themselves. That’s what this bill does. For the full article click here 



from cyber security caucus http://ift.tt/1Vpf2KY
via IFTTT

Early IT adoption doesn’t mean Singapore e-gov systems need overhaul

Being an early adopter of technology, Singapore’s public sector may very well be susceptible to vulnerabilities inherent in legacy systems, but this does not mean the country’s e-government systems need a complete overhaul.

David Koh, chief executive of Cyber Security Agency (CSA), explained that where cybersecurity was concerned, there were typically three key aspects to manage: usability, cost, and security. Focusing on two would inevitably mean the third had to be compromised, and up until the past five years, the general consensus seemed to be that usability and cost should be the main drivers.

“People were prepared to sacrifice security,” he said, noting that two-factor authentication (2FA), for instance, had been available for years but remained largely unused. “Best practices for security have been advocating 2FA, but there’s been reluctance to implement this… If security professionals tried to implement this five years ago, I think there would have been a huge outcry from the man on the streets who would ask why we’re overreacting and inconveniencing people, and adding cost.” For the full article click here 



from cyber security caucus http://ift.tt/1mhUtoe
via IFTTT

Tuesday, 29 December 2015

Could Your Holiday Gift Be a Security Threat?

A hidden threat may be lurking under your Christmas tree this year. From fitness bands to digital photo frames, some seemingly innocuous presents may harbor flaws that can be exploited by hackers.

“Most likely, a hacker isn’t very interested in how long you’ve run or [in controlling] any appliances in your home,” says Ebba Blitz, president of security and encryption firm Alertsec.  “However, anything that’s connected to the Internet could open up a potential backdoor to your laptop.”

Fortunately, there is no need to pitch all your new holiday goodies. Instead, Blitz and other security experts say consumers can protect themselves by taking a few simple precautions.

Manufacturers Skimping on Security Measures

Gary Davis, chief consumer security evangelist for Intel, says the problem lies largely with manufacturers who rush to get products on the shelves. “Most manufacturers are foregoing even the most basic of security controls,” he says. For the full article click here 



from cyber security caucus http://ift.tt/22vTe5l
via IFTTT

15 Cybersecurity Lessons We Should Have Learned From 2015, But Probably Didn’t

Another infosec year is almost in the books. What did all the breaches, vulnerabilities, trends, and controversies teach us?

As is the case every year in the cybersecurity field, 2015 was full of lessons to be learned. Some brand new, others that it’s absurd we haven’t learned yet.

1. Pay For Your Room In Cash.

Retailers were in hit hard in 2014, but in 2015 point-of-sale hacks really moved over to the hospitality sector. Just Thursday, Hyatt Hotels announcedit was the last to be breached (it had discovered the incident Nov. 30). Before that Hilton Worldwide, Mandarin Oriental, and Starwood Hotels & Resorts (the owner of Sheraton, Westin, and W Hotels) all suffered breaches due to similar attacks. It isn’t just credit card data that is appetizing to attackers either. Info about loyalty programs is hot on the black market too.

SPONSOR VIDEO, MOUSEOVER FOR SOUND

2. Take The Train Instead.

This was the year when car hacking really got taken seriously. Security researchers Chris Valasek and Charlie Miller conducted a controversial demonstration taking remote control of a Jeep Cherokee and bringing it to a screeching stop. The Virginia State Police showed their cruisers could be compromised and researchers showed SMS messages sent to insurance dongles can kill brakes on cars. The issue got so unavoidable that Chrysler recalled 1.4 million vehicles and Intel founded a Car Security Review Board. For the full article click here 



from cyber security caucus http://ift.tt/1JGtojA
via IFTTT

Cybersecurity Act of 2015 broaden network operators’ surveillance power

The new Cybersecurity Act of 2015, included in the Omnibus Appropriations Act approved last week, expands the powers of network operators to do surveillance for cybersecurity.

Pop Herald reported that House Intelligence Committee Chairman Devin Nunes and senior Democrat Adam Schiff, who were some of the primary supporters of the bill, said the Cybersecurity Act would require companies to take away all of their “extraneous personal information” before they provide cyber threat data to the government. For the full article click here 



from cyber security caucus http://ift.tt/1YKZjLV
via IFTTT

Cybersecurity on 2016 NCUA OIG Audit List

The NCUA’s Office of the Inspector General released its list of 2016 audits as part of its performance plan for the coming year.

Among the audits slated for 2016 are a review of NCUSIF material losses of more than $25 million, as required by the Dodd-Frank Act. The audit will determine causes for credit union failures and the resulting loss to the NCUSIF, and will assess the NCUA’s supervision of the credit unions.

The Federal Information Security Management Act requires the OIG to evaluate the agency’s IT security policies, procedures and practices, as well perform an assessment of compliance and privacy mandates. The OIG must determine if the agency was in compliance with FISMA and prepare an annual report for the Office of Management and Budget on the NCUA’s IT security management program. For the full article click here 



from cyber security caucus http://ift.tt/1JGtojy
via IFTTT

Monday, 28 December 2015

Darktrace wants to disrupt the cybersecurity paradigm in Asia

Deep in the heart of the UK, at the University of Cambridge, a team of technical experts made up of world-class mathematicians, has gathered to develop a new technology designed to detect and decipher cyber threats as they occur in real time.

Sounds familiar? It is reminiscent of the plot of the film The Imitation Game, which chronicles the journey of famed computer scientist Alan Turing as he developed the Turing machine, a device that would be used to decode messages from the German Enigma machine during World War II.

Today’s cyber threats are far more advanced than the encrypted messages produced by the Enigma (but thankfully do not require a classroom-sized machine to tackle) and are evolving to new levels of sophistication. It is estimated that there are over 1 million new malware threats released daily. For the full article click here 



from cyber security caucus http://ift.tt/1PspjWz
via IFTTT

UK Generation Z wants more emphasis on cyber security

Almost half (43%) of UK’s Generation Z want more focus on fighting cybercrime than on real-world crime, research  by PA Consulting Group shows. When it comes to combatting cybercrime, the UK public expects a dual role for ISPs and the police, with the majority of people confident that the police have a higher cyber capability than criminals. This, according to PA, is an overstatement of the reality that needs to be addressed.

In the interconnected world of today, people’s lives are increasingly taking place online. Whether it is to read emails, work via a cloud, talk to friends via social media and mobile apps or to find new people and products on (social) platforms. With this increased use of data-driven technologies also comes increased cybercrime. Thieves are no longer just targeting their victims in the real-world; they will also try and often succeed to steal from them in the cyber world. Part of the issue comes from people not knowing that they are unprotected as they rely on the technologies they use to be safe, which is not always the case. Research by IBM, for instance, shows that half of developers are not investing in apps security and that 63% of dating apps are vulnerable to hackers. For the full article click here 



from cyber security caucus http://ift.tt/1ZwH0a6
via IFTTT

Cyber security incidents on the rise in Indian enterprises, but information security function not keeping pace

We are living in a globally connected world, fuelled by the growth in connected-devices and advances in communication technologies. The digital age and the inherent connectivity of people, devices and organizations is rapidly providing opportunities for innovation, and businesses have turned their attention to significant benefits such as creation of new products/markets and better understanding of the consumers.

While the opportunities are abundant, many organizations tend to overlook the risks associated with the digital world. After land, sea, air and space, warfare has entered the fifth domain: cyberspace. As many organizations have learnt the hard way, cyber-attacks are no longer a matter of if, but when. Cyber attackers are increasingly getting relentless and often politically motivated. As old sources of cyber threats evolve, new sources are emerging to add to the complexities for the organizations. Cyberattacks have become more sophisticated and harder to defeat over time. The nature of threats is only expected to become more complex over the next five or 10 years. For the full article click here 



from cyber security caucus http://ift.tt/1YHSkTL
via IFTTT

SecureWorks IPO Brings Marginal Added Value To Investors

  • Dell is making its cybersecurity arm, SecureWorks, public to finance a portion of the EMC deal.
  • SecureWorks presents impressive top-line growth but a very disappointing bottom line for a 17-year-old company.
  • SecureWorks IPO does not offer investment opportunities over other players in the cybersecurity space. SecureWorks (SCWX), the cybersecurity subsidiary of Dell, filed its S-1 with the SEC last week to go public. Making SecureWorks public is part of Dell’s strategy to finance thegiant merger with EMC (NYSE:EMC) by selling some assets, making other assets public, and receiving debt financing for the remaining $67B Dell agreed to pay for EMC. For the full article click here 


from cyber security caucus http://ift.tt/1Vm0Z95
via IFTTT

Saturday, 26 December 2015

Lawmakwers To Vote On Controversial Cybersecurity Bill This Week

A cybersecurity bill aimed at thwarting huge hack attacks was slipped at the last minute into a massive $1.1 trillion federal spending bill that Congress is poised to pass this week. “Now it’s up to President Obama to prove that his administration actually cares about the Internet”, said Fight for the Future campaign director Evan Greer. Dianne Feinstein (D-Calif.) said in a statement praising the inclusion of the cyber bill in the omnibus.

After weeks of negotiations and compromise, cybersecurity information sharing legislation has been included in Division N of the FY 16 Omnibus Appropriations Act.

The final version of the bill leaves it to DHS and the Justice Department to create guidelines for preventing data on individuals from being shared with the federal government. The bill ostensibly seeks to encourage companies to share information about hacking attacks and other cybersecurity threats in a more timely fashion with other companies and the federal government in order to allow for a more coordinated and speedy response. For the full article click here 



from cyber security caucus http://ift.tt/1NGABnm
via IFTTT

Electric Grid is a Huge Cybersecurity Vulnerability

It was only a few weeks ago that I blogged on the new Ted Koppel book about the cybersecurity risks to America’s electrical grid, see Lights Out–Destroying America, One Infrastructure at a Time

Then earlier this week, the AP ran a story, AP Investigation: US power grid vulnerable to foreign hacks

It is a affirmation of everything I’ve read in Koppel’s book. And it confirms some of what I expect:

  • We really don’t know how much penetration of our electrical grid has already occurred.
  • Companies overestimate their ability to keep their systems protected.
  • The federal government will not be able to assist to the degree that people might expect — limited assets exist.
  • It is only a matter of time before someone pulls the trigger and takes down part of the grid.
  • Electrical grid outages could last not just days, but weeks — even months, if there are damages to equipment.

That makes for a very fine Merry Christmas! For the full article click here 



from cyber security caucus http://ift.tt/1J9837r
via IFTTT

National Guard prepares to defend cyberspace

The North Dakota Information Technology Department on May 29 noticed unusual activity on a server. Forensic work revealed cyber attackers had compromised the server, which contained the personal information of workers and employers who filed incident reports or payroll reports online with North Dakota Workforce Safety and Insurance from 2006 to 2013. For the full article click here 



from cyber security caucus http://ift.tt/1NGACb2
via IFTTT

Secure Your Shiny New Gadget This New Year

The holiday season is the most wonderful time of the year, and a time when many of us receive new gadgets- gaming devices, laptops, smartphones, ebook readers, smart children’s toys, wireless speakers, smart watches and other wearable fitness devices. We get it. The minute you take your new gadget out of the box, you immediately want to get down to business on it. But, what if we told you that you needed to secure the device before you could play on it? Bummer, right? Of course it is — but not as big of a bummer as identity theft. It is important to understand how best to protect these shiny new gadgets, not only from viruses and assorted malware, but also from the other elements as well. Let’s take a quick look some best practices you should resolve to follow in 2016:

The Insurance Factor
According to the Norton Cyber Security Insights Report mobile device theft, was the most common form of security breach in India, almost twice the global average. Is it worth insuring your new gadgets? If it’s a smartphone or something similar, insurance isn’t a bad idea. Insurance is available through third-party sources as well as. For the full article click here 



from cyber security caucus http://ift.tt/1J9837p
via IFTTT

Friday, 25 December 2015

The problem with encryption backdoors? Anyone can get in

Two vulnerabilities in widely used networking software made by Sunnyvale’s Juniper Networks reveal both the power — and the risk — of building backdoors into encryption.
One of the vulnerabilities disclosed by the company this month could be used to eavesdrop into virtual private network connections — theoretically secure connections often used by companies to conduct remote business. The other could allow attackers to gain access to certain Juniper devices.

Students arrive at the Ramon C. Cortines School of Visual and Performing Arts in downtown Los Angeles on Wednesday, Dec. 16, 2015. Students are heading back to class a day after an emailed threat triggered a shutdown of the vast Los Angeles Unified School District. Behind the gag e-mail service used to threaten schools LAS VEGAS, NV – JANUARY 08: A general view of the Bitcoin booth at the 2015 International CES at the Las Vegas Convention Center on January 8, 2015 in Las Vegas, Nevada. CES, the world’s largest annual consumer technology trade show, runs through January 9 and is expected to feature 3,600 exhibitors showing off their latest products and services to about 150,000 attendees. (Photo by Ethan Miller/Getty Images) Despite bitcoin drama, Wall Street hot on cryptocurrency (FILES) In this February 14, 2010 file photo, a woman photographs a wall of Barbie dolls in the Mattel display at the annual Toy Fair, in New York. The new Barbie doll is “intelligent” and connected. Too connected for some privacy activists. The high-tech “Hello Barbie” doll unveiled earlier this year by toy giant Mattel and likely to be a holiday hit allows children to speak and get a response from their favorite toy. But to make that happen, conversations travel over Wi-Fi networks to Internet “cloud” servers that use artificial intelligence to deliver a personal reply. For the activist group Campaign for a Commercial-Free Childhood, the privacy risks of the intelligent Barbie outweigh the benefits. “Children confide in dolls and reveal intimate details about their lives, but Hello Barbie won’t keep those secrets,” the group said in a statement November 30, 2015. Maker of Web-connected Barbie launches bug bounty
The VPN loophole that could allow outsiders to spy on communications carries some clues of state-sponsored hacking, Ralf-Philipp Weinmann, the founder and CEO of German consulting firm Comsecuris, wrote in a blog post. Whoever discovered the loophole exploited a random number generator for encrypting information based on an algorithm created by the National Security Agency. For the full article click here 



from cyber security caucus http://ift.tt/1OdaXZ9
via IFTTT

Health Watch: Can Medical Devices Be Attacked By Hackers?

NEW YORK (CBSNewYork) — If you feel vulnerable when you’re in the hospital it turns out you’ve got company — so is the hospital itself.

According to cyber security expert Billy Rios, of Whitescope, many medical devices, such as the IV pump, are connected wirelessly to a centralized computer network, making it easier to monitor, CBS2’s Dr. Max Gomez reported.

“It’s a medical device, but the way this thing runs it’s really just a computer,” Rios said. “By design, you’re allowing it to where someone else can control this thing remotely and do things to the pump, or do things to the device or equipment. You have to understand what you’re doing before you do this.” For the full article click here 



from cyber security caucus http://ift.tt/1Tk3szv
via IFTTT

Five Cybersecurity Trends to Watch in 2016

To no one’s surprise, cybersecurity continued to be a key area of concern and struggle among organizations of all sizes in 2015. However, buried amongst the constant news cycle of new attacks and sophisticated breaches is the fact that more business leaders are understanding the importance of cybersecurity and its potential impact on the organization. Whether it’s a small operation within a niche industry or a major global corporation, everyone is at risk. As we prepare to ring in 2016, we have taken time to reflect on lessons learned in the past year and how these trends and major news stories in cybersecurity will affect the year ahead. For the full article click here 



from cyber security caucus http://ift.tt/1QZEtSV
via IFTTT

The Greatest Index Funds for 2016

While much is written about individual stocks, index funds offer investors a simple way to diversify their portfolios. Broad-based ETFs that track the whole market are extremely popular, but ETFs that focus on individual sectors or industries can be used by investors to bet on a particular trend without the risk associated with picking individual stocks. Our Foolish contributors have identified three of the best ETFs for investors to consider for 2016.

: Cybersecurity is a hot topic these days, and there are a large number of companies scrambling to win market share. Worldwide spending on information security grew by about 5% in 2015, reaching $75.4 billion, according to Gartner, and the most optimistic estimate calls for the market to grow to $170 billion by 2020. According to Cisco, the cybersecurity market is overcrowded, with the average large enterprise having more than 50 separate security vendors. For the full article click here 



from cyber security caucus http://ift.tt/1NOF8Cg
via IFTTT

Thursday, 24 December 2015

Techstars zooms in on cybersecurity in new Tel-Aviv programme

In partnership with Barclays, Techstar’s latest accelerator leverages the region’s strength as a cybersecurity leader to accelerate ten startups from around the world in a 13-week programme.

Considering that Israel’s first accelerator ever, The Junction, launched only in March 2011, startup growth has been fast. There are now a reported 207 accelerators in Israel and over 3,000 startups in the region.

Since the beginning stages, Israel has been a hotbed for tech startups: Google acquired Israel-based social mapping firm Waze in 2013, in a deal reported at about US$1 billion. Japan’s Rakuten paid US$900 million for Viber, the messaging app founded by four Israelis. Facebook bought Israeli start-up Onavo in October 2013, said to be worth about US$200 million.

The area is also seeing increased interest from VCs. 2015 was a record-breaking year for VC funding, where the first half saw 342 companies attracting US$2.1 billion, up from 334 companies nabbing US$1.6 billion in the first half of 2014, according to Business Insider. For the full article click here 



from cyber security caucus http://ift.tt/1PlXSM3
via IFTTT

UK And Singapore Launch Joint Research Projects In Cyber Security

AsianScientist (Dec. 24, 2015) – Six new joint research projects will see United Kingdom (UK) and Singapore-based researchers collaborating to enhance the resilience of systems and infrastructure against cyber attacks. The UK’s Engineering and Physical Sciences Research Council (EPSRC) and Singapore’s National Research Foundation today announced the results of a joint £2.4 million (S$5.1 million) research call, made from May to July 2015, which will fund the projects over the next three years. The grant call sought to strengthen knowledge and capabilities in cyber security and foster closer collaboration in cyber security research between the researchers of both countries. The 22 proposals received were evaluated jointly by cyber security experts of both countries. Six projects are awarded covering research areas in intrusions, data analytics, human factors and sector & applications. For the full article click here 



from cyber security caucus http://ift.tt/1OprHOR
via IFTTT

Sophos Releases Cybersecurity Predictions For 2016

Thursday, December 24, 2015:  ssSophos (LSE:SOPH), a global leader in network and endpoint security technology has released its global cybersecurity predictions for 2016, which discusses the nature of evolving threats vis-à-vis rising complexity in securing the cyber space. These predictions indicate that as advanced attacks get more coordinated than ever before, security solutions also need to function in a coordinated way. Given below are the trends highlighted in this report: For the full article click here 


from cyber security caucus http://ift.tt/1YDiz8D
via IFTTT

Hyatt Hotels hack: Hospitality giant claims payments system attacked

The latest victim of a cyberattack is global hospitality brand Hyatt Hotels. The company said that it found malware on computer systems that are used to process customer payments.

The hack has affected its payments processing system of those properties that are managed by Hyatt. The hospitality giant announced on 23 December that its systems had been breached, however, there was no information on whether or not customers’ credit card information or other data had been stolen. Hyatt began a probe as soon as it discovered the breach and hired leading cybersecurity experts to investigate the hack. It added that security of its payments system was enhanced to make customers to feel comfortable while making purchases. The American hospitality firm has asked customers to keep an eye on unauthorised charges in their card statements and report unusual activity to the card issuing company. For the full article click here 



from cyber security caucus http://ift.tt/1YDiz8B
via IFTTT

Wednesday, 23 December 2015

Is Your Business At Risk for a Cyber Security Attack? 6 Steps to Take NOW

Does your business consider cyber security threats a serious concern? It should!  Yet many businesses believe they’re immune to cyber-attacks because they’re small, don’t handle large volumes of data or don’t have large revenues. Here are 6 steps to take to make your data less vulnerable to cyber security attacks.

If you’re still not sure you should be worrying about cyber security, consider this: “A survey of 46 global securities exchanges conducted by the International Organization of Securities Commissions (IOSCO) and the World Federation of Exchanges Office found that more than half (53%) had experienced a cyber-attack. Furthermore, those who experience major cyber-attacks are often subject to millions in lost revenue and business closures. For the full article click here 



from cyber security caucus http://ift.tt/1JufG30
via IFTTT

Iowa governor issues cybersecurity executive order

In an effort to step up Iowa’s cyber defenses, Gov. Terry Branstad ordered several agencies to develop a cybersecurity strategy for the state on Monday.

The state’s Office of the Chief Information Officer, the Homeland Security and Emergency Management Department, the state Communications Network, the National Guard, the Department of Public Safety, and other agencies and stakeholders will work together to develop the plan, according to the order. They must also educate the public on cybersecurity, and work with the private sector and educational institutions on how to implement best practices.

Additionally, the order requires the multiagency group to find grade school and college-level educational programs designed to foster a more robust cybersecurity workforce in the future, and to re-evaluate and update the state’s emergency response plan to include a response to cyberattacks that could affect critical infrastructure. For the full article click here 



from cyber security caucus http://ift.tt/1JufEs6
via IFTTT

Threats targeting operational technology in critical infrastructures highlight the need for Industrial Control Systems Security, according to Frost & Sullivan

SINGAPORE, Dec 23, 2015 (PR Newswire Europe via COMTEX) — ICS devices connected to the Internet without cyber security defenses brings new points of vulnerability to be exploited by attackers

SINGAPORE, Dec. 23, 2015 /PRNewswire/ — In line with the Industry 4.0 Mega Trend, diverse industries have accelerated the adoption of Internet of Things (IoT). Industry players have been exploring ways to enhance their efficiency and competitiveness by harnessing the benefits of IoT and standardizing protocols relating to Internet Protocol (IP). This movement toward digital transformation in manufacturing, utilities, transportation, and grids has highlighted the need for industrial control systems (ICS) security during the design phase.

New analysis from Frost & Sullivan, Asia-Pacific Industrial Control Systems Security Market [http://ift.tt/1U4348u] (http://ift.tt/1U4348u [http://ift.tt/1U4348u]), finds that the market earned revenues of US$162.9 million in 2014 and estimates this to reach US$1.18 billion in 2019. The study provides detailed threat analysis, market forecasts from 2014 to 2019, as well as identifying the drivers and restraints. For the full article click here 



from cyber security caucus http://ift.tt/1IpBIcv
via IFTTT

Long-Awaited Cyber Information Sharing Bill Enacted

After more than four years of congressional consideration of cyber issues, legislation to authorize companies to share cyber threat information has finally been enacted.  On December 18, 2015, President Obama signed into law the omnibus federal government spending and tax bill for 2016, the Consolidated Appropriations Act, 2016 (H.R. 2029), passed by the Senate and House earlier in the day, thereby avoiding the short-term prospect of a government shutdown.  Among the bill’s nearly 900 pages is the long-awaited cyber information sharing bill broadly supported by industry.  Specifically, Division N of H.R. 2029 includes the Cybersecurity Act of 2015 (the “Cybersecurity Act” or the “Act”).  The Cybersecurity Act is similar to the Cybersecurity Information Sharing Act of 2015 (S. 754), or “CISA,” that the Senate passed by a significant bipartisan vote in October. For the full article click here 



from cyber security caucus http://ift.tt/1JufG2W
via IFTTT

Tuesday, 22 December 2015

How the U.S. Will Secure Energy Freedom From Radical Middle East

The U.S. Department of Energy has confirmed the existence of a massive supply of viable free fuel – all unlocked by a startling discovery. Experts agree this free energy source could power the entire planet for at least 36,000 years. This discovery will likely decimate the Saudi royals and render OPEC obsolete. Most importantly, it’s an absolute death-blow to the radical Middle East and its terrorist ties. This will have a major impact on the lives of American citizens. For the full article click here 



from cyber security caucus http://ift.tt/1OI3pK2
via IFTTT

Proofpoint’s 2016 cybersecurity predictions warn of a broader scope for hackers

IF YOU thought cybercrime was at its proverbial summit, you are in for a shock in 2016.

According to security services vendor Proofpoint, cybercriminals will banking on our willing curiosity to facilitate their intended chaos.

“Next year we will see cybercriminals cast a wider net, move away from malicious document attachments and increasingly leverage emerging vectors such as mobile applications and social media platforms,” vice president of Threat Operations at Proofpoint Kevin Epstein said.

“Our six 2016 predictions all have one theme in common — cybercriminals are targeting the people behind devices and are looking to capitalise on their willingness to click.”

In addition to targeting user’s inquisitiveness, hackers are expected to attack high-value financial infrastructure, by way of ATMs, point of sale terminals and payment portals. For the full article click here 



from cyber security caucus http://ift.tt/1RCHOJf
via IFTTT

Cybersecurity Becomes Law

During the 2013 holiday season, retailers were targeted in some of the largest cyber attacks on record, compromising tens of millions of consumer payment card numbers.  This holiday season—Friday December 18, 2015 to be exact—President Obama signed into law a $1.1 trillion spending bill.  Included within the larger spending bill is the Cybersecurity Information Sharing Act of 2015 (the “Act”).  As we continue to monitor the intersection of cybersecurity and the law, we wanted to take a closer look at the implications for the liability landscape in response to the Act.

Lawmakers advise that cyber risks often follow similar patterns and penetrate known vulnerabilities across multiple targets.  Thus, the Cybersecurity Information Sharing Act of 2015 is intended to encourage early cyber victims to share as much information about the experienced data breach with the federal government and other similarly situated companies to arm against future parallel attacks.  Companies willing to share information about hacks receive immunity from antitrust lawsuits and for claims predicated on their monitoring of information systems. For the full article click here 



from cyber security caucus http://ift.tt/1RCHMRq
via IFTTT

Presidential Candidates Must Articulate Decisive Cybersecurity Plans

Traditionally, physical security and cybersecurity have been considered two separate entities. The cybersecurity threat, while significant, was often relegated to the sphere of enterprises, individual privacy, intellectual property loss and financial theft. Physical security, on the other hand, meant potential risk to human safety and lives — and was naturally taken more seriously.

Initial investigation indicates that no encryption was used in planning the terrible Paris attacks. Regardless, these events have given new life to the discussion of how cyber means can serve as conduits for planning physical attacks. This discussion signifies a major sea change, in that cybersecurity and physical security have now effectively overlappedFor the full article click here 



from cyber security caucus http://ift.tt/1Mt9mJ3
via IFTTT

Monday, 21 December 2015

Social Media Pressure Forces Google To Restore Deleted Cyber Security App

On 17th October 2015, a generous man uploaded an application on Google Play Store named “Cybrary”. The application was meant for people who have unreliable internet connections. The intentions behind this application were to start a free cyber security education portal through the application so that people may use these lessons and learn cyber security while having an unstable internet connection. As told above, the application was uploaded on 17th October 2015 on Google play store, it was reviewed by Google and was approved and within a month it had about 50,000 active users but on 25th November 2015, the app was removed from the Google market. The application was updated by the developer on 18th, Nov and was subsequently removed by Google stating, For the full article click here 



from cyber security caucus http://ift.tt/1NxJGz0
via IFTTT

THE INFOSECOND, DEC. 14–18: RETAIL CYBERTHREATS, 2016 PREDICTIONS AND MORE!

The year may be nearing its end, but the cybersecurity news doesn’t stop.

In this final InfoSecond of 2015 we look into the security vulnerabilities of connected toys, reveal the top cyberthreat for the retail industry, explore the rise of POS malware and loyalty card fraud and, finally, set our sights for 2016 with predictions for the top hacker targets of the coming year.

In Case You Missed It

Hello, Barbie and Hacking Toys: Connected toys like “Hello Barbie” might be the hot toy this holiday season, but they’re garnering attention from more than just customers, with cybercriminals finding significant security flaws in the devices. Before buying, make sure you do proper research to ensure the connected toy you’re considering has the necessary security to your family’s personal information safe. For the full article click here 



from cyber security caucus http://ift.tt/1QEATit
via IFTTT

Fed rate hike is bad news for cybersecurity

One thing for sure about the United States’ Federal Reserve raising interest rates is that there will be a spillover across industries, including a rather hot industry of late: Cybersecurity.

Following the rate hike, other financial markets may follow suit, and so may banks within South-east Asia, as the US rates are a common market benchmark (“S’pore consumers to see loan repayments go up as Fed hikes rates’; Dec 18)

Businesses, especially those that rely on some form of bank loans for survival or are dependent on trade in US dollars, may suffer. Increased interest rates imply a budget reduction for business operations, along with the budget for cybersecurity. For the full article click here 



from cyber security caucus http://ift.tt/1TZ8VMg
via IFTTT

US Cyber Threats Persist With Limited Actions to Resolve Vulnerabilities

Cyber threats in the United States persisted in 2015 and yielded the largest cyber breach ever that affected 21.5 million Americans as the government’s measures to protect data and networks have been woefully insufficient.WASHINGTON (Sputnik) — In June, the US Office of Personnel Management (OPM) reported that the personal records of millions of federal government employees and retirees have been hacked, including those who have applied for security clearance. The authorities soon dismissed the OPM director, but never officially made attribution for the attack.

The shock of the massive OPM breach led to numerous discussions on cyber protections, and in the final legislative week of the year, the US Congress is poised to pass legislation to incentivize private sector cyber threat information sharing.

After Edward Snowden’s leaks of the National Security Agency’s (NSA) collaboration with US technology companies to carry out massive spying, privacy advocates and technology companies fought back against the push for information sharing mandates that would give US law enforcement new access to private users’ data. For the full article click here 



from cyber security caucus http://ift.tt/1O2W6jT
via IFTTT

Biometrics and banking, authentication, cybersecurity and Rapid DNA trending this week

Here is a recap of the most popular biometrics industry news that appeared on BiometricUpdate.com this past week.

Biometrics and banking

Iris ID has entered into an agreement with South Korea’s Woori Bank on a pilot project to enhance financial security. The bank will use Iris ID’s iris recognition technology to authenticate clients at ATMs, safety deposit boxes and for access control and if the project is successful, Woori Bank’s 20 million customers will be able to register to use the biometric authentication system.

Netherlands based ABN Amro Bank is letting customers sign up for a new account using their smartphone. For initial ID confirmation the bank requests photos of the consumer’s identity card or passport, a selfie portrait pic, and a payment transfer of €0.01. After registering, the banks mobile app clients can confirm their identity with a selfie. For the full article click here 



from cyber security caucus http://ift.tt/1TZ8XDZ
via IFTTT

M&A Cybersecurity: who are the real disruptors?

2015 has been a record year for M&A because of the highest-ever deal values in the US and in Asia being made, which resulted in deals worth more than $1 trillion in three consecutive quarters and this is set to continue in 2016. bobsguide spoke to Jay Abbott, chief technology officer at Falanx, about financial technology and cybersecurity, focusing on its importance when undergoing the merger and acquisition process.

Smaller companies at increased risk

Abbott explored that those companies that are present and active within the technology sector are at increased risk of being targeted. “An interesting thing that people don’t really know in this space is how companies in fintech are specifically targeted by a number of entities that will attack them pre-merger or pre-acquisition, when they look especially ripe for takeover and will remain dormant within the organisation until the takeover occurs.”

Security needs to be taken more seriously in order to determine the success of the company and Abbott spoke about how certain hacker groups attempt to gain access to those organisations that are smaller and in turn, less secure because they have a smaller budget to spend on precautionary measures. The hackers can then infiltrate the larger corporation after the merger with or acquisition of the smaller company has taken place. For the full article click here 



from cyber security caucus http://ift.tt/1O2W8Z6
via IFTTT

Interview: Australians increasingly falling victim to online hacking scams, says expert

MELBOURNE, Dec. 21 (Xinhua) — Australians are increasingly falling for the “sophisticated” methods of online criminals, according to a leading academic expert in computer security and hacking.

In releasing its Cybersecurity Insights Report late last month, global cybersecurity firm Norton found that almost four million Australians had their online personal information compromised during 2015, costing the Australian economy 860 million U.S. dollars.

Melbourne University lecturer Suelette Dreyfus, an Australian-American researcher in computer security and hacking, weighed in on the alarming figures on Monday, revealing some of the tactics cyber criminals used to crack into victim’s electronic devices.

Dreyfus pointed at the rise of one particular type of malware, known as ransomware, which criminals use to lock an individual’s personal information while demanding a ransom fee, for the hike in cybercrime. For the full article click here 



from cyber security caucus http://ift.tt/1TZ8VMb
via IFTTT

Where are technology skills heading in 2016?

Next year will see increased demand for user experience, data science and cyber security skills, with non-traditional forms of education gaining traction in the market, according to analysts.

User experience (UX) is going to play a key role in digital transformation next year. Richard Fischer from Greythorn said that because digital and mobile projects are “booming” across many businesses in many industry sectors, the demand for easy-to-use and cleverly designed user interfaces will increase.

“If I’m an insurance company or a telecommunications company or I’m Woolworths, it’s what my consumer experience looks like when they are interfacing with me via their laptop or their mobile phone or their tablet,” added Peter Acheson from Peoplebank. For the full article click here 



from cyber security caucus http://ift.tt/1O2Vtqx
via IFTTT

Saturday, 19 December 2015

Healthcare industry gets cybersecurity support in omnibus bill

The healthcare information technology sector is hailing healthcare-specific cybersecurity provisions that have made their way into the massive omnibus legislation that Congress passed on Friday.

The $1.1 trillion spending and tax extender bill, which is now on its way to President Barack Obama, includes language that closely follows the recommendations from the Healthcare Information and Management Systems Society and other groups, which have pushed for greater government support for combating cyber threats.

The legislation creates a healthcare industry cybersecurity task force (PDF) to be established within the law’s first 90 days. The task force will study how other industries combat cyber threats as well as the technical and other challenges that make the healthcare industry vulnerable to attacks.

It also calls for a single pipeline of actionable information on cyber threats that could be accessed in real-time and at no cost. Access to that information is currently cost-prohibitive to small and mid-size healthcare organizations, said Samantha Burch, HIMSS’ senior director of congressional affairs.

A parallel focus of the bill calls on HHS to work with the Department of Homeland Security as well as the National Institute of Standards and Technology to create voluntary guidelines and best practices for healthcare organizations to follow that could cost-effectively reduce their risk of cyberattacks. For the full article click here 



from cyber security caucus http://ift.tt/1If6l4c
via IFTTT

Cyber security warning after National Crime Agency website targeted by hackers

A cyber security warning has been issued after the National Crime Agency website was targeted by hackers.

The chairman of the Home Affairs Select Committee has called for improved cyber security after it was revealed there have been 90 million suspicious events on the NCA website since October 2013.

There were also 178 significant DDoS (distributed denial-of-service attacks) on the website over that period, which means an attempt to make a machine or network resource unavailable to its intended users.

The information was supplied in a letter from the agency’s director general, Keith Bristow, to the committee.

Mr Bristow said they were a “blunt form” of attack which took volume and not skill.

“It is not a security breach, and it does not affect our operational capability. For the full article click here 



from cyber security caucus http://ift.tt/1OdSeZ5
via IFTTT

Cybersecurity legislation passes Congress

The final text of cybersecurity legislation passed Congress as part of the $1.1 trillion spending package on Friday.

The legislation was approved 316-113 by the House early in the day, with 95 Republicans and 18 Democrats voting in opposition. It passed the Senate 65-33. The completed text of the cybersecurity component was less intrusive than some privacy advocates feared, though still short of what they desired. For the full article click here 



from cyber security caucus http://ift.tt/1If6ip0
via IFTTT

Cybersecurity sharing act tucked into budget, despite privacy concerns

Civil liberties groups raised concerns about a federal cyber act Congress passed Friday, but its passage would help the country make progress against hackers, a top security expert told the Tribune-Review.

Leaders in the House and Senate attached the Cybersecurity Information Sharing Act onto a larger omnibus spending bill that both houses passed this week and that President Obama is expected to sign into law.

The act creates a voluntary cybersecurity sharing process allowing the public and private sectors to share information on cyber threats and attacks with the federal Department of Homeland Security without legal liability issues and while protecting private information. Companies would be required to review and remove any personally identifiable information unrelated to cyber threats before sharing information with the government.

“It’s a good step forward, and the only progress we may see out of this Congress,” said James Lewis, director of the strategic technologies program at the Center for Strategic & International Studies in Washington. For the full article click here 



from cyber security caucus http://ift.tt/1If6l44
via IFTTT

Friday, 18 December 2015

“Privacy & Cybersecurity Update: EU Announces Sweeping New Data Protection Regulation”

Some four years after the European Commission first proposed enacting a new data protection regime to replace the 1995 EU Data Protection Directive, the European Parliament and the Council of the European Union have announced a sweeping new data protection regulation.

The impact of the new General Data Protection Regulation (GDPR) cannot be overstated. It will affect not only companies established in the EU, but also any company in the world that processes personal data of EU residents, even if the company does not have an office there.

In our monthly Privacy & Cybersecurity Update at the end of this month, we will provide a detailed summary of the GDPR and what companies should start doing immediately. In this client alert, we set forth some of the key differences between the GDPR and the 1995 directive. For the full article click here 



from cyber security caucus http://ift.tt/1NsQjm8
via IFTTT

Long-stalled cybersecurity Bill poised for US approval

WASHINGTON (AFP) – Legislation designed to fight cyber threats appeared poised for congressional passage following several failed attempts, with the White House on track to prevail despite objections from privacy activists.

The legislation – separate versions of which were approved earlier this year by the Senate and House of Representatives – was tucked into a spending Bill to keep the government operating, making passage likely in the coming days.

President Barack Obama would get a victory with the approval after several years of seeking legislation to boost cybersecurity. Previous efforts were bogged down by opposition from activists who feared it would result in excessive government intrusion, and conservatives who argue it would create a new bureaucracy. For the full article click here 



from cyber security caucus http://ift.tt/22cFe09
via IFTTT

Dell’s cybersecurity unit files for an IPO

Dell Inc’s cybersecurity unit SecureWorks Corp filed for an initial public offering with U.S. regulators on Thursday.

SecureWorks named Bank of America Merrill Lynch, Morgan Stanley, Goldman Sachs & Co and JPMorgan among the underwriters to the IPO, according to a preliminary prospectus filed with the U.S Securities and Exchange Commission.

The Atlanta, Georgia-based company said it intends to list its Class A common stock on the Nasdaq under the symbol “SCWX”. The filing did not reveal how many shares were planned for sale in the IPO or their expected price. The company set a nominal fundraising target of $100 million. For the full article click here 



from cyber security caucus http://ift.tt/1T5xsPs
via IFTTT

SEC Commissioner Encourages Commission to Bolster its Own Cybersecurity

On December 16, SEC Commissioner Luis Aguilar issued a statement regarding the SEC’s cybersecurity protocols for its data gathering efforts. Commissioner Aguilar’s statement follows various SEC initiatives to gather information about the securities markets that have led some market participants to worry about the strength of the SEC’s cybersecurity. In his statement, Commissioner Aguilar addressed current SEC cybersecurity measures and made recommendations he believes would allow the SEC to shore up its role as steward of sensitive personal and financial data.

In his statement, Commissioner Aguilar observed that “the most useful tool any regulator can possess is accurate and complete information on which to base its decisions.” Gathering this data has become increasingly difficult as the network of trading venues has increased to include 11 exchanges, approximately 44 alternative trading systems, and more than 200 broker-dealers.  Monitoring these venues requires the SEC to access and safeguard vast amounts of information, information that is constantly at risk of a data breach. For the full article click here 



from cyber security caucus http://ift.tt/1QQTfLJ
via IFTTT

Thursday, 17 December 2015

Controversial Cybersecurity Act Slipped Into ‘Omnibus’ Budget Bill

A new report from Human Rights Watch details the conditions in Syrian prisons under President Bashar al-Assad.

By Jake Godin | December 16, 2015

“At least in an attack, a rocket comes, and you die. You’re not tortured. Detainees die a hundred deaths a day,” a former detainee told Human Rights Watch.

Human Rights Watch has released a report detailing the torture and deaths of those in Syrian government custody.

It’s … graphic. That’s because it uses torture photos leaked by a man known only as Caesar.

Caesar, previously a military photographer for the regime, leaked more than 50,000 photographs. A little over half were of people who died while they were detained by the government.

Syrian President Bashar al-Assad brushed aside the authenticity of the photos in a January interview with Foreign Policy. For the full article click here



from cyber security caucus http://ift.tt/1UE6S13
via IFTTT

Making cybersecurity a priority

Whenever you turn on the TV, open the newspaper or listen to the radio, inevitably there will be some story about a hacking incident, data breach or an individual’s privacy being compromised when a company has had their servers hacked. Yet for many of us, our mindset has not kept up with the changes to truly comprehend the implications of the connected world — and that goes especially for the decision-makers in the private and public sector in a position to do something about it.

For business leaders, protecting against cyberthreats means gaining a greater understanding of their organization’s digital infrastructure and how it operates on a day-to-day basis. For policymakers in Washington, it means finding the right balance between requiring private-sector disclosure of data breaches while maintaining the data privacy of their customers. For the full article click here



from cyber security caucus http://ift.tt/1UE6RKE
via IFTTT

Simple Steps for Starting your Cybersecurity Initiative

Several high-profile data breaches have catapulted the issue of cybersecurity into mainstream consciousness in recent years. To date, the advice industry has managed to avoid the widespread attacks that have hit other sectors, and as a result, has perhaps been somewhat slower to ensure that basic precautions are in place to protect client data.

While the industry has yet to be hit hard, it hasn’t remained completely unscathed. Last September the SEC censured an advisor that had suffered a cyber-attack, finding that the firm had failed to adopt written procedures and policies reasonably designed to protect the personally identifiable information, or PII, of its clients, in violation of the “safeguards rule.” The breach compromised the PII of roughly 100,000 individuals and the firm was fined $75,000. For the full article click here



from cyber security caucus http://ift.tt/1lSKhm2
via IFTTT

Wednesday, 16 December 2015

Cyberthreat analysis and intelligence: Innovators 2015

Securonix is heavy on the threat analysis piece. And not just a particular threat. This is a product that really enjoys drinking from the Big Data fire hose. Lest you think that we have succumbed to marketing hype and are tossing around buzz phrases, such as “Big Data,” let us assure you that we mean it in the strictest sense. Big Data usually is defined by the four Vs: high velocity, variability, volume and veracity. That means that this Innovator can ingest lots of data that is rapidly changing and is being delivered and ingested at wire speeds all while losing none of its integrity. So, the next question is what can the tool do with this data? The answer is just about anything you want.

The reason for this very directed approach is that Securonix started out as analytics specialists and built from that basis of expertise. They believed that there was a big hole in most security programs. These programs start by looking at everything on the enterprise in terms of identity. They realized that since they were attaching the right ID to everything on the enterprise, there might be a lot more that could be done to protect the network. So they added behavioral analytics, making them the only pure-play security analytics provider.

The system creates baselines, understands what “normal” is, and picks out anomalies. It does not rely on signatures or policy-based analysis because those things, by themselves, don’t work. The Securonix platform is very heavy on anomaly detection and assessing outlier behavior. Then it correlates discovered behavior with many threat intelligence feeds and brings in contextually rich information.

View the original content and more from this author here : http://ift.tt/1O8Q5nI



from cyber security caucus http://ift.tt/1I9Ei68
via IFTTT

Cybersecurity Lessons for Businesses in the Aftermath of FTC’s Settlement of Data Breach Charges Against Wyndham

In a precedent-setting agreement, Wyndham Worldwide Corp. has agreed to settle charges brought by the U.S. Federal Trade Commission that the company failed to adequately protect its data systems and customer information from cyberattacks. The FTC announced the settlement on December 9, 2015, and the announcement ends a lawsuit that was the test case for the FTC’s power to regulate data security.

In 2012, after a two-year investigation into Wyndham’s data security practices, the FTC filed suit against the hospitality company alleging that Wyndham had engaged in “unfair … acts or practices” in violation of the Federal Trade Commission Act, 15 U.S.C. §45(a), by failing to take “reasonable and appropriate” measures to adequately secure hotel guests’ personal information. The FTC’s complaint alleged that Wyndham’s deficient security practices led to “the compromise of more than 619,000 consumer payment card account numbers, the exportation of many of those account numbers to a domain registered in Russia, fraudulent charges on many consumers’ accounts, and more than $10.6 million in fraud loss.” For the full article click here 



from cyber security caucus http://ift.tt/1mniQ3E
via IFTTT

FDA plans workshop to address cybersecurity in medical devices

“There is no such thing as a threat-proof medical device.”

Suzanne Schwartz, M.D., MBA, director of emergency preparedness and medical countermeasures at the FDA’s Center for Devices and Radiological Health.

Two months after finalizing its first guidance on cybersecurity, the FDA has announced a public workshop entitled “Moving Forward: Collaborative Approaches to Medical Device Cybersecurity” to continue to address a growing safety consideration.

Since 2013, the FDA and other organizations have taken increased steps to address cybersecurity in the medical device industry.  In summer 2015, the FDA issued its first cybersecurity alert for a network enabled computerized pump designed for general infusion therapy.  Both the manufacturer and an independent research confirmed that the pump was vulnerable to access by an unauthorized remote user through the networked hospital information system.  The unauthorized user could then modify the dosage the pump delivers to a patient.  While no actual incidents were reported, both the manufacturer and the FDA recommended all hospitals immediately transition to other devices or at least disconnect the pump from the network and run offline as a temporary solution. For the full article click here 

 



from cyber security caucus http://ift.tt/1UxPZ8c
via IFTTT

Tuesday, 15 December 2015

ICIT 2016 Predictions: Access Management Spotlight w/Fellow Greg Cranley (Centrify)

ICIT Fellow Greg Cranley (www.Centrify.com) shares his views on the top threats facing critical infrastructure sectors and how organizations can respond to these threats, with a focus on user credentials and access management.



from cyber security caucus http://ift.tt/1mlmknd
via IFTTT

ICIT 2016 Predictions: Breach Detect & Response Spotlight w/Fellow Ashok Sankar (Raytheon Websense)


ICIT Fellow Ashok Sanakr (Raytheon Websense) shares his views on the top threats facing critical infrastructure sectors and how organizations can respond to these threats, with a focus on prevent, detect and respond technologies.



from cyber security caucus http://ift.tt/1Qq9VLl
via IFTTT

ICIT 2016 Predictions: Behavioral Analytics Spotlight w/Fellow Stewart Draper

ICIT Fellow Stewart Draper (www.Securonix.com) shares his views on the top threats facing critical infrastructure sectors and how organizations can respond to these threats, with a focus on behavioral analytics.



from cyber security caucus http://ift.tt/1OtopnR
via IFTTT

ICIT 2016 Predictions: NextGen Cybersecurity & IoT w/Fellow Stan Wisseman

ICIT Fellow Stan Wisseman (www.hpe.com) shares his views on the top threats facing critical infrastructure sectors and how organizations can respond to these threats, with a focus on NextGen cybersecurity.



from cyber security caucus http://ift.tt/1IRDIdq
via IFTTT

ICIT 2016 Predictions: Embedded Systems & Collaboration w/Fellow Jerry Davis

ICIT Fellow Jerry Davis (NASA Ames Research Center) shares his views on the top threats facing critical infrastructure sectors and how organizations can respond to these threats, with a focus on embedded systems and government / industry collaboration.



from cyber security caucus http://ift.tt/1QJ0TYp
via IFTTT

CES 16 – First-Ever CyberSecurity Forum At CES 2016 Will Feature All-Star Lineup Of Cyber Experts And Visionaries To Explore Looming Security Threats

Tom Kellerman of Trend Micro, Gary Kovacs of AVG Technologies, Suzanne Spaulding of the U.S. Department of Homeland Security and Investigative Journalist Brian Krebs Will Headline CES CyberSecurity Forum January 6, 2016 in Las Vegas —- Newest Session Will Explore TV vs. Reality with Special Guests from USA Network’s Hit Series Mr. Robot

12/14/15, 07:31 PM | Audio & Video, Security & Communication

ARLINGTON, Va., Dec. 14, 2015 — Following a record-breaking year of cyber attacks on U.S. companies and government agencies, the nation’s foremost cybersecurity experts will gather in Las Vegas on January 6th for the first-ever CyberSecurity Forum at CES 2016. As more than 150,000 CES attendees get their first peek at the newest technologies coming to market, cybersecurity industry luminaries, including Tom Kellerman, Chief Cybersecurity Officer at Trend Micro; Gary Kovacs, CEO of AVG Technologies; well-known cybersecurity investigative journalist Brian Krebs; and Suzanne Spaulding, Under Secretary for the National Protection and Programs Directorate (NPPD) at the Department of Homeland Security, will discuss the unintended—and adverse—consequences of our interconnected digital world. The CES CyberSecurity Forum is hosted by CyberVista. For the full article click here 



from cyber security caucus http://ift.tt/1O6qU5a
via IFTTT

Australia to set up cyber security complex in Melbourne

Australian government will partner with Oxford University to set up an ultra-modern cyber security complex in Melbourne, the capital of Victoria.

The government for the first time will allow one of the group’s one-of-a-kind security hubs to be erected outside Britain, Xinhua reported.

Under the agreement, eight of the state’s universities, the Melbourne-based Defence Science Institute and other private companies will be enlisted for the project.

These hubs carry out audits of national cyber risks. Two will be set up and begin operating in the first half of 2016, according to the government.

In addition to the main deal, the government also revealed it had negotiated an agreement for Australia’s Commonwealth Scientific and Industrial Research Organisation (CSIRO) to relocate its digital research programme, Data61 to Melbourne.

The National Broadband Network (NBN), most of Australia’s major banks and its largest telecommunications company, Telstra, also base their cyber-security operations in Melbourne. For the full article click here 



from cyber security caucus http://ift.tt/1NugvdR
via IFTTT

Cybersecurity should never become Achilles’ heel in Internet development

BEIJING – In an era when cyberspace has become a domain so important as land, sea, thesky and outer space, cybersecurity should be safeguarded by all countries around the world,or it could become an Achilles’ heel in the development of the Internet.

Thanks to the acceleration of global informationization, the Internet has infiltrated into almostevery aspect of human life, bringing unparalleled connectivity, creativity and productivity intoour society.

However, the cyberspace is far from safe, as all kinds of cybercrimes, like the fanaticalpropaganda of the Islamic State in the cyberspace, are still rampant.

For China alone, the first nine months of 2015 had witnessed more than 80,000 cybersecurityincidents in its territory, such as malware, defacement, backdoor and phishing, up 124percent year on year, according to a latest report from China’s National Computer NetworkEmergency Response Technical Team/Coordination Center. For the full article click here 



from cyber security caucus http://ift.tt/1O6qRWX
via IFTTT

Hey Australian businesses, if you fear it, do something about it

The Australian Cyber Security Centre (ACSC) and CERT Australia released a new cyber report of cyber statistics on Monday, the 2015 Cyber Security Survey: Major Australian Businesses [PDF]. What interests me most is not the cyber news of some improvement in our cyber defences, cyber heartening though that is, but what seem to be some gaps in the cyber defenders’ thinking.

The survey builds upon the 2013 Cyber Crime and Security Survey released in May 2014, and the 2012 report released in February 2014. As with those that came before it, the exact figures in this latest report should be taken with a grain of salt. Only 149 organisations participated, all of whom are described as: “Major Australian businesses that partner with CERT Australia, and that underpin the social and economic welfare of Australia and deliver essential services including banking and finance, defence industry providers, communications, energy, resources, transport and water”. For the full article click here 



from cyber security caucus http://ift.tt/1RlD6iN
via IFTTT

Monday, 14 December 2015

What You Need to Know About Investing in Cybersecurity

There have been many headlines in the past decade about cybersecurity breaches and hacks — not the least of which was the one that led to Target paying out nearly $300 million to cover damages.

Attitudes around online security are rapidly changing, as companies all over are waking up and starting to deal better with e-security. As a result, the sector is projected to grow to more than $170 billion by 2020.

In this clip, The Motley Fool’s Chris Hill and David Kretzmann talk about the recent past and the promising future of cybersecurity providers. For the full article click here 



from cyber security caucus http://ift.tt/1QGegIV
via IFTTT

Beijing admits Chinese hackers behind attack on US agency

TOKYO — Beijing has for the first time acknowledged that Chinese hackers were behind a cyberattack carried out against a U.S. government agency.

The admission — which follows years of China denying any connection to cyber espionage — came at a meeting between top Chinese and American national security officials in Washington D.C.

U.S. Secretary of Homeland Security Jeh Johnson and Attorney General Loretta Lynch met with their Chinese counterparts, including China’s Public Security Minister Guo Shengkun, for the first U.S.-China ministerial talks on fighting cybercrime in Washington on Dec. 1-2.

The Chinese officials maintained, however, that their government is not involved in cyber espionage activity. For the full article click here 



from cyber security caucus http://ift.tt/22141nM
via IFTTT

CSOs must take initiative to boost CEOs’ security buyin: survey

Despite growing recognition of their importance in mounting an effective cybersecurity defence, industry research has suggested that fully one-third of CEOs and 43 percent of management teams are not regularly briefed on cybersecurity.

While 60 percent of respondents to the Dimensional Research survey, conducted on behalf of security firm CyberArk, said their organisation could be breached, a similar percentage of respondents said their CEOs weren’t well informed enough about security and 69 percent said that security is too technical of an issue for their CEO.

Some 53 percent of the 304 surveyed IT-security professionals believe that CEOs make business decisions without considering security issues, while 44 percent said their CEOs simply do not understand the severity of today’s security risks.

The findings highlight the importance of educating CEOs about security issues – and the initiative that CSOs need to take to make sure their CEOs are more cyber savvy, particularly since many tend to approach security from a compliance perspective that ignores the rapidly changing nature of today’s threats. For the full article click here 



from cyber security caucus http://ift.tt/22142YZ
via IFTTT

Meet the new undisputed enforcer of cyberstandards

A legal bid to rein in the Federal Trade Commission’s cybersecurity authority has ended in defeat for the business community, leaving the FTC as an undisputed enforcer of cyberstandards.

For many companies, particularly those in the retail and hospitality industries, the FTC has served as a de facto cybersecurity regulator.

Now, with the announcement last week that the commission and Wyndham Hotels and Resorts have settled a closely watched customer data breach case, the FTC’s legal authority to enforce somewhat ambiguous cybersecurity standards has a firm legal stamp of approval. For the full article click here 



from cyber security caucus http://ift.tt/1NktBg2
via IFTTT

Saturday, 12 December 2015

Cybersecurity squadron to be based in Michigan

On Wednesday Governor Snyder announced that the Air National Guard base in Battle Creek has been one of four chosen in the nation to receive a cyber operations squadron.

The cyber operations squadron, assigned to the 110th Attack Wing, will bring about 70 jobs to the base. Some members there already have training and experience in cyber operations from their involvement with the Michigan National Guard’s inaugural Cyber Range Hub, which opened on the Battle Creek base in 2014.

The addition of the cyber operations squadron builds on Snyder’s larger cybersecurity initiative, which aims to raise awareness of cyber threats, provide training to identify and disable threats, and encourage continued collaboration in the defense against potential cybersecurity breaches. For the full article click here 



from cyber security caucus http://ift.tt/1Y4wt8T
via IFTTT

Official: SEC Targets Funding Advisers for Weak Cybersecurity

The U.S. Securities and Exchange Commission plans to bring more cases against investment advisers who do not have policies to prevent hacking, the agency’s enforcement chief said on Thursday.

The SEC is targeting advisers in cyber-related cases that focus on regulatory obligations to keep customers’ information private, said Andrew Ceresney, head of the SEC’s enforcement division.

In September, the SEC slapped St. Louis-based investment advisory firm R.T. Jones Capital Equities with a $75,000 fine, alleging it failed “entirely” to protect clients from a July 2013 cyber attack, later traced to China.

While the firm is small, the origin of the attack and cyber security concerns generated attention. For the full article click here 



from cyber security caucus http://ift.tt/1OnG5RM
via IFTTT

Chamber Chairwoman Flores makes jobs her 2016 goal

AT&T Inc. executive Renée Flores boils down her 2016 agenda as San Antonio Chamber of Commerce chairwoman to this simple mantra: Retaining, creating and attracting jobs.
Flores, based in San Antonio as AT&T’s regional vice president for external and legislative affairs, unveiled her top three priorities for next year at the chamber’s annual gala Dec. 5 and in an interview. Her one-year term at the helm of the 2,103-member chamber, the city’s largest business organization, begins Jan. 1.

One priority has a technology theme — Flores said she is targeting cybersecurity.

“We want to get more cybersecurity jobs in San Antonio,” she said. “We have had some wins, but we want to expand in that space in 2016. We want to be an accelerator.” For the full article click here 



from cyber security caucus http://ift.tt/1Y4wt8N
via IFTTT

Deutsche Telekom unveils big plans for new cybersecurity division

Deutsche Telekom has pledged that its new dedicated cybersecurity division will grab “a large share of this growing market”.

In response to a year that has seen security make frequent headlines, the German telco giant is consolidating all its existing security operations across its various different units into one unit. The division will be helmed by Ferri Abolhassan, who currently serves as managing director of the IT division of the Deutsche Telekom-owned systems integrator T-Systems. For the full article click here 



from cyber security caucus http://ift.tt/1OnG5RA
via IFTTT

Friday, 11 December 2015

New state agency will marshal cyber-security resources

The government plans to set up a new agency to marshal the nation’s resources in dealing with cyber-security issues, which it estimates cost the country $257 million last year, Communications Minister Amy Adams says.

Launching a new cyber-security strategy, Ms Adams said a key initiative of the update is to set up a national CERT – an institution for the public and private sectors to go to for help or information about protecting themselves from cyber-threats. Among the ways the government says it has beefed up the nation’s defences against cyber-attacks is through the Government Communications Security Bureau’s ‘Cortex’ project, which disrupts advanced cyber threats to organisations of national significance in both the public and the private sector. For the full article click here 



from cyber security caucus http://ift.tt/1TEFKOj
via IFTTT

Cybersecurity at the UN: Another Year, Another GGE

This week, the UN General Assembly considered a resolution mandating the creation of a Group of Governmental Experts (GGE) for 2016-2017. The GGE will study existing and potential threats in the sphere of information security, as well as possible cooperative measures to address them. The resolution has already been approved in the First Committee, the General Assembly’s specialized committee dealing with international security and disarmament issues. Pending consideration from the Budgetary Committee for the costs of the GGE, the resolution forwarded by the First Committee will be formally approved by the General Assembly, presumably by the end of this month.

As previously discussed on Lawfare, this outcome was well expected. After all, this is the fifth Group of Governmental Experts that the UN has established since it began considering information security back in 1998. Just this summer, the 2014-2015 (the fourth) GGE concluded year-long discussions with a highly-anticipated consensus report. In the report, experts from 20 states agreed upon an impressive array of recommendations for confidence-building measures, capacity-building efforts, and voluntary, non-binding norms. For the full article click here 



from cyber security caucus http://ift.tt/1TEFKOh
via IFTTT

NIST wants more feedback on cybersecurity framework

The National Institute of Standards and Technology is looking for more information on how its famed cybersecurity framework is being used by the private sector and what changes could be made to it in the future.

In an request for information posted Thursday to the Federal Register, NIST wants to learn how organizations are sharing the framework’s best practices, what parts of the framework are utilized more than others and what sections need to be updated.

“We’re looking forward to receiving feedback on specific questions about its use and how it might be improved,” said Adam Sedgewick, NIST’s senior information technology policy adviser. For the full article click here 



from cyber security caucus http://ift.tt/21U1knT
via IFTTT

Local banks host cyber security summit

OHIO VALLEY — Both Farmers Bank and Ohio Valley Bank hosted a cybersecurity summit with local businesses Thursday in Gallipolis and Pomeroy to answer questions and inform community members about the dangers of hackers and electronic fraud perpetrators.

Chistopher Joseph, a cybersecurity consultant, spoke to community members in Gallipolis at a 2 p.m. session at the Ohio Valley Bank Annex Community Room and in Pomeroy at 6:30 p.m. at the Farmers Bank Pomeroy Community Room. According to him, cyber attacks have existed for as long as the internet. Gary Stewart, information technology officer with Ohio Valley Bank, agreed with him.

According to Stewart, the one answer to all cybersecurity related questions was “it depends.” Cybersrecurity can range from individuals attempting to hack into someone’s system, to stealing credit card information by using “skimming” machines For the full article click here 



from cyber security caucus http://ift.tt/21U1k7D
via IFTTT

Thursday, 10 December 2015

Majority Of Federal Agencies Use NIST Cybersecurity Framework, Dell Survey Finds

Numerous cybersecurity threats have been targeting and infiltrating government networks at fever pitch. To address this rising tide of security breaches, the National Institute of Standards and Technology’s (NIST) Framework for Improving Critical Infrastructure Cybersecurity, a voluntary set of guidelines and industry best practices for diminishing cyber risks to organizations, was released in early 2014.

Since then, the framework has provided much needed support to federal agencies by recommending risk-based guidelines to alleviate risk and create a more robust security protocol. After commissioning a survey to determine how this framework is being utilized by the federal government, Dell Software discovered that the majority of federal agencies are following the framework.

The online survey, sponsored by Dell Software and conducted by technology research firm Dimensional Research, questioned 150 federal IT and security professionals to determine their attitudes and approaches to securing the federal government’s cyber footprint.

The survey’s findings revealed that although compliance with the framework is not required, 74 percent of organizations currently utilize the framework as the foundation of their cybersecurity roadmap. According to the respondents, the framework has become a vital tool for improving organizational security. For the full article click here 



from cyber security caucus http://ift.tt/1SPIs3B
via IFTTT

Boston Global Forum to honor outstanding leaders on Global Cybersecurity Day

The Global Cybersecurity Day was initiated to inspire people to join hands to protect the safety and transparency of the Internet, in order to build a clean and pure Internet.

BGF calls on citizens everywhere, from ordinary people to leaders, to apply the Ethics Code of Conduct for Cyber Peace and Security (ECCC) and to respond to the Online Festival for a Pure and Clean Internet on Global Cybersecurity Day.

The festival has received the support of many professors of Harvard University and well-known people around the world as well as the the cooperation and support of the Massachusetts Institute of Technology (MIT) and the University of California, Los Angeles (UCLA).

BGF honors national leaders for their contribution to peace, security and development with the noble award “World Leader for Peace, Security, and Development”.

The award winners will be leaders who demonstrate their dedication through leadership, articles, speechesand initiatives contributing to maintain peace and security, especially cybersecurity, to the innovation and development of their country and their region. The leaders of countries in the areas with conflicts who demonstrate their leadership, who have effective solutions and initiatives to deal with stress, and build peace and security in the region will be of particular interest. For the full article click here 



from cyber security caucus http://ift.tt/1SPItEx
via IFTTT

New Illinois National Guard cybersecurity unit to be based in Springfield

The Illinois National Guard will lead a new cybersecurity squadron, the office of U.S. Sen. Dick Durbin announced Wednesday.

The 39-person unit, which will be headquartered in Springfield, will be a joint mission with the Wisconsin National Guard. Illinois members of the team will also be based in Bloomington and Chicago.

It wasn’t immediately clear Wednesday how many people will be stationed in Springfield.

“This new squadron gives the Illinois National Guard a leading role in supporting our national cybersecurity operations, which are critically important to our homeland security efforts,” Durbin, a Springfield Democrat, said in a news release. For the full article click here 



from cyber security caucus http://ift.tt/1QgPyjD
via IFTTT

New CSUF center elevates cybersecurity studies

When a stranger is at your door, do you casually step aside and allow them to enter your home without knowing anything about them or their reason for visiting? Or do you require the person at your door to identify themselves and state the purpose for their visit?

Cal State Fullerton computer science student Mourad Kordab says this is the same scenario an individual is presented with when they enter personal information into an unknown website, software program or application.

As an aspiring expert in the field, Kordab is part of the CSUF College of Engineering and Computer Science’s new Center for Cybersecurity.

“When you are using (the Internet), you are opening and closing doors between that world and you,” he said.

“When you open the door, you are giving access to them – you have to be careful. You have to keep that in mind.”For the full article click here 



from cyber security caucus http://ift.tt/1QgPyjB
via IFTTT

Wednesday, 9 December 2015

Survey: Agencies love the NIST cybersecurity framework

Not only has the National Institute of Standards and Technology’s cybersecurity framework raised the awareness of IT security in boardrooms across the country, it’s become a staple inside the government.

A wide majority of federal IT security employees surveyed by Dell are using the NIST framework in some fashion. Eighty-two percent told the company they are using sections of the framework within their own cybersecurity programs, with 53 percent saying they use the entire guide.

Of those who are using the framework, 74 percent say it’s used as a foundation for their cybersecurity roadmap, helping to improve organizational security. For the full article click here 



from cyber security caucus http://ift.tt/1NLfflG
via IFTTT

General Dynamics unit to partially fund Va. cybersecurity accelerator

Since accepting its first class of start-ups at the beginning of 2013, cybersecurity start-up incubator Mach37 has been run entirely on public funding. That’s about to change.

At a Tuesday morning briefing attended by Virginia Gov. Terry McAuliffe (D), the accelerator announced its first corporate partnership: a multi-year financial commitment from General Dynamics. The money will feed directly into Mach37’s operating budget.

The company has not disclosed the size of that commitment or laid down any specifics of what the partnership will entail for General Dynamics. For the full article click here 



from cyber security caucus http://ift.tt/1ltEWBe
via IFTTT

Cybersecurity leaders take over RIT

Henrietta, N.Y. – Local small business leaders attended a conference Tuesday on ways to stay safer online.

Members of the National Cyber Security Alliance were at RIT to talk with people about ways to improve their cybersecurity.

They demonstrated ways to improve security on sites such as Google, Facebook, Microsoft, LinkedIn and financial institutions.

“Every account that we open really exposes our personal information,” Better Business Bureau spokesperson Peggy Penders said. “So it’s really important that we understand where we’ve shared our information, that we’re actively involved in the information that’s coming to that account and that we’re deleting and keeping a clean machine.” For the full article click here 



from cyber security caucus http://ift.tt/1NLfehP
via IFTTT

EU Agrees To Strong Cybersecurity Rules For ‘Essential Services,’ Cloud, And More

Members of the EU Parliament, Commission and Council agreed last night to EU-wide cybersecurity rules that would impact industries such as energy, transportation, banking, health, but also some major service providers such as Google, Microsoft, Amazon, eBay and others.

The rules will define the new Network and Information Security directive, which will apply to all 28 EU countries, but each country can implement its own laws and regulations to correspond with the directive. For instance, the countries themselves will be the ones to decide which organizations they deem to be operating “essential services,” where the strictest cybersecurity rules will apply.

These organizations will need to ensure that their data is “cyberattack-proof.” Although nothing truly is hacking proof, it should give them enough incentive to always strive for the best security money can buy. This should prevent situations, such as in Sony’s case, where the manager in charge of IT security of the company didn’t think it’s worth investing too much in security. For the full article click here



from cyber security caucus http://ift.tt/1IE4zcM
via IFTTT

Tuesday, 8 December 2015

IT Security Professionals Are So Hot Right Now

IT security professionals are in high demand in Australia as organisations step up efforts to protect their data and IT infrastructure. The only problem is there aren’t enough security professionals to fill the new roles that are being created. We take a closer look at the current security employment landscape.

Image Credit: Zoolander/Paramount Pictures

At the end of last year, executive search firm CTP Partners predicted that cybersecurity positions will be one of the new in-demand roles for 2015. Fast forward a year and we’ve seen a myriad of major security breaches in the last 12 months, with the most recent one involving VTech where information on millions of customer was compromised. The hack was a result of poorly secured servers and led to untold reputational damage for VTech. These incidents have scared organisations into action, spurring them to invest more in IT security, leading to more jobs in this field.

Just this week 400 IT security jobs were created as part of a new cyber security headquarters for the National Broadband Network in Melbourne. Many other companies are also seeking to snap up top security talent in response to the changing IT security threat landscape. It’s a sign that the higher ups in organisations have recognised the importance of protecting their IT infrastructure and are willing to assign budget to hiring security professionals. For the full article click here 



from cyber security caucus http://ift.tt/1N8DyNv
via IFTTT