Cybersecurity, big data top priorities for state’s IT chief

Dewand Neely is the chief information officer for the state of Indiana, overseeing a 300-plus employee operation that is the sole provider of IT services to about 100 state agencies. He’s been at the Indiana Office of Technology since its inception in 2005 (agencies previously had their own IT teams and resources), and he assumed the helm in October 2015 after Paul Baltzell stepped down.

Neely, 38, recently spoke with IBJ about cybersecurity, the innovation his office is driving, and being one of only a few African-American state government CIOs in the country. The following are edited excerpts from that conversation.

IBJ: You’ve been in your job for a little over a year now. How have you made your mark on this office?

NEELY: I came in [in 2005] as an infrastructure guy a few years out of school and was lucky enough to be one of the first folks to work with the newly created Office of Technology. One of the things I remember early on is the struggle we had with changing the culture when we started doing consolidated IT—how much we had to bend over backward to make sure we were being customer-service focused and delivering value to win over people who were against consolidation.

One of the things I did right away after [becoming CIO] was to really put another focus on that. We were doing some really cool things, but sometimes that work can get in the way of the customer service. For the full article click here 

from cyber security caucus http://ift.tt/2fywAoz
via IFTTT

Trump Presidency: Where does cyber security go now?

Given the unexpected results of the US election, it is hard to predict the future, particularly in sorting out campaign rhetoric from policy intent. In general, Trump’s pro-jobs, pro-business resolve will likely loosen constraints on companies in terms of industry regulations and taxation while supporting employee expansion and capital investments.

Trump will need to reconcile his image as a populist Washington outsider who will champion the common man with the business leader that will ease burdens and restrictions.

Changes will be made to cyber security – this is nearly certain. The election itself was highly charged with security issues that created at the very least tension, and at its height, a kind of hysteria. A string of email attacks that ensnared DNC leaders and even Hillary Clinton’s campaign manager revealed the impact that cyber warfare can have on a national election. For the full article click here 

from cyber security caucus http://ift.tt/2fyyZPU
via IFTTT

Autistic People Can Solve Our Cybersecurity Crisis

ALAN TURING WAS the mastermind whose role in cracking the Nazi Enigma code helped the Allies win World War II. He built a machine to do the calculations necessary to decipher enemy messages and today is hailed as the father of the com­puter and artificial intelligence. He’s also widely believed to have been autistic.

Turing was not diagnosed in his lifetime, but his mathematical genius and social inelegance fit the profile for autism spectrum disorder (ASD). And his story illustrates how society benefits when it gives a voice to those who think different. Until he came along, no one perceived the need for a com­puter; they simply needed to crack the code. It took a different kind of mind to come up with that unexpected, profoundly consequential solution.

While Turing’s renown has arguably never been higher, today we are failing to recognize the potential in millions of other talented minds all around us. Like Turing, many of them are also capable of exceptional technological expertise that can help to safeguard our nation. For the full article click here

from cyber security caucus http://ift.tt/2fyqF5W
via IFTTT

Cyber security must go beyond the traditional

The world is engaged in an invisible war, with honest businesses at one end and cybercriminals at the other. Cyber security is no longer just a concern, but is inevitable, writes NITHEN NAIDOO, CIO of Snode

Cybersecurity is no longer just a pressing concern for the IT industry, it is a very real issue that every business has to contend with. Put plainly, a cyberattack is not just likely, it’s inevitable.

What’s more, many organisations’ security can already have been compromised, without them necessarily knowing even it. Today’s security landscape is no longer defined by the known and familiar attack vectors, responded to by the traditional defences of installing a firewall, antivirus solutions and constantly updated threat signatures. Rather, companies are being attacked in ways they cannot predict and often, don’t even detect using traditional approaches to cybersecurity.

Furthermore, companies are understandably reluctant to share details of how and when their security has been compromised, for fear of their reputations being damaged. This is exacerbated by the fact that they are facing advanced, highly motivated, and extremely well organised attackers, who are globally dispersed and often part of a much larger crime syndicate. This gives cybercriminals a structural advantage, making it all the more likely that they will continue to win the battles they wage. For the full article click here

from cyber security caucus http://ift.tt/2fZksRs
via IFTTT

BLETCHLEY PARK CHOSEN SITE FOR CYBER SECURITY COLLEGE

Bletchley Park has been chosen as the site for the UK’s first National College of Cyber Security.

The plans were confirmed by the not-for-profit cyber security body QUFARO, with intentions to open the site by 2018. The new facility will be built at the site’s G-Block, which is one of the facility’s largest buildings. At present, a £5million restoration project is being conducted to convert the building to a security technology centre.

The college will be a free-to-attend boarding school for up to five hundred 16-to-19 year olds. Pupils are to be selected on talent regardless of background, and taught cyber skills as well as a range of related subjects. The programme is intended to help increase the UK’s potential for helping young people learn cyber security skills, in the face of the increased threat of cyber warfare.

The site is to be built at the historic location where codebreakers including Alan Turing broke the Enigma code during World War Two. For the full article click here

from cyber security caucus http://ift.tt/2gpvxcq
via IFTTT

Internet Society: Change Cybersecurity Stance

“Once bitten, twice shy” is the sentiment among many consumers when it comes to companies that were the subject to a data breach. A new report from the Internet Society finds that 59 percent of Internet users said they would not likely do business with a company that fell victim to a data hack.

“One of the key questions raised by this report is, why are organizations doing so little to protect their customers’ data?” said Michael Kende, economist and Internet Society fellow who authored the report, in a press release. “Everyone knows that data security is a major issue for both consumers and businesses, yet companies are not doing everything they could to prevent breaches.”

According to the Internet Society, the average cost of a data breach is now about $4 million, up 29 percent since 2013. What’s more, in 2015 there were a reported 1,673 breaches and 707 million exposed records. With that in mind, the Internet Society said it is urging companies to change their stance on cybersecurity and follow some key recommendations. For the full article click here

from cyber security caucus http://ift.tt/2faVHCE
via IFTTT

Cyber Security – Technologies & Global Markets – Key Vendors Are Palo Alto, Fireeye & Symantec Corp. – Research and Markets

DUBLIN–(BUSINESS WIRE)–Research and Markets has announced the addition of the “Cyber Security: Technologies and Global Markets” report to their offering.

The scope of the report encompasses various technologies used in cyber security applications. Additionally, the application industry for the market is segmented into banking and financial services institutions, defense and intelligence, healthcare, retail, IT and telecommunications, government, and others, which include education and manufacturing sectors. The present cyber security market offers an opportunity to the stakeholders, largely because of a surge in cloud-based services and the increased use of the internet for online financial transactions.

This report highlights different solutions in the cyber security market, which includes identity and access management (IAM), encryption, data loss protection (DLP), firewall, antivirus and antimalware, disaster recovery, risk and compliance management, and other solutions. Other types of solutions include unified threat management (UTM), distributed denial of service mitigation and web filtering. In addition, the report also offers major regional analysis of the Americas, Europe Middle East and Africa (EMEA), and Asia-Pacific. The estimated and forecast market revenue considered in this report is the summation of prices for software, hardware and subscription services. For the full article click here 

from cyber security caucus http://ift.tt/2f5ZAsc
via IFTTT

U.S. says cybersecurity skills shortage is a myth

The U.S. government has released what it claims is myth-busting data about the shortage of cybersecurity professionals. The data points to its own hiring experience.

In October 2015, the U.S. launched a plan to hire 6,500 people with cybersecurity skills by January 2017, according to White House officials. It had hired 3,000 by the first half of this year. As part the ongoing hiring effort, it held a job fair in July.

At the Department of Homeland Security (DHS), “We set out to dispel certain myths regarding cybersecurity hiring,” wrote Angela Bailey, chief human capital officer at DHS in a blog post Monday. For the full article click here 

from cyber security caucus http://ift.tt/2gAGzP6
via IFTTT

Why Insider Threats Are Hurting North American Businesses

A new report from Kaspersky Lab revealed that company employees are among the leading cyberthreats to North American companies.

According to the “Business Perception of IT Security: In the Face of an Inevitable Compromise” report, 20 percent of businesses worldwide experienced four or more data breaches in the last 12 months, while North American businesses suffered double the global amount at 44 percent.

Enterprises in North America said careless/uninformed employee actions (59 percent) and phishing/social engineering (56 percent) were the largest drivers of the serious data breaches they experienced.

“The survey results indicate the need for a different view on the growing complexity of cyberthreats,” Veniamin Levtsov, vice president of enterprise business at Kaspersky Lab, said in a press release. For the full article click here 

from cyber security caucus http://ift.tt/2fYepd6
via IFTTT

McAuliffe announces new cybersecurity with Australia

RICHMOND, Va. (AP) – Virginia Gov. Terry McAuliffe has announced a new partnership with the Australian state of Victoria to share resources and information related to cybersecurity.

McAuliffe’s office announced the memorandum of understanding Monday, as he continues a 10-day trade and marketing mission to Asia and Australia.

The governor’s office said the agreement would also allow both governments to share ideas on the best way to grow skilled workforce, promote entrepreneurship and other areas.

McAuliffe has made expanding Virginia’s cybersecurity industry a key priority. Virginia is home to the Pentagon, the CIA and various other defense-related agencies. For the full article click here 

from cyber security caucus http://ift.tt/2ghkAKc
via IFTTT

Soliton Enters Europe and Targets Enterprise Cyber Security Space With Rebrand of Excitor

Soliton Systems, a leading provider of IT security in Japan, today announced its expansion into Europe with the rebrand of Excitor, the mobile security specialist. Soliton recently acquired Excitor and will continue to offer Excitor’s secure mobile and remote access products alongside its range of enterprise-class network security solutions. Excitor will be rebranded as Soliton as the company ramps up its operations across Europe, expanding its channel partnership programme to target the cyber security market.

The enterprise mobility sector has matured over the course of the past two years with a subtle shift away from protecting and managing the device towards secure data management. Protecting access to that data is now a priority for the connected business. Sophisticated and veracious attacks and the imminent application of more stringent data regulation in the form of legislation such as the EU GDPR will increase the onus on the organisation to secure data.

Recognising this shift in demand, Soliton Systems will now focus not just on enterprise mobility but on data and access protection through a suite of cyber security products. The Mobicontrol MDM, DME mobile container, and G-On remote access device previously offered by Excitor will be complemented by cyber controls that protect, guard and actively defend data. The Soliton services For the full article click here 

from cyber security caucus http://ift.tt/2fjcAJF
via IFTTT

Cyberbit Launches Channel Program To Create A Profitable Opportunity To Solve Customers’ Most Critical Cyberthreats

AUSTIN, Texas — /PRNewswire/ –Cyberbit, whose cybersecurity solutions protect the world’s most sensitive systems, today announced the launch of its Channel Program for North American Partners: MSSPs, VARs, distributors and consultants, who play a critical role in helping companies defend themselves against evolving cyberthreats. The Cyberbit Channel Program will deliver enhanced margins to partners, by providing Cyberbit’s suite of solutions, addressing today’s most complex cyber security problems for customers.

Cyberbit partners will get access to the industry’s most advanced endpoint detection and response (EDR), SOC automation and orchestration, cyber range training and simulation platform, and industrial control systems security. The Cyberbit Channel Program is led by enterprise and IT security channel veteranStephen Thomas, former Vice President of Channel Sales at Symantec, who has more than 20 years of sales leadership and building channel programs for partners of all sizes. Now Vice President of Sales at Cyberbit, Thomas will position partners to address pressing challenges in cybersecurity as part of the company’s 100-percent-channel-focused strategy. For the full article click here 

from cyber security caucus http://ift.tt/2fTCMsp
via IFTTT

Cybersecurity Threats May Impact Your Digital Health

As the healthcare industry continues to embrace the Internet of Things, cybersecurity may present unprecedented health and privacy risks to patients. Wireless-enabled medical devices are increasingly common. For some patients, this means that their hearts are, quite literally, connected to the Internet of Things. For others, mobile medical apps and wearable products are collecting personal health data that may be inadequately protected.

The medical device industry came under fire this year when a Senator from California sent a letter to the top five U.S. medical device manufacturers expressing “serious concerns that the cybersecurity vulnerabilities in medical devices are putting the health and safety of patients in California and across the country at risk.” Senator Barbara Boxer (D-CA) wrote her letter in response to findings from an independent security researcher who discovered certain vulnerabilities in drug infusion pumps used in hospitals. The researcher discovered that the device software was vulnerable to infiltration that had the potential to manipulate the pump’s drug dosage levels. Unfortunately, this is not the first time this risk has been demonstrated. For instance, similar studies have revealed the vulnerabilities of wireless-enabled pacemakers and defibrillators, which in some cases have led to embarrassing public disclosuresby companies seeking to profit from such vulnerabilities. For the full article click here 

from cyber security caucus http://ift.tt/2g2kc0A
via IFTTT

Cybersecurity experts offer advice for incoming Trump administration

WASHINGTON — The new Trump administration could better protect the nation from cyber attacks by teaming with Silicon Valley to boost the cyber workforce and creating an agency to find new ways to safeguard digital security, UC Berkeley’s Center for Long-Term Cybersecurity said in recommendations unveiled Friday.

Those ideas were among five major cybersecurity suggestions that the center’s experts offered during a panel discussion at the Bipartisan Policy Center. The University of California, Berkeley center has reached out to Trump’s transition team to offer its advice. Trump has not yet named a cybersecurity adviser.

“The new administration has an important opportunity to change the way Americans think about cybersecurity,” the center said in a short report presented by Executive Director Betsy Cooper and Faculty Director Steven Weber. “We believe cybersecurity needs to be thought of as an existential risk to core American interests and values, rising close to the level of major armed conflict and climate change.” For the full article click here 

from cyber security caucus http://ift.tt/2fbkO6s
via IFTTT

Embracing cybersecurity remains a challenge for many firms: Expert

SINGAPORE: Awareness and investment in cybersecurity may have grown in recent years, but the longer-term strategy of embracing the issue remains a challenge for many, said Mr Low Chee Juee, chief technologist of the cybersecurity practice at consulting firm Booz Allen Hamilton.

Speaking at the tech risk conference during the Singapore Fintech Festival on Thursday (Nov 17), Mr Low said embracing cybersecurity remains a challenge even though organisations could reap the potential benefits of lower costs and improved organisational efficiency.

“In terms of action, we’re still a step behind in a lot of areas where we need to be ahead. If we’re looking at it from a scale of one to 10, with 10 being ‘ready’, I think we’re still at ‘four’ in terms of where we’ve engineered a change,” Mr Low said.  For the full article click here 

from cyber security caucus http://ift.tt/2fYQuJN
via IFTTT

NHS Cybersecurity: Breaches Up, Spending Low

A new Freedom of Information (FoI) request has uncovered a litany of cybersecurity failings by NHS trusts across the UK.

Sky News received responses from 97 trusts and found data breaches in the health service had risen from 3133 in 2014 to 4177 last year.

What’s more, the average annual amount spent on cybersecurity was just £23,000, although six trusts claimed to fork out over £100,000.

More worrying is the fact that 45 trusts were unable to put a figure on spending at all, while seven trusts serving more than two million people spent nothing at all in 2015, the report claimed.

The news site engaged consultancy Hacker House to do some digging and claimed to have found that “security across the board was weak for many factors.” For the full article click here 

from cyber security caucus http://ift.tt/2f7qa2K
via IFTTT

Closing the Gender Gap in Cybersecurity: Its Time to Back Ourselves as an Industry

Whilst I spent most of my maternity leave in coffee shops and parks, I did manage to engage my brain for long enough to write a few industry reports, one on the reformation of the computer science GCSE, and one on closing the gender gap in cybersecurity. The lack of women in the industry is something that has always perplexed me, but this research allowed me to truly indulge my curiosity by spending time with representatives from across the industry; from government departments to recruiters to pen-testers to CISOs, and get to the bottom of why there is such a lack of women, and what can be done about it.

At the Big Bang Careers Fair earlier this year, CREST, in partnership with the government, ran a digital defenders stand to try and encourage schoolchildren to consider careers in cybersecurity. Interestingly – and encouragingly – they welcomed to the stand just as many schoolgirls as schoolboys expressing an interest in cybersecurity. That’s the good news. Yet, only 17% of computer science graduates are females, and according to the latest (ISC)2workforce study, only 10% of industry professionals are women. So what’s going wrong and why are we, as an industry, not converting those interested schoolgirls into graduates and then industry professionals?

Does it even matter? Many industries have gender imbalance, so is it something we should even be worrying about? The answer is unequivocally yes. There are arguments that a diverse workforce increases productivity; that research shows increased profitability in companies with more women; and recruiters even say that women bring a loyalty and stability to the industry that male counterparts, on the whole, don’t. Whilst these arguments are all valid, it’s actually simpler than that: cybersecurity is facing a frightening skills gap, with predictions that by 2020 there will be 1.5 million unfilled positions, so to put it simply, we need more people, so we need more women. It just makes sense. For the full article click here

from cyber security caucus http://ift.tt/2fFlgrQ
via IFTTT

White House and Homeland Security Publish Cybersecurity Guidelines for IoT Devices

Two independent IoT (Internet of Things) cybersecurity publications were released yesterday by the White House and the Department of Homeland Security, covering guidelines and principles for creating IoT devices with in-built security measures, as well as recommended protocols for implementing such measures.

The Obama administration ‘rushed’ the NIST (National Institute of Standards and Technology) publication a month ahead of the planned release, primarily due to the escalated urgency surrounding cybersecurity for IoT devices following last month’s major Distributed Denial of Service attack that disabled parts of the United States’ internet infrastructure.

Cybersecurity has long been a concern since Internet connectivity started becoming more prolific in the 1990s. As connectivity came to mobile devices en masse in the 2000s, it became an even bigger issue. Today, the Internet of Things is next in line for in-depth scrutiny because it involves a large number of interconnected devices that are perpetually online. That increases the quantum of risk by a significant magnitude. For the full article click here

from cyber security caucus http://ift.tt/2fXfp4e
via IFTTT

Cybersecurity Law aims to ‘protect people’s interests’

New legislation set to be a hot topic among experts, officials at the annual internet meeting

Cybersecurity and related issues have been hot topics among internet and judicial experts since China’s first Cybersecurity Law was adopted earlier this month.

The law and its related topics, including how to put coordination of government departments into practice and how to review products and services before they are made available on the internet, will also be heated topics of discussion at the World Internet Conference, experts said.

Li Yuxiao, secretary-general of the Cybersecurity Association of China, said that he will go to Wuzhen, Zhejiang province, to participate in the third WIC, which runs from Wednesday to Friday, adding that one of his focuses will be legal issues.

“It’s good to see that our nation has finally drawn up and adopted its first Cybersecurity Law,” Li said.

“It’s the guide when we draft some other cybersecurity-related rules, and I think its adoption has brought more confidence to internet and judicial professionals,” he said. “I’d like to share the law with foreign guests and listen to their opinions at the conference.” For the full article click here 

from cyber security caucus http://ift.tt/2fUPRCT
via IFTTT

Cyber security expert to speak at 2016 State of the Region

There’s a war going on, and Dane Deutsch is on a mission to make sure companies and businesses don’t become collateral damage.

Deutsch, the president and CEO of Rice Lake information technology company DCS Netlink, will speak on the topic of cyber security at the sold-out second State of the Region event, sponsored by the 7 Rivers Alliance and to be held Wednesday at The Court Above Main. Federal Reserve Bank of Minneapolis Outreach Director Ron Wirtz also will provide some regional economic advice, the results of the 7 Rivers 2016 business survey will be presented, and Tribune Executive Editor Rusty Cunningham will present the 2016 Rising Stars Under 40 at the event.

“This will give a sense of the economic health of the region,” 7 Rivers CEO Lisa Herr said.

Herr started as executive director of the organization in 2014, and when she first arrived said there wasn’t a lot of detailed data on the region’s economy. Her staff tweaked the organization’s business survey to gather more information and worked with the Federal Reserve to create the State of the Region program.

“The intent of all of this is to help inform business and community leaders about what has gone on and what to anticipate for the coming year,” she said. For the full article click here 

from cyber security caucus http://ift.tt/2fUSmVH
via IFTTT

DocuSign Opens Cybersecurity Centre of Excellence in Dublin

DUBLIN, Nov. 14, 2016 /PRNewswire/ — DocuSign announced today the opening of its Cybersecurity Centre of Excellence in Dublin as part of its ongoing commitment to Europe and protecting its customers’ data and privacy. The Centre will be committed to conducting research into the latest cyberattacks and trends, while developing tools for the advanced detection of such threats.

The project is supported by the Department of Jobs, Enterprise & Innovation through IDA Ireland.

A critical focus for the Centre within the next three years will be undertaking research and development into security orchestration and automation, which will directly inform advancements and innovation for DocuSign’s security tools. As a result, the company’s customers and employees will benefit from DocuSign’s ability to respond even faster to rapidly evolving threats.

Welcoming the new investment by DocuSign, the Minister for Jobs, Enterprise and Innovation, Mary Mitchell O’Connor TD said, “This new Cybersecurity Centre of Excellence will be a valued addition to Ireland’s existing strengths in the ICT sector. We are very keen to attract a wider range of specialist IT companies, especially in Cybersecurity, as we are all very conscious of the crucial importance of being able to deal with Cybersecurity threats.  It is great news that a company of the stature of DocuSign has decided to open this new facility here.  We have the IT skills available to enable the company to grow and to embed their operations in Ireland.  Their arrival is a great vote of confidence in what Ireland has to offer and I wish the team the very best for their future in Ireland.” For the full article click here 

from cyber security caucus http://ift.tt/2eSj3b9
via IFTTT

WISeKey creates a Joint Venture company “WISeKey Argentina” for the development of cybersecurity in Latin America.

ZUG, Switzerland & GENEVA & BUENOS AIRES, Argentina–(BUSINESS WIRE)–WISeKey International Holding (WIHN, a company listed on the Swiss stock exchange) through WISeKey ELA (its Spanish company headquartered in Bilbao), AC Investment & Consultant S.A. and Trend Technologies S.A. reached an agreement to form a Joint Venture for the creation of a new company WISeKey Argentina, with the objective of extending WISeKey’s global presence in Argentina.

WISeKey’s global expansion during recent years has focused on the development of joint ventures with strategic partners on a national level, which has permitted WISeKey to deploy their information technology security and the Internet of Things in emerging economies in India, Brazil, China and now Argentina. These joint venture companies are developed in these countries with strategic partners that pave their way into the market providing important clients and contracts that are facing a high growth demand for cybersecurity solutions such as, digital identity and privacy, secure mobile communication, secure cloud computing, the Internet of Things, secure semi-conductors, BlockChain and other innovative technologies offered by WISeKey.

The new joint venture will expand current operations in Argentina with the possibility of extending into other Latin American countries as well. The WISeKey alliance with its new partners creates a synergy between leading companies whose values and product portfolio provide state of the art technology and cybersecurity services. This initiative also contemplates that the company offer its services and solutions from a highly secure data center located in the region. The partnership includes a strategic investment in WISeKey Argentina, representing a 49% ownership to the new partners and a 51% share for WIHN. For the full article click here 

from cyber security caucus http://ift.tt/2f7XdBh
via IFTTT

Teaching Kids About Cybersecurity? Ask Garfield.

Children are spending more time online, chatting up strangers and sometimes giving them personal information that could put them in harm’s way. But a new collaboration that enlists a particularly troublesome cartoon feline is looking to teach kids a few things about cybersecurity.

Mobile devices have become the babysitters of the technology age, engaging and distracting kids in equal measure.

“Children are growing up with these things,” said Patrick Craven, Director of the Center for Cyber Safety and Education. “They practically have them in the crib with them and so they don’t see the danger that could be.”

Online strangers that come across as friendly and chatty might seem harmless to a child. But giving them too much information – a home address or the name of the child’s school – or even meeting with them, might invite cyberbullying or worse. For the full article click here

from cyber security caucus http://ift.tt/2g57TVc
via IFTTT

My grandpa is more qualified to run America’s cybersecurity than Rudy Giuliani

Rudy Giuliani’s name has been floated as a possibility for several cabinet level positions—everything from attorney general to secretary of defense. But the longtime Trump supporter and necromantically animated skeleton said in an interview this morning on Fox News that his real calling is keeping America’s internet safe.

Wow, what a great idea! It’s unclear exactly what job Giuliani is lobbying for, but he clearly has some sort of position in mind relating to cybersecurity. But I have another candidate I’d like to put forward for this mystery office: my grandpa.

At first glance, the two appear to have a lot in common. They’re both Italian-American men from New York City who moved to Long Island in the 1950s. They both have a history of public service—Giuliani through his time as U.S. Attorney and mayor of New York City, and my grandpa as a World War II veteran (happy Veteran’s Day Grandpa!). At 98 years old, my grandpa is a fair bit older than the 72-year-old Giuliani, but that just means he’s got more experience, right? For the full article click here

from cyber security caucus http://ift.tt/2g53eTo
via IFTTT

Cybersecurity job candidates underqualified, professionals say

The ISACA Cybersecurity Jobs Index reveals a significant increase among cybersecurity professionals who report job candidates not being sufficiently qualified at time of hire.

The index found that 59% of professionals now say fewer than half of their job candidates were considered ‘qualified upon hire’, which is an increase of 9% in just one year. In addition, 27% need six months to fill a cybersecurity position, which is an increase of three points from 2014.

This comes at a time when cybersecurity threats are on the rise, with 76 breaches in APAC in the first six months of 2016. Indeed, Australia is ranked first in data breaches, with NZ taking fourth place.

The average cost of a data breach in Australia is now $3.46 million, with the main industries affected being financial (2%), education (1%), health care (30%), government (57%) and other industries (35%). For the full article click here 

from cyber security caucus http://ift.tt/2eJ4uGR
via IFTTT

Reader Comment: Cybersecurity requires all-hands-on-deck effort

Americans and many around the world are living increasingly digital lives. According to one recent study, there will be 6.4 billion Internet-connected devices in use this year alone — including mobile phones, laptops and Internet routers – a 30 percent increase just from 2015. By 2020, that number is projected to jump to more than 20 billion. This means there will be more than two connected devices for every individual on the planet.

While this growing connectivity brings many benefits for consumers, it also creates new opportunities for sophisticated cyber criminals — as well as foreign entities – to intercept personal information, disrupt the delivery of essential services and even compromise our national security and critical infrastructure.

Today, cyber-attacks are among the most serious threats facing the United States and our citizens. The Department of Justice’s Internet Crime Complaint Center recorded 269,422 cybersecurity related complaints in its 2014 report, an increase of more than 1,500 percent since 2000. According to another survey, more than one-third of U.S. consumers reported having experienced a computer virus, hacking incident or other cyber-attack in the last year. With vulnerabilities always present in advancing technology, and cyber incidents constantly making headlines, it is important to take cybersecurity seriously, whether it be at home, at work or on the go. For the full article click here 

from cyber security caucus http://ift.tt/2fHyQMb
via IFTTT

SaaSMAX Cybersecurity Channel Road Show To Debut November 17

Event’s first stop in Irvine, CA, to bring together cybersecurity innovators and thought leaders with VARs, MSPs & IT consultants for an evening of intriguing conversations and opportunities.

SaaSMAX Corp., the IT Channel’s value-add marketplace and growth engine for Cloud Software (“SaaS”) companies and IT Solution Providers, is proud to announce it will be hosting its inaugural Cybersecurity Road Show Series focusing on trends and threats currently affecting IT solution providers, Cloud Services Providers (CSPs), VARs, MSPs, and MSSPs in the SMB IT channel.

Set for November 17, 2016, the Road Show will make its first stop in Irvine, CA, at the modern WeWork workspace located in the Spectrum Center. The event will kick off at 4:30pm with a networking session, allowing attendees and sponsors to mingle and network. A panel session on “Threat Detection, Prevention & Correction from the Front Lines,” will then commence, followed by a discussion on the current types of Security as a Service offerings. HIPAA Compliance as a Service will also be featured, as well as SECaaS Product introductions from event sponsors. The Road Show will close out at 8:30pm with a final one-hour networking session featuring refreshments and prize giveaways. For the full article click here 

from cyber security caucus http://ift.tt/2fHz8m7
via IFTTT

AbacusFLEX Private Cloud conforms to UK cyber security guidelines

Abacus says its services already meet or exceed these standards.

Abacus, which in October announced a major expansion of its services and the opening of a second data centre in London, provides cyber defences to its more than 400 clients in the alternative investment field globally.

Noting that the US Securities and Exchange Commission (SEC) has been increasing its requirements for cyber defence compliance on the same investors, Abacus CEO Chris Grandi (pictured) says the firm is committed to continually investing in research and development to maintain vigilance in both the US and UK markets..

“One of our core disciplines is maintaining a secure platform for funds to operate from,” says Grandi. “As the amount of regulatory responsibility grows, investment firms are addressing whether they have the resources available to address and manage them effectively. With respect to cybersecurity, it will be important to leverage third-party technology and cybersecurity experts to assist with adherence to regulatory requirements in the UK and in the US.” For the full article click here 

from cyber security caucus http://cybersecuritycaucus.com/abacusflex-private-cloud-conforms-to-uk-cyber-security-guidelines/
via IFTTT

United States: Five Questions General Counsels Should Ask About Cybersecurity And Data Privacy Litigation

Cybersecurity and data privacy litigation continues to grow rapidly in scale and complexity. Putative class actions not only follow major data breaches but also increasingly allege vulnerabilities in a wide range of products, from cars to toys, even before any attack has occurred. And plaintiffs continue to assert privacy claims against both cutting-edge technologies and longestablished business practices.

Significant financial and reputational risks can accompany cybersecurity and data privacy litigation. These high stakes make it important for companies to respond strategically and practically. To that end, while each case differs, companies generally should evaluate the following five questions if they face cybersecurity or data privacy litigation.

Does the Plaintiff Have Standing?

Whether a plaintiff has standing to bring suit in federal court continues to be a central question in most, if not all, cybersecurity and data privacy cases. In particular, whether the plaintiff has suffered an injury in fact is frequently pivotal. The US Supreme Court’s recent decision in Spokeo, Inc. v. Robins, 135 S. Ct. 1540 (2016), clarified that a plaintiff cannot merely allege a technical legal violation but must suffer an actual, real-world injury (or face the certainly impending threat of one). Companies will look to rely on the Spokeo decision in the coming years, including as they litigate the types of future injuries that may still be sufficient to confer standing under Clapper v. Amnesty International USA, 133 S. Ct. 1138 (2013). A judge in the Sixth Circuit recently noted that the US courts of appeals already have split on that latter point, for example, and further significant litigation is highly likely. For the full article click here 

from cyber security caucus http://cybersecuritycaucus.com/united-states-five-questions-general-counsels-should-ask-about-cybersecurity-and-data-privacy-litigation/
via IFTTT

Financial Conduct Authority concerned about cyber security of banks

The FCA expresses concern about the cyber security of banks after 9,000 Tesco Bank customers lost £2.5m in fraudulent transactions 

The UK’s Financial Conduct Authority (FCA) has said it is concerned about weaknesses in banks’ IT systems, after cyber attackers drained £2.5m from 9,000 Tesco Bank current accounts at the weekend.

The bank halted online banking after discovering suspicious activity relating to 40,000 current accounts and initially feared that around 20,000 had been affected by fraudulent transactions. For the full article click here 

from cyber security caucus http://cybersecuritycaucus.com/financial-conduct-authority-concerned-about-cyber-security-of-banks/
via IFTTT

Trump Likely to Take Military Approach to Cybersecurity

Donald Trump takes over the presidency at a time of increased anxiety about cybersecurity and consumer privacy. High-profile data breaches at insurance companies, healthcare providers, major retailers, government agencies – and his vanquished opponent’s own aides– illustrate a need for action.

“Government regulations are forcing us to open up our systems and transmit our data, yet we are left to defend ourselves from the hackers who want to steal all the free-flowing data,” says Pamela McNutt, senior vice president and CIO at Methodist Health System. “As threats grow, so does the amount of money providers must spend to secure their environments.”

On the stump, Trump was sometimes aloof about the cyber threat. When it was suggested that Russian agents had hacked the Democratic National Committee, Trump famously said, “It also could be somebody sitting on their bed that weighs 400 pounds, OK?”

But he also was able to leverage his opponent’s weakness on the subject to his advantage. As Hillary Clinton wrestled with the fallout from the investigation into her use of a private e-mail server while Secretary of State, and e-mails from her chief of staff John Podesta trickled out over the course of months , Trump seized the opportunity to differentiate himself. For the full article click here 

from cyber security caucus http://cybersecuritycaucus.com/trump-likely-to-take-military-approach-to-cybersecurity/
via IFTTT

China’s new cybersecurity bill alarms human rights experts

Internet censorship in China could be about to get much worse.

The country on Monday passed a new cybersecurity bill that may have severe implications for both Chinese internet users and international tech companies, reports Reuters. These new measures will come into effect June 2017.

On the privacy front, the final draft of the bill stated that “critical information infrastructure operators” — tech companies in and outside China — are required to store their data on users on servers in the country. The publication adds that the draft requires that these companies give “technical support” to security firms and pass national security standards. Additionally, companies that operate within China will be legally bound to enforce censorship, and will be held responsible for content spread through their platforms. For the full article click here 

from cyber security caucus http://ift.tt/2eRkxD4
via IFTTT

18-year-old Wins Cyber Security Challenge UK

Ben Jackson, an 18-year-old student from the Sussex town of Bexhill-on-sea, has won the Cyber Security Challenge UK’s Masterclass competition, making him the youngest ever champion.

Jackson beat 41 other talented amateurs in a three-day cyber-attack simulation led by PwC with help from the National Crime Agency, GCHQ and the Bank of England.

That challenge, which took part in a Security Operations Center in Shoreditch, required participants to investigate a data breach at a power station.

Working in teams, candidates were presented with the profiles of ‘employees’ which may have carried out the attack, and were required to work against the clock under the twin pressures of hacktivist cyber-attacks and live updates from government agencies and the company’s board.

They were also tasked with keeping the operation under wraps from journalists. For the full article click here 

from cyber security caucus http://ift.tt/2ei6I4C
via IFTTT

Will China’s cyber security law restrict online freedom?

The Chinese government on Monday passed a new cyber security law, as part of heightening Beijing’s control on the Internet.

Under the new law, the government will take measures to “monitor, defend and handle cybersecurity risks and threats originating from within the country or overseas sources, protecting key information infrastructure from attack, intrusion, disturbance and damage.”

It was passed by China’s legislature, the National People’s Congress(NPC) and takes effect from June 2017.

“Despite widespread international concern from corporations and rights advocates for more than a year, Chinese authorities pressed ahead with this restrictive law without making meaningful changes,” said Sophie Richardson, China Director. “The already heavily censored Internet in China needs more freedom, not less.” For the full article click here 

from cyber security caucus http://ift.tt/2fvg3DJ
via IFTTT

The Week Ahead: Government officials address health cybersecurity, oil and gas issues

Federal officials will discuss healthcare cybersecurity, oil and gas security, and more following Election Day, while numerous industry events around the world this week will tackle issues from data protection to federal agency IT security.

On Wednesday at the National Cybersecurity Center of Excellence in Rockville, MD, Suzanne Schwartz, the Food and Drug Administration’s lead on medical device cybersecurity, will speak on cybersecurity in the healthcare sector. For the full article click here 

from cyber security caucus http://ift.tt/2fvmd6X
via IFTTT

After election, DHS will work with voting machine vendors on cybersecurity

After next week, the Homeland Security Department plans to start working with election machine vendors to make sure they’re defending against cyberattacks, a DHS official told reporters today.

The idea is to “make sure they have cybersecurity built into their systems,” but also to offer them the department’s information sharing services, “so they’re seeing the same indicators we are,” the official said.

“We understand a lot of states will be modernizing their voting machines over the next several years, and we want to make sure that as they modernize their machines, they do it in a way that is secure,” an official said.

The department doesn’t want to send the signal about election security that “this is not a problem we’re looking at for Nov. 8, and then we’re done,” the official said. “We’re trying to figure out how to make this a long-term program.” For the full article click here 

from cyber security caucus http://ift.tt/2f3YAUl
via IFTTT

Robert O’Brien: Hillary Clinton best placed for cyber security battle

‘Emailgate’ ensures that Hillary Clinton has a much greater insight into cyber security than Donald Trump. Mrs Clinton now has real world experience of the potential for damage resulting from a cyber security breach and will be much more aware of pitfalls to avoid.

There is no doubt that the tough lessons sorely paid for through her email activity, have helped elevate Mrs Clinton into a stronger position to lead in any cyber war.

Mr Trump does not elicit anywhere near as much confidence. As someone who works daily with organisations to improve cyber security awareness, I have found that every organisation finds this issue challenging. Two of the most challenging groups of users are executives and senior managers. The people that run governments and lead them are generally not any different. For the full article click here 

from cyber security caucus http://ift.tt/2fppbJU
via IFTTT

CSUN Film Students, Faculty Help FBI Raise Cyber Security Awarness

The simple act of opening an email can leave businesses and private individuals vulnerable to cyber attacks — from hackers who hold data for ransom to thieves who compromise legitimate business email accounts to steal thousands of dollars through unauthorized wire transfers.

California State University, Northridge faculty and students teamed with federal law enforcement officials to create a series of public service announcements  to educate the community about trending cyber crimes, as well as remind people about the consequences of online piracy.

“Cyber crimes are increasingly becoming more and more detrimental to all of us,” said CSUN cinema and television arts professor Nate Thomas, who oversaw the university’s involvement in the project. “We worked on a similar campaign on intellectual property theft with the federal Department of Justice and FBI three years ago that got some attention. I guess they liked what we did and asked us to work with them again.”

Thomas, who has his own production company that has created PSAs for a variety of organizations over the years, said he saw an opportunity to teach his students about their responsibility to use their craft for more than just making entertainment. For the full article click here 

from cyber security caucus http://ift.tt/2flPG35
via IFTTT

Why Cybersecurity Is a Big Factor In Ecommerce

Even the birds in the trees know that eCommerce is growing and the number of people who shop online is increasing at a steady pace. For instance, eCommerce sales made up for $1.08 trillion in 2013, and in 2018. This number is expected to get close to $2.5 trillion in the foreseeable future.

In the first three months of 2015, people spent $10 billion just by shopping on their mobile devices in the United States alone. A lot of people globally are buying online, and more of them are getting on this bandwagon with each month that passes.

Primal Fear

A big problem for eCommerce business owners is that these numbers would be even greater if not for one very understandable fear – the fear for one’s security and privacy when purchasing online.

A recent study conducted by the National Telecommunications and Information Administration in the U.S. showed that around 26% of the people they talked to, avoid buying goods or services online because they are afraid for their security.

Even more, people avoid conducting many financial transactions online for the same reason. For the full article click here 

from cyber security caucus http://ift.tt/2flTWiY
via IFTTT

Cyber security image putting women and girls off, says panel

There is still a lot of work to be done to change the perception of cyber security and corporate culture to attract more women to the profession, according to a panel of security professionals

The image of cyber security and the people who work in the profession is putting women and girls off from considering it as a career, according to a panel of women working at Intel Security.

“We need to change the way the profession is perceived and emphasise that it is about helping and protecting people,” said Lynda Grindstaff, speaking at Intel Focus 2016 in Las Vegas.

“Few people understand that cyber security provides opportunities to work for the common good both now and for future generations,” she said. For the full article click here 

from cyber security caucus http://ift.tt/2ehEfXG
via IFTTT

Cybersecurity is focus to protect voter information, track ballots for Wisconsin’s Elections Commission

Cybersecurity is a focus for state election officials as voters prepare to cast their ballot on Tuesday.

Officials from the state Elections Commission said they have been bolstering security and coordinating with several state and federal agencies to ensure voter information is safe and Wisconsin’s elections are transparent and fair.

Wisconsin is one of several states that has accepted help from the U.S. Department of Homeland Security to protect its computer systems that handle voter information and ballots. Commission spokesman Reid Magney said it is also working with the state Department of Administration’s Division of Enterprise Technology, which administers the computer systems for elections; the FBI, U.S. Department of Justice, local district attorneys’ offices and the state Attorney General’s office to plan for scenarios that could arise on Election Day.

from cyber security caucus http://ift.tt/2fHiFRt
via IFTTT

Optus, Singtel open cybersecurity centre in Sydney

The new cybersecurity centre for enterprise and government customers will provide data analytics, automated incident response, and threat intelligence

Optus Business has announced opening its Advanced Security Operations Centre (ASOC) alongside Trustwave, offering managed cybersecurity services to enterprise and government customers.

The ASOC joins Optus and parent company Singtel’s network of security operations centres, providing customers with access to data analytics, automated incident response, and threat intelligence, backed by Singtel’s 2,000 security professionals and “elite” response team known as SpiderLabs.

“Cybercrime is a persistent, global threat. It is the number one economic crime in Australia … business and government must be able to confidently operate, innovate, and maintain trust with customers and stakeholders in this evolving landscape,” said Optus Business managing director John Paitaridis. For the full article click here 

from cyber security caucus http://ift.tt/2ezczyq
via IFTTT

Cybersecurity talent shortage on the radar of government, business

An international shortage of cybersecurity talent is expected to grow over the next few years, according to the Information and Communications Technology Council.

The council’s vice-president of talent innovation, Sandra Saric, said there’s an expected need for more than 1.5 million people to work in cybersecurity globally by 2020.

Solving the talent shortage was one of the challenges emphasized by government and private industry executives at a cybersecurity forum at the GTEC conference in Ottawa on Tuesday. It’s an annual technology event that brings together business and government.

“Getting more people to take science, technology, engineering and mathematics courses and degree programs, and also training them to be cybersecurity savvy is probably the first challenge,” said Scott Jones, assistant deputy minister responsible for the information technology security program with Communications Security Establishment Canada (CSEC). For the full article click here 

from cyber security caucus http://ift.tt/2ezc5s3
via IFTTT

A Wake-up Call To CEOs and Marketers: The Perfect Cyber Security Storm Is Approaching

When the Target data breach occurred in 2013, the response was surprising as it took too much time to manage the consumer fallout. Watching communications unfold over time, I assumed that lawyers must have managed the response, because marketers would have handled it differently–focusing effort on mitigating consumer trust damage, brand damage, and negative financial consequences.

And so I’ve been interested in this topic—marketing’s role in data breaches—for some time. I came across an exceptionally knowledgeable individual on the topic, Holly Rollo, the CMO of RSA, the Security Division of EMC. RSA solutions enable customers worldwide to deliver business-driven security strategies. After listening to her, I decided to create a multi-part series on why CEOs and marketers need to wake up to the cyber security storm that is approaching. The following is the first post on the topic–focusing on the basics of cyber security as described by someone in marketing.

Whitler: What does a data breach mean? We use this term a lot, but how would you define it?

Rollo: Put simply, a data breach is a disclosure of information to an unauthorized party.  Oftentimes, people use terms like breach, compromise, or intrusion interchangeably. However, precision is critical, as there are consequential differences between these terms and the risk each presents to an organization. For the full article click here 

from cyber security caucus http://ift.tt/2eWL4iK
via IFTTT

UK to launch £1.9 BILLION cybersecurity strategy to strike back at hackers

The UK is set to drastically step up its cybersecurity defences against malicious hackers from both within and outside our borders.

Philip Hammond will announce a £1.9 billion known as the National Cyber Security Strategy at a Microsoft conference in London later today.

Attacks on the power grid networks and the country’s air traffic control are believed to be the chief concerns. A large portion of the cash will also go towards training more cybersecurity experts.

“Our new strategy… will allow us to take even greater steps to defend ourselves in cyberspace and to strike back when we are attacked,” Mr. Hammond will say today. For the full article click here 

from cyber security caucus http://ift.tt/2eWNGgu
via IFTTT

Lumeta appoints Duncan Fisken as Vice President EMEA

Lumeta Corporation, the leader in network situational awareness, today announced the appointment of Duncan Fisken to head up their EMEA operations, manage the expanding number of channel partners, roll out the new Lumeta channel partner program, and bring ecosystem solutions (Lumeta integrated with Carbon Black, Cisco, Gigamon, HP ArcSight, Infoblox, McAfee, Verisign iDefense, etc.) to the channel.

Duncan Fisken joins the Lumeta team with considerable management experience in the enterprise software and networking industries, with both manufacturers and channel partners, including private and publicly listed companies. Fisken has focused on technologies within enterprise wireless mobility, networking and security, with particular reference to secure mobility, and has assisted many companies, such as Xirrus, RedSeal, Fluke Networks, Aruba Networks and CA, in growing their European channel and revenue. He also served as the security sector specialist advisor for UK Trade and Investment and was a founding director of the SEEDA-supported Security Innovation Technology Consortium. Fisken also held senior roles with a succession of IT and IT security-focused businesses in Asia, including Racal Datacom, Datacraft Asia and Netegrity.

“With Duncan expanding our EMEA team and heading up our operations, we are now well placed to capitalize on the growth in both revenue and channel partners we have seen over the past three years – a substantial increase in our client base including Government agencies and enterprise organizations in Energy, Oil & Gas, Banking & Financial Services and other key vertical markets,” said Pat Donnellan, CEO, Lumeta Corporation. For the full article click here 

from cyber security caucus http://ift.tt/2e4vlN4
via IFTTT

FCC Holds Off on Security Mandates for Internet of Things

Don’t expect the Federal Communications Commission to rush into issuing network security rules anytime soon, even in the face of a congressional inquiry seeking the agency’s response to the massive Oct. 21 distributed denial of service attack.

At issue is whether the FCC’s Open Internet rules restrict internet service providers’ ability to block insecure Internet of Things (IoT) devices from their networks and whether the commission should mandate greater safeguards.

But the commissioners generally believe the Open Internet order already gives ISPs sufficient leeway to protect their networks from vulnerable internet-connected devices without additional regulations or standards. And, according to FCC officials, there isn’t much of an appetite to issue any new mandates now.

There are also questions as to whether cybersecurity is even in the commission’s purview.

Sen. Mark Warner (D-Va.) sent a letter to FCC Chairman Tom Wheeler on Oct. 25, several days after a hijacked network of IoT devices took large swaths of the United States internet offline. Warner asked detailed questions about the commission’s role in empowering both ISPs and consumers with the means to prevent similar attacks in the future. For the full article click here 

from cyber security caucus http://ift.tt/2e4snbz
via IFTTT

Take steps towards cyber security, protect customer’s data

Think of all the places your personal information is stored. Not just physically at home, but in online accounts, at the businesses you work with, with your employer, your doctor and so on.

Knowing that data breaches have become all too common, we have to hope these places are protecting our personal information. That’s why cybersecurity must be everyone’s job. Whether you’re an owner, manager or staff member, you are a crucial part of protecting information.

We know criminals want to attack big businesses, but small businesses are not immune. Bad guys target smaller organizations because they expect there to be fewer resources and defenses safeguarding data.

Research by the National Cyber Security Alliance and Symantec on small businesses has shown that two thirds say their businesses depend on the internet for day-to-day operations. Sixty-nine percent say they handle sensitive information, including customer data; 49 percent have financial records and reports; 23 percent have their own intellectual property; and 18 percent handle intellectual property belonging to others. For the full article click here 

from cyber security caucus http://ift.tt/2eFJMei
via IFTTT

A Peek Into Singapore’s New Cybersecurity Act.

The Singapore Government announced earlier this year that a new, standalone Cybersecurity Act will be tabled in Parliament in 2017. On 26 October 2016, the Minister for Communications and Information, Mr Yaacob Ibrahim, provided a further glimpse of the impending laws. The Minister was speaking at the Financial Times Cyber Security Summit Asia Pacific held in Singapore.

The new Cybersecurity Act will institute standards for incident reporting, audits and risk assessments. It will also facilitate the sharing of cybersecurity information, and mandate the participation of critical information infrastructure operators in cybersecurity exercises.

Importantly, the Government envisions that the new Act will complement the existing Computer Misuse and Cybersecurity Act, which will continue to govern cybercrime investigation.

The Minister also observed that businesses need to spend more on cybersecurity, to keep pace with increased digitisation. At present, the Government is the largest contributor of cybersecurity expenditure. It plans to further increase its cybersecurity spending to 8 percent of its information technology budget. For the full article click here 

from cyber security caucus http://ift.tt/2eS8kl6
via IFTTT

USNA breaks ground at new Cyber Security Studies Center

The U.S. Naval Academy (USNA) held a groundbreaking ceremony for its new $106-million Center for Cyber Security Studies Oct. 21.

Three hundred people attended the event, including academy officials, Navy leaders and members of the Maryland delegation, U.S. Senator Barbara Mikulski and U.S. Representatives John Sarbanes and C.A. “Dutch” Ruppersberger.

The center was established in recognition of the critical importance that cyber operations play in our national defense and to facilitate the expansion of the Naval Academy’s cyber program, which includes a cyber operations major and required cyber curriculum for all midshipmen. Cyber operations is an interdisciplinary major that includes study in computer architecture, programming, data structures, networks, internet, database systems, information assurance, cryptography and forensics, as well as policy, law, ethics and social engineering. For the full article click here 

from cyber security caucus http://ift.tt/2eTSUut
via IFTTT

Red Cross data breach could have exposed donors to identity theft, cyber security expert says

Information from the Red Cross data breach could have been used for identity theft or sold on the black market if “unsavoury” criminals had obtained it, a computer security expert from the University of Melbourne says.

The personal data of 550,000 blood donors was leaked from the Red Cross Blood Service in what has been described as Australia’s largest security breach.

The organisation said a file containing donor information was placed in an “insecure computer environment” and “accessed by an unauthorised person”.

The file contained the information of people who had donated blood between 2010 and 2016.

The Red Cross said all copies of the data had now been deleted and the risk of the misuse of the data was low. For the full article click here 

from cyber security caucus http://ift.tt/2eTRHDy
via IFTTT

Penn State continues to promote cybersecurity after hacks

Penn State has about 100,000 students across 20 physical campuses, plus an online World Campus. Then there are the faculty, staff and administration.

What do all of those people have in common? Computers. Technology. A rushing stream of information moving invisibly through and around devices and servers around the clock.

It’s amazing. And if you are charged with keeping that information safe, it might be downright terrifying.

The U.S. Department of Homeland Security wants everyone to be aware of that right now. October is National Cybersecurity Awareness Month.

Penn State is certainly aware of it. In May 2015, the school confirmed hacking of the College of Engineering. In June, the school revealed more attacks on the College of Liberal Arts. For the full article click here 

from cyber security caucus http://ift.tt/2dLcStE
via IFTTT

Cyber Security: Five Firms Working to Squash Cyber Attacks

Angry at a journalist for writing mean things about you? Trying to make ends meet and need a blackmail scheme? Get your own DDoS botnet on the internet today!

---

Whodunit?

That’s the multibillion-dollar question this week after hackers took down the internet on October 21 with a distributed denial-of-service (DDoS) attack on one of the largest Domain Name System (DNS) service providers in the world.

Who’s responsible is indeed a compelling mystery.

A more important and immediate consideration is how to protect your network against hackers.

Another is which companies stand to profit from the effort to ramp up security in the aftermath of such a high-profile event.

Below, we discuss two small-cap stocks and three startups that figure to benefit from rising awareness of DDoS attacks and the importance of cyber security.

Here’s what we know so far about what happened last Friday. For the full article click here 

from cyber security caucus http://ift.tt/2ee2Eya
via IFTTT

What Godzilla Can Teach Japan About Its Cybersecurity

Sixty-two years after Japan’s most famous monster first shocked audiences, Godzilla is again packing movie theaters with its latest incarnation in Shin Godzilla (titled Godzilla: Resurgence in the U.S.). Now, I’m not a science fiction fan and I don’t watch a lot of movies. So why am I enthused about this one? Ironically, I only decided to see it after several friends in government and politics strongly urged me to go. The reason is it has a great takeaway: in my mind, the entire film can be interpreted as a parable for fighting hackers.

Essentially, it’s all about threat preparedness and response – or lack thereof (warning: this post contains spoilers). The focus of this film is not the battles with Godzilla itself, but the battles within the powerful bureaucracy that runs Tokyo and all of Japan. Civil servants in the movie are seen jockeying for position when things look promising and then ducking responsibility when events take a turn for the worse. They try to skirt jobs and roles that seem difficult and, initially, various overlapping agencies fail to work together. They’re also distrustful of foreign governments when they should be collaborating with them to fight back. For the full article click here 

from cyber security caucus http://ift.tt/2dJqnFi
via IFTTT

Cybersecurity investment in Asia still insufficient, with most criminals unpunished

Beyond financial and government sectors, all industries across the region need to step up their investment in cybersecurity and do better in identifying and prosecuting cybercriminals.

All businesses must step up their investment in cybersecurity, which is currently inadequate in several industry sectors, and countries need to do better in prosecuting cybercriminals, the majority of which are getting away scot-free.

While some industries traditionally had higher impetus to invest in cybersecurity, such as banking and financial institutions, other organisations also would face high risks as they moved to digitise their systems and processes. Speaking at the Financial Times’ Cyber Security Summit held in Singapore Wednesday, Minister for Communications and Information Yaacob Ibrahim said cybersecurity should not be seen as a cost, but as an investment to manage risk For the full article click here 

from cyber security caucus http://ift.tt/2dJsWqY
via IFTTT

Census attacks ’eminently predictable’, says PM’s cyber security adviser

The attacks on the 2016 online census were “eminently predictable” and should have been prevented, the special adviser to the prime minister on cyber security has said.

Alastair MacGibbon said the distributed denial of service (DDoS) attacks that caused the online census system shutdown on 9 August should have been expected by the Australian Bureau of Statistics and service provider IBM.

“In fact, the ABS did call for denial of service protection in its … tender process with IBM, and IBM responded to say they would put in place denial of service protection,” he said.

Appearing before a Senate inquiry into the problems plaguing the census, MacGibbon said his official review of the incident was handed to Malcolm Turnbull on 14 October.

MacGibbon told senators on the committee that no data had been lost from the census during or after the DDoS attacks. For the full article click here 

from cyber security caucus http://ift.tt/2eqwpRu
via IFTTT

US Lawmakers Slam Opt-in Car Cybersecurity Guidance

US regulators have urged car manufacturers to prioritize cybersecurity in the design of their vehicles, in a new voluntary set of guidelines.

The National Highway Traffic Safety Administration (NHTSA) released on MondayCybersecurity Best Practices for Modern Vehicles – what it claimed to be “a solid foundation for developing a risk-based approach and important processes” to ensure systems are properly secured.

It continued:

“NHTSA believes that it important for the automotive industry to make vehicle cybersecurity an organizational priority. This includes proactively adopting and using available guidance such as this document and existing standards and best practices. Prioritizing vehicle cybersecurity also means establishing other internal processes and strategies to ensure that systems will be reasonably safe under expected realworld conditions, including those that may arise due to potential vehicle cybersecurity vulnerabilities.”

The document sets out best practice advice including information sharing via the Auto ISAC; following established standards such as ISO; pen testing; and creating a new industry-specific vulnerability reporting program. For the full article click here 

from cyber security caucus http://ift.tt/2eFdvTR
via IFTTT

Going easy on cyber security could turn India’s technology growth story into a nightmare

“There are two types of organisations: those who have been hacked and those who don’t yet know they have been hacked.”

I recently stumbled upon this quote by John Chambers, executive chairman and former CEO of tech giant Cisco. It accurately describes where we in India are in terms of cyber security.

The recent data breach of debit cards left an estimated 3.2 million Indian customers vulnerable and is said to be the biggest such rupture in the country’s banking system to date. What happened was scary, but not entirely unexpected. Cyber security continues to be an after-thought in every sector in the country. For the full article click here 

from cyber security caucus http://ift.tt/2emLQrI
via IFTTT

Oil and gas industry gets IIoT cyber security solution

Waterfall Security Solutions has announced it is to protect LogiLube customers from cyber attack. The deal will see Waterfall Unidirectional Security Gateways (USG) deployed to LogiLube customer sites. Waterfall says its USG employ an impassable physical barrier against all external online attacks flowing back into industrial control systems. LogiLube intends to integrate the Waterfall USG with its predictive analytics to provide customers an early warning of cyber attacks.

According to Bill Gillette, CEO of LogiLube: “We selected Waterfall’s Unidirectional Security Gateway technology so we can provide a premium level of cybersecurity to our midstream natural gas clients. We chose Waterfall’s Unidirectional Gateway product because it enhances LogiLube’s innovative predictive analytic solutions with the highest security to mitigate risks associated with cloud and Internet connections. It complements our innovative predictive data analytic solutions for the oil and gas and other industries.”

LogiLube delivers its real-time analytics to customers via its cloud-based SmartOil solution. Its decision to collaborate with Waterfall comes just days after Waterfall announced the launch of its Unidirectional CloudConnect solution. This solution is aimed at users of Industrial Internet of Things (IIoT). For the full article click here 

from cyber security caucus http://ift.tt/2eJNGRA
via IFTTT

Task force close to finalizing cybersecurity recommendations

A state cybersecurity task force is preparing for one last discussion early next month before they sign off on their recommendations in a final report to the governor.

Dan Sipes, deputy chief information officer for the North Dakota Information Technology Department,  said the meeting will be held Nov. 2 in the Rough Rider Room at the state Capitol.

“Our goal will be to go over the details,” he said.

The report will contain recommendations for Gov. Jack Dalrymple’s 2017-19 executive budget.

Sipes said some of the items may come with funding requests, but others involve policy adjustments and changes that could be made to improve operations.

Dalrymple created the task force last year, asking its members to review the state’s cybersecurity policies and develop recommendations to provide better security to state IT networks, as well as the data they store and utilize. For the full article click here 

from cyber security caucus http://ift.tt/2eSi3Jd
via IFTTT

Baltimore cybersecurity exec explains what caused the wave of attacks on Friday

A major cyberattack Friday affected major brands and websites including Amazon, Twitter and Spotify. New Hampshire-based software company Dyn was at the heart of it all.

Dyn offers managed DNS and email delivery services to other companies. Essentially, the service works like Yellowpages, Gary Merry, CEO of Baltimore-based cybersecurity company Deep Run Security. When a person types a URL into their browser, a DNS service acts as a middle man. It takes the request and “resolves” it, or directs the user on a path to their desired website.

The company on Friday suffered a denial-of-service attack.

That happens when servers are swarmed, or are fielding millions and millions of the same request — in this case, requests for sites like Twitter or Amazon. The servers go into a kind of “panic.” They are overwhelmed and can’t meet all of the requests at once, so they lock up and stop resolving any requests, Merry explained to me during an interview at the CyberMaryland Conference.

And when Dyn servers can’t resolve those requests, users are met with a blank screen instead of the website they’re searching for.

“So we say Twitter is ‘down.’ But actually Twitter is functioning perfectly well, you just can’t get to it,” Merry said. “Basically, Twitter just doesn’t exist for a while.” For the full article click here 

from cyber security caucus http://ift.tt/2eSf3fK
via IFTTT

Secura partners tertiary institutions to set up cybersecurity R&D laboratory

CATALIST-LISTED security company Secura Group on Friday said that it will partner Republic Polytechnic (RP), the University of Glasgow, and the University of Glasgow Singapore to establish a joint facility for research and development (R&D) in cybersecurity.

The laboratory will be located within RP’s campus, and focus on topics such as cybersecurity for the Internet of Things, data analytics and Industry 4.0. The latter is also also known as the Fourth Industrial Revolution, under which manufacturing will be revolutionised by the integration of physical processes, robotics, computing and networking.

The estimated aggregate investment in the R&D laboratory for the next three years is S$10 million.

Secura chief Paul Lim said: “We hope that this collaboration will be an incubator to grow the cybersecurity ecosystem and create unique cybersecurity products and solutions for tomorrow’s market.” For the full article click here 

from cyber security caucus http://ift.tt/2dsUvcP
via IFTTT

Monthly Research Round-up: 7 must-read cyber security reports in October

1. Veracode: Security risks in software are endemic

The State of Software Security Report found that 97 percent of Java applications contained at least one component with a known software vulnerability.

Apparently, the top quartile of companies fix nearly 70 percent more vulnerabilities than the average company.Veracode said that best practices, such as remediation coaching and eLearning could improve fix rates by up to 6 times.

Additionally, over half of web applications were affected by misconfigured secure communications or other security defences. For the full article click here 

from cyber security caucus http://ift.tt/2e6Z8XU
via IFTTT

Top cyber security experts to attend Dublin conference

The Dublin Info Sec 2016 meeting will discuss major issues affecting companies, including cyber fraud and hacking and particularly the danger posed from hackers to senior executives.

The average cost of fraud to organisations on the island of Ireland increased from €498,000 (£444,000) in 2014 to €1.7m (£1.5m), with the incidence of cyber attacks almost doubling since 2012.

Whaling the C-Suite is the first event on the agenda. It will explore how senior executives make themselves vulnerable to hackers.

Amongst those topping the bill at the conference, which is taking place at the RDS in Dublin, is Dr Mary Aiken, the expert on whose work the American police drama CSI Cyber was based. For the full article click here 

from cyber security caucus http://ift.tt/2eYcVST
via IFTTT

How Podesta became a cybersecurity poster child

When John Podesta forgot his Apple iCloud password last spring, he asked an aide to remind him — so she emailed it to him. And that set the stage for trouble for Hillary Clinton’s campaign chairman.

First, a WikiLeaks dump last week of Podesta’s alleged Gmail messages revealed the password — “Runner4567″ — to the world. Then someone hijacked Podesta’s Twitter account, possibly using the same password, and blasted out the tweet: “I’ve switched teams. Vote Trump 2015.” The next morning, a security researcher found evidence that digital pranksters had used the password to remotely erase all the contents from Podesta’s Apple devices.

The cascade of woes, which Clinton’s campaign has not confirmed, appears to make Podesta just the latest Washington power player to join an inglorious club — the roster of senior government officials and political operatives who, like tens of millions of other Americans, have failed to take basic protections for their sensitive data. Others in the elite group include Director of National Intelligence James Clapper, CIA Director John Brennan and 2012 Republican presidential nominee Mitt Romney, whose personal emails have all suffered assault from digital intruders. For the full article click here 

from cyber security caucus http://ift.tt/2eYh3CI
via IFTTT

Cyber security threats getting less easy to ignore

As the soon-to-be commissioned USS Detroit sits on the edge of the Detroit River preparing to offer a limited run of tours to the public, a luncheon discussion begins inside the Detroit Marriott about other types of security measures.

Nation-states — such as China, Russia, Iran, North Korea — are more aggressive in cyber attacks. The fraudsters have upped their game beyond the once easy-to-spot spam e-mails filled with bad grammar and spelling mistakes. Cyber security threats are growing more ominous for individuals, small business owners and large corporations.

“In their mind, you’re low-hanging fruit,” said George Smirnoff III, senior vice president and chief information security officer for Comerica Bank.

“As executives, guess what? You’re all targets.” For the full article click here 

from cyber security caucus http://ift.tt/2eUpiPY
via IFTTT

Tech industry ponders how to fill Colorado’s 10,000 cybersecurity job openings

On a recent visit to an unnamed government intelligence organization, Ed Rios spotted cybersecurity specialists using virtual reality to suss out the bad guys. Another was monitoring 50 simultaneous chats.

That led Rios, the new CEO of the National Cybersecurity Center in Colorado Springs, to ask, “What jobs do you need the most?”

“I was thinking it would be technology or software or something with algorithms,” Rios said. “His response was: ‘I need anthropologists and sociologists. I need people to know how to think about cultures, about change and about the way we look at cyber and why cyberhactivists do what they do.’”

The shortage of tech workers is apparently at its most scarce in the cybersecurity world. Rios, speaking at the Colorado Technology Association’s Tech Summit on Wednesday, said that in Colorado alone, there are 10,000 job openings in cybersecurity. We need to think differently about how to fill those jobs, he said. For the full article click here 

 

from cyber security caucus http://ift.tt/2e99vM6
via IFTTT

Luxembourg to launch cybersecurity centre in 2017

(JB) Luxembourg is to create a cybersecurity centre in 2017 to further information security in the public and private sector, it was announced on Tuesday.

The aim of the centre would be to increase the competitive advantage of Luxembourg cybersecurity in the short term and in the medium term contribute to the development of ecosystems in areas like the Internet of Things, space technology and FinTech.

The initiative was announced by Secretary of State for the Economy Francine Closener at the first edition of the “Cybersecurity Day” on Tuesday.

“The concept of the centre is based both on the sharing of proven expertise of various public and private and dynamism emanating from the national cybersecurity ecosystem,” Closener said, adding: “The new structure will help to strengthen the positioning and the economic attractiveness of the country for undertakings in the information technology sector and communication.” For the full article click here 

from cyber security caucus http://ift.tt/2eFfBpl
via IFTTT

Former intelligence chief David Irvine wants cyber security at forefront of Australia’s defences

The task of being an intelligence chief has become tougher with the rise of cyber threats and terrorism, according to the former head of the Australian Security Intelligence Organisation, David Irvine, who says he would like to see a “much stronger” national cyber industry.

Speaking during a rare interview in Canberra, Mr Irvine said “when you put cyber on top of [terrorism], it takes a bit of time off your sleep at night. The two issues have grown exponentially within a couple of decades and while the nature of the threats is the same, the vector has changed. And cyber is a new and very potent vector.”

Mr Irvine, who lead Australia’s overseas spy agency ASIS before he headed up ASIO, said he’d been “horrified” at the revelations of Edward Snowden, the subcontractor to the National Security Agency who exposed vast top secret US government programs for monitoring global communications. For the full article click here 

from cyber security caucus http://ift.tt/2dmYAPF
via IFTTT

Is Your Organisation Really Taking Cyber Security Seriously?

Board must set cyber security agenda – ICAEW

IF BUSINESSES fail to take cyber security seriously in their business planning, regulators may do it for them the ICAEW has warned.

Richard Anning, head of ICAEW’s IT Faculty, said boards must grasp the nettle and deal with it as a priority: “Despite years of warnings, many still regard cyber security as an optional extra. This is why we are increasingly seeing more data breaches that harm consumers and businesses alike. Cyber security is integral to digital business.”

In ICAEWs latest report Audit Insights: Cyber Security, high profile data breaches and the slow pace of cyber security progress means unless boards take control of the agenda themselves, governments may decide to legislate.

Anning, continued: “Unless boards take control of these issues, it is only a matter of time before governments start to bring in tough new laws – this has already begun with the introduction of General Data Protection Regulation (GDPR). The boards can start by using cyber-by-design principles, so cyber security is seen as a precondition for trading at all.” For the full article click here

from cyber security caucus http://ift.tt/2dkcEJF
via IFTTT

Q&A: Frank Abagnale helping catch cyber issues in Phoenix

The inspirational man behind the movie “Catch Me If You Can” was in Phoenix Oct. 6 talking cybersecurity with clients of BMO Wealth Management at Scottsdale Resort at McCormick Ranch.

The inspirational man behind the movie “Catch Me If You Can” was in Phoenix Oct. 6 talking cybersecurity with clients of BMO Wealth Management  For the full article click here 

from cyber security caucus http://ift.tt/2dm8axl
via IFTTT

DarkMatter and vArmour announce strategic partnership to expand data centre and cloud security positioning in the Middle East

Abu Dhabi and Dubai, UAE; Mountain View, CA, USA – DarkMatter, an international cyber security firm headquartered in the United Arab Emirates, and vArmour, a leading data centre and cloud security company, today announced a partnership arrangement to offer joint customers end-to-end cyber security solutions.

DarkMatter will enhance customer data centre and cloud security environments through its newly formed partnership with vArmour by offering best-of-breed data solutions that protect against cyber threats. DarkMatter will provide incident response services that incorporate advanced security analytics and automated cyber attack containment. DarkMatter’s approach to increased cyber resiliency across its clients’ networks will draw on vArmour’s Distributed Security System (DSS) technology, which helps organisations gain application-layer visibility and control of their network, applications and users to prevent, detect and respond to cyber attacks and breaches in data centre and cloud environments.

In today’s increasingly digitised enterprise landscape, organisations across the Middle East are making critical decisions and driving processes based heavily on virtual and cloud-based IT environments. For the full article click here 

from cyber security caucus http://ift.tt/2exy2fA
via IFTTT

A Smart Nation must be built on a secure foundation

A Smart Nation must be built on a secure foundation. That was the key takeaway from the Singapore International Cyber Week held earlier this week.

“Singapore aspires to be a Smart Nation. But to be a Smart Nation, we must also be a safe, cyber nation. We must get cybersecurity right, to capture the benefits of a more connected world,” said PM Lee Hsien Loong as he unveiled Singapore’s first holistic national cybersecurity strategy.

He outlined four key pillars:

1. strengthening critical infrastructure,
2. working with businesses and individuals to create a safer cyberspace,
3. growing cybersecurity capabilities by creating jobs and developing talent, and
4. forging stronger ties with international counterparts.

To level up our existing infrastructure and protect essential services, the Cyber Security Agency of Singapore (CSA) will expand the National Cyber Incident Response Team and National Cyber Security Centre.

The CSA will also address gaps in standards and incident reporting protocols for service providers by strengthening Singapore’s cybersecurity governance and legislative frameworks.

On creating a safer cyberspace, the CSA will implement the National Cybercrime Action Plan to combat cybercrime more effectively. It will also promote a culture of collective responsibility by involving Government, businesses, and the wider community in cybersecurity.

A professional cybersecurity workforce will also be nurtured in order to develop a vibrant cybersecurity ecosystem. This involves making it easier for existing IT professionals to switch to the cybersecurity sector, and creating clear career pathways for existing cybersecurity professionals. The CSA will also work with Institutes of Higher Learning to co-develop suitable curriculum. For the full article click here 

from cyber security caucus http://ift.tt/2dVliA1
via IFTTT

Threat Vector NYC Managed Cybersecurity

The LCO Group releases a new and affordable managed security offering catered to small and medium-size organizations in an effort to combat the rising number of cyber-threats.

New York, New York (PRWEB) October 15, 2016

To meet the growing number of cyber-threats faced by firms in financial services, legal, and other sensitive data-driven industries, The LCO Group, a leading provider of technology consulting services in New York City, has announced that they have re-engineered their security offerings to take advantage of the latest advances and tools available for providing small to mid-size businesses in the tri-state area with enterprise level managed security services.

Threat Vector is a fully integrated, one-stop offering that addresses key vulnerabilities in modern infrastructures and allows for smaller organizations to meet many of their compliance and regulatory needs. Threat Vector is a truly proactive and in-depth solution that will safeguard and protect sensitive business data at the lowest cost of ownership. For the full article click here 

from cyber security caucus http://ift.tt/2de5OFq
via IFTTT

Fighting the person should be cybersecurity best practice: Nuix

One major mistake organisations and governments are making in protecting their systems is neglecting the importance of focusing on the person at the end of the attack, according to Keith Lowry, senior vice president at Sydney-based intelligence, analytics, and cybersecurity software firm Nuix.

The 25-year cyber-veteran said that the majority of all insider threat programs he has been privy to begin with the foundation of technology, and that in reality, the foundation of a counter-insider threat program needs to start with recognising there is a person at the other end.

“It’s about people using technology — it’s not about technology by itself — and too many people focus on the fact that it’s all technology and therefore the answer to it must be a piece of technology,” Lowry said. For the full article click here 

from cyber security caucus http://ift.tt/2e26nA1
via IFTTT