Cyber Security Caucus: March 2016

Thursday 31 March 2016

New Release of F-Secure’s Flagship Business Service Champions Holistic Cyber Security

F-Secure is announcing a major new release of its flagship endpoint security solution, Protection Service for Business, as part of its holistic new approach to cyber security. The release includes new web security features plus a redesigned management portal that’s much more efficient for administrators. Protection Service for Business is the only solution on the market with centrally managed computer, mobile and server security with integrated patch management and mobile device management.

Crypto-ransomware that encrypts data and locks systems increased significantly in 2015, according to F-Secure’s latest Threat Report, and is prominent this year in hacks of hospitals and other organizations. Cyber security incidents in general are grabbing headlines daily, affecting small business to major corporations. In 2015, businesses experienced 38% more security incidents than in 2014, and theft of hard intellectual property increased 56%.* The endpoint is the easiest place for attackers to penetrate a business network, making it imperative that businesses use best-in-class endpoint security as part of their overall security strategy. For the full article click here

from cyber security caucus http://ift.tt/1VV0qVS
via IFTTT

Cyber security – NIS and the legal position

Cyber-attacks on both company and personal computer systems are an increasing threat to the continuity of business, and there is little chance that this menace will ever go away. There is no way of ‘immunising’ against the threat of attack, nor is there any foolproof method to prevent such attacks from causing harm to the data systems involved.

Cyber-crime takes many forms. At the bottom end is the ‘nerd’ in the bedroom who sees it as a challenge to hack into supposedly secure systems just to see if it can be done. At the top end are rogue states which attack computer systems to seriously harm (or even destroy) a country’s infrastructure or military capability.

Somewhere between these extremes are organisations that hack for espionage, commercial gain, activism or the uncovering of sensitive personal details. High profile lawsuits and public enquiries have made the headlines in recent times, with attention being focussed on the relevance/attractiveness of the target and the possible perpetrators. In the main, the bulk of cyber-crime is financially motivated. For the full article click here

from cyber security caucus http://ift.tt/1PHrHUn
via IFTTT

Why PE managers should view cybersecurity like personal hygiene

The attraction for private equity as an alternative asset class is as strong as perhaps it has ever been. As the results of a recent E&Y survey reveal (Positioning to win: 2015 global private equity survey), 19 per cent of investors said they currently allocate up to 5 per cent of capital to private equity, but 39 per cent said they allocate more than 25 per cent.

This is encouraging news for private equity managers, but with it comes extra responsibility as investors and regulators alike ramp up their due diligence. Indeed whereas only 28 per cent of managers said they had been the subject of an SEC examination in 2013, that number had risen to 41 per cent in 2014. Most likely, the figure will be higher still for 2015.

As such, PE managers are focusing more attention on their compliance and operational frameworks to move into closer alignment with today’s global expectations. And as they increasingly adopt new technologies to improve business efficiency, so does the threat level from cyber attacks.

PE groups are in a unique position when it comes to maintaining a secure cyber programme because not only must they concentrate on ensuring that their own business operations are protected, they must also proactively monitor the security of their underlying portfolio companies. That is no easy challenge, especially with respect to data management. For the full article click here

from cyber security caucus http://ift.tt/1VV0qFt
via IFTTT

Cubic to Discuss Cybersecurity Risks at World Forum for Foreign Direct Investment

SAN DIEGO–(BUSINESS WIRE)–Cubic Corporation (NYSE: CUB) today announced Adam Rice, global chief information security officer, will share insights on risks that can affect foreign direct investment and location decisions at the World Forum for Foreign Direct Investment (FDI) 2016 held in San Diego from April 3 – 6. As an official event of the Global FDI Association, the forum brings together corporate investors, economic development agencies and ministries of trade and investment from various countries to discuss global location decisions for FDI. At the event, Rice will discuss how risks associated with data protection and cybersecurity can affect how businesses and investors make decisions involving global locations. He will also offer insight to help investors better understand cybersecurity conditions and how to overcome certain challenges when conducting business in new regions.

“Cybersecurity is an important aspect of foreign direct investment as emerging laws and regulations on data privacy and breach notification outside the U.S. can have an impact on business strategies,” said Rice. “I look forward to highlighting the importance of cybersecurity and ways to avoid risks with global investors in both the private and public sectors.”

Rice will participate in the following panel session:

Risk: Cybersecurity, Protection of Intellectual Property, National Disaster, Regulatory Uncertainty, Health Hazards, Personal Safety
Tuesday, April 5, 12:00 p.m. – 1:00 p.m. at the Manchester Grand Hyatt, San Diego
Panelists include: Nasser Barghouti, CEO, Objectiva Software; Julie Dow, Manager of Economic Development, Lockheed Martin Corporation; Jeff Kramer, Managing Partner, Syzygy Solutions
Moderator: Andreas Dressler, Managing Director, Conway Advisory

Follow Cubic Corporation at @CubicCorp and join the conversation with #WorldForum16. For the full article click here

from cyber security caucus http://ift.tt/1PHrHUh
via IFTTT

KPMG launches app to assess cyber security index

In a bid to help organisations combat the growing risk from cyber criminals, KPMG has launched ‘Cyber Kare’ in India, a tool aimed at empowering senior management to self-asses cyberthreats and gauge their current level of preparedness to combat them.

The ‘Cyber KARE’ toolkit is designed for assessment to be performed by senior management and CxOs, and provides a quantitative output depicting organisation’s current positioning with respect to cyber risk exposure (CEI – Cyber Exposure Index) and cyber security preparedness (CPI – Cyber Preparedness Index).

“Boards of large organisations have started to pay more attention to cyber risk, but there is much more they can do. They need to make sure that they have the right skills and knowledge and treat it as a broader business risk that impacts the organization beyond IT in areas such as new product and service development, and M&A,” said Malcolm Marshall – Partner and Global Head, Cybersecurity, KPMG. For the full article click here

from cyber security caucus http://ift.tt/1VV0oNX
via IFTTT

Wednesday 30 March 2016

Women in STEM careers: Just do it

Having spent over 25 years in cybersecurity, IBM executive security advisor Diana Kelley has three words for anyone – including women – who wants to pursue a career in technology or, more specifically, cybersecurity: Just do it.

“Get involved. Don’t read about it too much, just start doing it already. There’s nothing like managing systems and writing code to gain real-world experience,” she says.

Speaking to the media in Petaling Jaya recently, Kelley says that family encouragement can be key in getting more women to pick up STEM (science, technology, engineering and mathematics) careers.

“Many say that family encouragement drives success. And this applies specifically with getting more women to go into STEM because it really matters what the family is encouraging them to do,” she said. For the full article click here

from cyber security caucus http://ift.tt/1UBSrOl
via IFTTT

Top computing awards show growing importance of cybersecurity

A California computer scientist who has studied the economics of cybercrime and pushed the auto industry to address hacking threats to vehicles will be awarded one of the world’s top computing prizes on Wednesday, underscoring the central role that cybersecurity plays in business and government.

Stefan Savage, a professor at the University of California, San Diego, will receive the Association for Computing Machinery’s ACM-Infosys Foundation Award.

Earlier this month, the association also gave its top prize – the A.M. Turing award – to two cryptographers, Whitfield Diffie and Martin Hellman. They were recognized for developing public-key cryptography and digital signatures in the 1970s, which laid the groundwork for much of what protects Internet communication.

“A lot of the important work in computing has something to do with security,” ACM Chief Executive Robert Schnabel told Reuters ahead of the newest announcement. “This used to be what happened in the computing rooms in back offices, and now it is in our cars, and the devices implanted in our bodies.” For the full article click here

from cyber security caucus http://ift.tt/230UKM9
via IFTTT

NASA Has a Cyber-Security Problem, Investigator Claims

Jason Miller, executive editor for Federal News Radio, is saying that the National Aeronautics and Space Administration (NASA) has a severe patching problem that’s putting many of its systems at risk.

Citing multiple inside sources and internal documents, Mr. Miller is saying that there are hundreds of thousands, if not millions of patches that haven’t been applied to NASA IT systems, exposing the company to potential attacks.

While NASA’s external shield is strong, the investigator says that, once its external protections are penetrated, a skilled attacker would have no barriers if they want to map the agency’s entire internal network and access every nook and cranny.

The blame falls on NASA’s cyber-security culture and HPE

Mr. Miller cites various reasons in regard to this situation. First and foremost, NASA is putting missions above everything else. This sometimes means freezing patching operations to mission-related systems in order to avoid any downtime or delays due to bugs or improper patching. Basically, nobody is allowed to touch and patch computers until the mission has ended, leaving systems unprotected for extended periods of time. For the full article click here

from cyber security caucus http://ift.tt/1UBSry3
via IFTTT

Moving Cyber from the Orbit to the Nucleus of the Nuclear Security Summit

World leaders are gearing up to discuss pertinent issues at the final edition of the Nuclear Security Summit in Washington D.C from March 31 to April 2, 2016. Prime Minister Narendra Modi is attending the 2016 Nuclear Security Summit. Since the 2009 Prague speech of U.S. President Barack Obama, the summit has attracted global attention, deliberating on the security of vulnerable nuclear materials, black markets, and illicit trafficking of nuclear materials. The first Nuclear Security Summit was held in Washington D.C. (April 2010). It was followed by the Summits in Seoul (March 2012) and The Hague (March 2014). Cybersecurity is rapidly garnering increased international attention; concerns about cyber attacks targeting the vulnerabilities in nuclear installations were initially highlighted at the 2012 Nuclear Security Summit in Seoul.

Three working group reports are lined up for discussion this week at the Nuclear Industry Summit – NIS (an official side event of the Nuclear Security Summit) – on issues critical to nuclear security, and cybersecurity is one of the key areas.1Information Protection was put on the NIS table in 2012 at Seoul and the focus was brought on Industrial Automation/Control Systems protection in the subsequent NIS at Amsterdam in 2014. For the full article click here

from cyber security caucus http://ift.tt/22NYWlO
via IFTTT

CYBERSECURITY FIRM SET FOR AIM FLOAT

Osirium protects critical IT assets, infrastructures and devices by preventing targeted cyber-attacks from directly accessing privileged accounts.

The Theale business, which was founded in 2008, is expected to commence trading on AIM in April.

The funds will help Osirium accelerate its growth in the “thriving cybersecurity market” by appointing additional staff members to support the group’s sales and marketing strategy, investing in the continued research and development of its software modules and providing working capital for a “phase of rapid growth”. For the full article click here

from cyber security caucus http://ift.tt/1pK383X
via IFTTT

Tuesday 29 March 2016

U.S. and Germany expand cyber cooperation

The United States and Germany are taking a “whole-of-government” approach to their collaboration in cybersecurity, according to a joint statement released by the State Department after two days of talks.

The fourth round of the U.S.-Germany Cyber Bilateral Meeting took place March 22-23, in Washington, D.C., emphasizing how the inter-agency approach allows “for more in-depth cooperation on a wide range of cyber issues and our increased collaboration on both strategic and operational objectives,” according to the statement.

The talks also examined how international law applies to cyberspace, how countries should act according to that framework, and how Germany specifically, will continue to set the standards as chair of the Organization of Security and Cooperation in Europe. For the full article click here

from cyber security caucus http://ift.tt/1MPsNNZ
via IFTTT

SMU-SIS and Certis CISCO collaborate on cybersecurity education and research

The School of Information Systems of Singapore Management University (SMU-SIS) has signed a Memorandum of Understanding (MOU) with managed security services provider Quann – a business unit of Certis CISCO – to jointly promote and develop cybersecurity education and research in Singapore among students in tertiary education and cybersecurity professionals.

The MOU was signed on 21 March 2016 by Professor Steven Miller, SMU’s Vice Provost (Research) and Dean (School of Information Systems); and Foo Siang Tse, Managing Director of Quann.

Under the five-year partnership, SIS will provide mentorship to Quann trainers and co-conduct courses offered by Quann. Both parties will jointly develop cybersecurity courses.

Meanwhile, selected SIS undergraduates and Master’s students will be offered Quann Scholarship; and SIS undergraduates will have the chance to intern at the company.

“The shortage of skilled cyber security specialists and experienced managers with cybersecurity depth is a national problem. Many organisations fall short in their cybersecurity efforts despite their large investments in technology because they don’t have the right expertise and the necessary management awareness of what to do. Our partnership with Quann is an important step in the strategic direction of building stronger skills and capabilities in cybersecurity,” said Professor Miller. For the full article click here

from cyber security caucus http://ift.tt/1pXzER1
via IFTTT

GreenKey and Symphony to Test App for Capturing Voice Quotes

In other FinTech news, performance and portfolio management provider Baxon embraces Preqin data as Duff & Phelps expands it cybersecurity practice.

Symphony to Integrate Greenkey App into Messaging

Startup GreenKey, creator of “an extremely thin web application” for voice-based collaboration among financial services firms, is releasing a pilot version of a “voice quote capture” application. It will be available for enterprise clients of messaging vendor Symphony Communication Services for a pilot test, say officials from both vendors.

The Symphony system was launched in September 2015 and has the backing of major financial institutions.

GreenKey offers “softphone capabilities over a secure voice network without hardware,” vendor officials explain. “The GreenKey cloud-based voice software completely replicates the functionality of legacy hardware turrets and T1 lines, but at a fraction of the cost. Users can access the voice software from any device and push-to-talk concurrently in real time with an unlimited amount of users.” For the full article click here

from cyber security caucus http://ift.tt/1RoRZA8
via IFTTT

NIST Cybersecurity Framework Adoption Linked to Higher Security Confidence According to New Research from Tenable Network Security

COLUMBIA, Md.–(BUSINESS WIRE)–Tenable Network Security, Inc., a global leader transforming security technology for the business needs of tomorrow, revealed today that overall security confidence was higher for organizations leveraging the U.S. National Institute of Standards and Technology (NIST) Framework for Improving Critical Infrastructure Cybersecurity(Cybersecurity Framework), according to findings from the Trends in Security Framework Adoption Survey (PDF).

The survey tallied responses from more than 300 U.S. security professionals from organizations of all sizes across key industry verticals to better understand the adoption patterns of the top security frameworks. While 84 percent of survey respondents reported using at least one security framework, 16 percent still do not leverage any security framework. According to survey data, the NIST Cybersecurity Framework is the most likely security framework to be adopted by organizations over the next year.

“Historically, CISOs have been hesitant to take full advantage of the NIST Cybersecurity Framework because of a high investment requirement and a lack of regulatory mandate,” said Ron Gula, CEO, Tenable Network Security. “This is changing as organizations begin to shift their mindset from moment-in-time compliance with frameworks like PCI DSS to continuous conformance with the NIST Cybersecurity Framework.”

Despite 70 percent of respondents praising the NIST Cybersecurity Framework as an industry best practice, more than 50 percent of current and future adopters said the level of investment needed in order to fully conform with the framework was high. For the full article click here

from cyber security caucus http://ift.tt/1RoS0UI
via IFTTT

Changes Needed to Meet Growing Cybersecurity Job Demand

Just recently, Hollywood Presbyterian Hospital paid approximately $17,000 to hackers holding its computer network hostage. This was just the latest in a long line of data breaches.

According to PrivacyRights.com, some of the other high-profile victims – just in 2016 – include the IRS (101,000 taxpayers), Washington State Health Authority (91,000 Medicaid patients), and Time Warner Cable (320,000 customers). The first quarter of 2016 has also seen data breaches at Hyatt Hotels, Neiman-Marcus, Wendy’s and too many other companies to list in this paragraph.

These data breaches highlight the need for cybersecurity experts, but according to a recent report by Experis Manpower Group, there is a global security talent shortage, including policy writers, ethical hackers, and technical security solutions engineers. In fact, by 2019, there will be a 1.5 million fewerinformation security workers than needed.

What’s contributing to this problem, what are the implications, and what can be done to close the gap? GoodCall spoke with several experts who offer a variety of thought-provoking responses. For the full article click here

from cyber security caucus http://ift.tt/1SjcRW7
via IFTTT

Monday 28 March 2016

Is NASA slow-rolling a cybersecurity breakthrough?

By Jason Miller | @jmillerWFED

NASA’s cybersecurity challenges continue to bubble up. About a week after my month-long investigative report into major shortcoming with the space agency’s approach to patching software, a private sector non-profit is calling NASA out for not moving fast enough on a potential cybersecurity breakthrough.

The Institute for Critical Infrastructure Technology (ICIT) is calling on NASA to unleash Gryphon X in a bulletin it published on March 23.

“Gryphon X was one of those proposals we’ve been waiting since the summer to hear more about,” said James Scott, ICIT’s co-founder and senior fellow. “We have good relationships with the C-level people at Ames Research Center, and we were on the Hill with NASA in the Senate in the fall, and it keeps coming up. There are several questions about what’s being done to secure technology, the Internet of Things connectivity of the critical infrastructure. We said, ‘Why not talk about Gryphon X?” and so we did. We didn’t think the proposal would be placed on ice for this long.”

Scott said Gryphon X is a concept that could change the cybersecurity game, and a little friendly push to NASA would help drum up more interest.

To read full article , Click here : http://ift.tt/1PBjTmW

from cyber security caucus http://ift.tt/1RLhD4a
via IFTTT

Wicomico students place in cyber security competition

In their first year of competition, Cadet Ryan More and Cadet Matthew Waggoner, a team of middle school students from the Civil Air Patrols’ WicomicoComposite Squadron in Salisbury, recently concluded a round of competition in the eighth season of CyberPatriot – the National Youth Cyber Defense Competition finishing 3rd place in the state of Maryland. In all, 3,379 teams registered to compete in CyberPatriot VIII.

Established by the Air Force Association, the CyberPatriot National Youth CyberEducation Program was created to excite, educate, and motivate students toward careers in cyber security and other science, technology, engineering and mathematics disciplines critical to our nation’s future.

CyberPatriot’s core program – the National Youth Cyber Defense Competition – challenges teams of two to six students across the United States, Canada, and fromDepartment of Defense schools abroad, to find and resolve cybersecurity vulnerabilities in simulated environments. For the full article click here

from cyber security caucus http://ift.tt/1REUUR7
via IFTTT

CloudLock integrates RSA Via Access

March 27, 2016 –

Cybersecurity-as-a-service solution providerCloudLock announced that through an interoperability collaboration with RSA, customers using the Cloud Access Security Broker (CASB) and cybersecurity platform will now have better control and security with RSA Via Access.

RSA Via Access is designed to automatically align authentication methods to an access request’s risk level by allowing administrators to prescribe identity assurance requirements and flexible step-up authentication policies based on security requirements. For instance, gaining access to an organization’s most essential assets might require biometric authentication methods, while less important assets would require a less strong level of assurance.

“Protecting our customers’ identities and securing access to their business assets is a critical first step,” said Manolo Gonzalez, Head of Alliance Partner Ecosystem at CloudLock. “We look forward to furthering our interoperability partnership with RSA to help solve the cybersecurity challenges our joint customers face at the intersection of CASB and identity.” For the full article click here

from cyber security caucus http://ift.tt/1TdQDJV
via IFTTT

Hackers Can Be Our Cybersecurity Allies

President Obama wants to boost federal spending on cybersecurity by $19 billion, which is to be commended. But unless we attract more people to the field, and see “hackers” as a valuable asset to society and national security, we’ll continue to have a shortage of cybersecurity professionals.

Last year Symantec CEO Michael Brown said “the demand for the cybersecurity workforce is expected to rise to six million globally by 2019, with a projected shortfall of 1.5 million.” The U.S. government’s chief information officer, Tony Scott, says there are more than 10,000 openings in the federal government for cybersecurity professionals. Each unfilled position represents a weakness in our cybersecurity armor. Why aren’t people jumping to fill the gaps? It’s definitely not the money. The average cybersecurity professional takes in a six-figure salary. The problem is lack of talent. A recent reportby the University of Massachusetts Boston found that 60% of colleges don’t even offer courses in network or information security. To keep up with our competitors, America needs to cultivate the next generation of cybersecurity personnel in colleges and high schools across the country. Here are three ways to get started For the full article click here

from cyber security caucus http://ift.tt/1REUUR1
via IFTTT

Singapore’s cyber security services provider e-Cop relaunches as Quann

Singapore-based Managed Security Services provider, e-Cop – also a business unit of security organisation Certis CISCO – has relaunched itself as Quann on 21 March 2016.

In line with this, the company has expanded its security offerings and Security Operations Centres (SOCs), as well as boosted investments in manpower development. Quann believes that these moves will enable it to expand its regional footprint across Asia Pacific and beyond.

The SOCs operate on Quann’s proprietary patented technologies that provide real-time, big data analytics to swiftly alert clients of potential threats. Quann will boost the capability of its SOCs through the integration of physical security monitoring to provide clients with visibility over their physical and digital assets.

“Following the relaunch, our new brand identity, renewed business focus and increased investments will bolster Quann’s capabilities to address the region’s growing need for cyber security services. This positions us well to achieve our ambition of four-fold growth by 2020 and become Asia-Pacific’s leading cyber security player,” said Foo Siang-tse, Managing Director, Quann. For the full article click here

from cyber security caucus http://ift.tt/1Rnlt1B
via IFTTT

BT Security calls for cybersecurity re-think at GISEC

BT has announced that its CEO Mark Hughes will deliver a keynote speech focused on ‘National Cyber Security Transformation’ during the 30th March, 10:30am session of GISEC.

Hughes will show how governments and organisations need to rethink their cyber strategies in the face of a rapidly changing cybersecurity landscape. BT is a Strategic Partner of the Gulf Information Security Expo and Conference (GISEC), part of the Future Technology Week taking place at the Dubai World Trade Centre from 29th to 31st March.

“With some of the highest levels of financial resources, energy resources and lucrative real estate investments concentrated in the region, coupled with a move towards smart government and smart services, this region can easily find itself in the spotlight of cyber attackers,” said Hughes. “We are pleased to see that governments realise the need for a comprehensive cybersecurity framework to secure business-critical data. GISEC is a great platform for us to engage with regional and global organisations and showcase solutions that will help them enhance their situational awareness and readiness in order to combat a more sophisticated generation of cyber threat actors.” For the full article click here

from cyber security caucus http://ift.tt/1ogcALx
via IFTTT

Saturday 26 March 2016

US Agencies Recorded 77,183 Cybersecurity Incidents in 2015, 10 Percent Rise

The Office of Management and Budget (OMB) has published its annual cybersecurity report for Congress, as required by the Federal Information Security Modernization Act of 2014.

The 95-page report covers cybersecurity incidents for the period from October 1, 2014, through September 30, 2015, and also includes an update on the government’s plans and expenses regarding its IT systems.

Cybersecurity incidents grew 10% in 2015

According to OMB officials, despite recent investments made in the government cybersecurity and IT systems, in 2015, government agencies reported 77,183 cybersecurity incidents, a number that grew 10% from 2014’s value, which was 69,851 incidents.

These incidents were reported by government agencies to the United States Computer Emergency Readiness Team (US-CERT). Sixteen percent of these were caused by “non-cyber” reasons, such as employees losing data storage devices that contained personally identifiable information. For the full article click here

from cyber security caucus http://ift.tt/1q7FOxz
via IFTTT

Father of China’s Great Firewall to lead new cybersecurity association

A national industry association for protecting cybersecurity, chaired by a leading figure in China’s internet censorship effort, was set up on in Beijing on Friday, Xinhua reported.

The newly founded Cyber Security Association of China – the first of its kind in the country – consists of companies in related industries, such as internet giants Baidu, Alibaba, Tencent and telecom firms China Mobile and China Unicom.

It also includes top universities and research institutes in the field, including the National University of Defence Technology, Peking University and some institutes under the Chinese Academy of Sciences.

Fang Binxing, known as the father of the Great Firewall for helping to develop the internet blocking apparatus, was elected the head of the association at yesterday’s inaugural meeting by 257 founding members.

The aim of the non-profit association was to “serve as a bridge” between the government and the public to “organise and mobilise forces in all aspects of society to participate in building China’s cybersecurity,” Xinhua said.

The association will play a guiding role in cybersecurity governance, help promote self-discipline in the industry and push for the establishment of industry standards, according to a statement on the internet regulator’s website. For the full article click here

from cyber security caucus http://ift.tt/1odazj9
via IFTTT

CVE, a key cybersecurity resource, is at risk inside and out

To know a threat, you have to name it. And before bugs got sexy brands like Heartbleed and Shellshock, a little-known but vital database tracked them by number.

Now, the Common Vulnerabilities and Exposures list, a 17-year-old database backed by the Department of Homeland Security and maintained by nonprofit government contractor Mitre, faces a flood of new bugs it has admitted it can’t handle. A proposal to update its operations is stalled amid infighting among experts.

Hundreds of software programs that guard against cyberthreats use the list’s nomenclature, and security researchers view getting a CVE number as a credential of sorts — a sign of legitimacy for their efforts to poke holes in software so they can be fixed before hackers exploit them.

Larry Cashdollar, a senior engineer at Akamai Technologies, still remembers when an odd flaw he found in a music-synthesizer program became CVE-1999-0765.

He was 23 when he discovered that ripping through the on-screen piano keys gave him administrative access to a Silicon Graphics workstation computer. He didn’t even have to contact CVE administrators to get his bug listed; he just sent a message about it to a popular bug-tracking email list, and someone picked it up from there. For the full article click here

from cyber security caucus http://ift.tt/1q7FQFB
via IFTTT

China launches first cybersecurity organisation: Report

BEIJING: China has launched its firstcybersecurity public organisation aimed at better safeguarding nationalcybersecurity and guiding internet companies in perform their duties, the media reported on Saturday. The CyberSecurity Association of China, launched in Beijing on Friday, consists of academic institutes, individuals and internet companies including Tencent and popular internet security company Qihu 360, the Global Times reported. For the full article click here

from cyber security caucus http://ift.tt/1ZDAAFO
via IFTTT

How To Share Threat Intelligence Through CISA: 10 Things To Know

If you want those liability protections the Cybersecurity Information Sharing Act promised, you must follow DHS’s new guidelines.

Share information about breaches, attacks, and threats with the federal government without fear of the legal repercussions — that’s the alluring promise of the Cybersecurity Information Sharing Act (CISA, passed as the Cybersecurity Act of 2015). However, those liability protections do not apply to any and all sharing, so if you want to be safe from litigation, you must share information through the guidelines recently released by the US Department of Homeland Security.

Security and privacy professionals alike were anxiously awaiting these guidelines because they answer some of the pervading questions about how privacy would be protected when CISA passed. They also provide some instructions — particularly for non-federal entities — on precisely how to conduct their information sharing activities under the new law. For the full article click here

from cyber security caucus http://ift.tt/1ZDAApw
via IFTTT

Friday 25 March 2016

Forest for the Trees: Impact vs. Likelihood

InfoGPS is a unique company. It is unique in the fact that our existence is borne of problems the founders have had during their careers in IT Risk. It is not the result of a highly skilled individuals who are coding a solution to a specific subsection of a regulation. We own this distinction and it drives many of our conversations about value. In fair disclosure, I am one of the founders but I do not want this to be a blog about us. I want it to continue the discussion we have started about the importance of focusing on sensitive information as the driver of risk. I remain astounded when I have the opportunity to talk to the top 25 CPA Firms, the IT Auditors at our largest companies, the most successful of the companies that our IT Security dollars are directed; and they all have the same 2) issues:

We are swamped trying to understand and implement the proper controls to prevent data loss. The demand of assistance is overwhelming our resources to handle the requests.
We are not employing independent tools to fundamentally understand the asset we are trying to help protect – we don’t know where data is any more than our clients.

The result of this mismatch is an ongoing issue: we know more about how to reduce the likelihood of breach by interpreting the sufficiency of controls, than we do about what assets are at risk in the first place.

To read full article , click here : http://ift.tt/1WOw99D

from cyber security caucus http://ift.tt/1SlyDLl
via IFTTT

State cybersecurity initiative nurtures six new startup companies

Virginia is accelerating its development of cybersecurity technologies by having a group of six startup companies undergo an intensive, 90-day mentoring program that will require them to establish a business presence in the state.

The MACH37 Cybersecurity Accelerator, a spinoff of the state-supported Center for Innovative Technology, said Thursday it has selected six startup firms — mostly from the United States — to begin the program this spring.

The companies — Gyomo, Hill Top Security, NormShield, PCPursuit, Provenance and Unblinkr — each will receive a $50,000 grant from MACH37 to turn their cybersecurity technologies into sustainable companies for investors.

“In return for the investment from Virginia and MACH37, they have to come to Virginia,” said Kevin May, spokesman for the Center for Innovative Technology, established in the mid-1980s by then-Gov. Charles S. Robb to nurture technology-based industries in the state. For the full article click here

from cyber security caucus http://ift.tt/1LMqbW5
via IFTTT

Chuck Brooks ’79 Receives Cybersecurity Excellence Award

Charles “Chuck” Brooks, vice president for government relations and marketing at Sutherland Government Services and a 1979 graduate of DePauw University, has been named “Marketer of the Year” in the Cybersecurity Excellence Awards. The honor recognizes “individuals and companies that demonstrate excellence, innovation and leadership in information security.”

Brooks has served as vice president and client executive for Xerox for the Department of Homeland Security and was the first director of legislative affairs for the Science and Technology Directorate of the Department of Homeland Security. He also served six years as a defense and foreign adviser to the late Senator Arlen Specter and is currently adviser to the Technology Partner Network (TPM) of the Bill & Melinda Gates Foundation. For the full article click here

from cyber security caucus http://ift.tt/1LMq9xH
via IFTTT

Cybersecurity’s Moment and What it Means for Financial Services

The recent announcement of President Barack Obama’s Cybersecurity National Action Plan, with programs aimed at improving the security of public and private data,[1] is a reminder that cybersecurity—including identifying, defending against, recovering from, and notifying others about cyber attacks—is having its moment.

With the world becoming ever more connected, the number of cyber attacks, and the level of sophistication of those attacks, continues to increase. The goals of cyber attackers are evolving from traditional criminal activities to attacks aimed at disrupting major infrastructure and economic activity, and the financial sector is a particularly appealing target.[2] Significantly, the impact of an attack is not isolated to the target entity—it can affect partners, vendors, customers, consumers, even entire markets. As such, the growing recognition of the threat and the urgency to act by regulatory agencies, Congress, and the president himself is hardly surprising. Using a variety of tools and methods at its disposal, the federal government is putting ever more emphasis on cybersecurity as a core national priority.

While it would be impractical to review all federal cybersecurity activity over the last year, certain actions, and the trends they indicate, are of particular interest and relevance to the financial services sector For the full article click here

from cyber security caucus http://ift.tt/1T9fQoT
via IFTTT

3 cybersecurity threats to watch out for in 2016

As more and more people go online and access new applications and technology, the world’s population becomes more vulnerable to security threats and cyber attacks.

Around four billion people or 50 billion devices are expected to connect to the internet by 2020, according to a statement released by CommunicAsia2016 Summit on Friday.

Pierre Noel, chief security officer and advisor of Microsoft Asia and one of the speakers at the upcoming CommunicAsia2016, said there are at least three new threats to keep an eye on this year.

1. Mobile Malware

Malware or hostile and intrusive software may soon invade mobile devices, which are now being used more often to connect to the internet. Noel said the world will see cybercriminals targeting mobile devices by infiltrating operating systems and releasing malware-infected applications.

Hacking into mobile devices will especially be attractive to cybercriminals as mobile payment systems become popular. For the full article click here

from cyber security caucus http://ift.tt/1T9fSwR
via IFTTT

Michael Zweiback Rejoins Alston & Bird, Expanding Privacy, Data Security Capabilities

Alston & Bird recently announced that former federal prosecutor Michael Zweiback has rejoined the firm as partner in its Privacy & Data Security Practice and Government & Internal Investigations Group, bringing not only extensive experience in cybersecurity, but also an exceptional background in white collar criminal defense and government enforcement litigation. Based in the firm’s Los Angeles office, he arrives from Arent Fox LLP, where he was a partner and co-leader of its Cybersecurity and Data Protection Group.

“At a time when cybercrime, privacy and data security are in the headlines almost daily and continue to have the attention of the largest companies and their boards, Mike’s extraordinary background and experience make him an invaluable resource for clients and a welcome addition to our firm,” said Jim Harvey, partner and co-chair of Alston & Bird’s Privacy & Data Security Practice. For the full article click here

from cyber security caucus http://ift.tt/1UNoDOm
via IFTTT

Thursday 24 March 2016

High-Profile Cyberattacks Spark Huge Boom for London Cybersecurity Jobs

A new study has revealed that the rise in cyber threats had led to a greater demand for cyber security experts. The study found that the number of technology jobs in London has grown approximately 30%, which has led to the widening digital skills gap in the UK. The cyber security space is one of the major areas where companies are most in need of qualified employees. Here to comment on this news is Richard Beck, Head of Cyber Security at training company QA. It’s well-known within the industry that demand for cyber security professionals is set to outstrip supply by a third before the end of decade. We recently asked IT decision makers about their key areas for investment to protect their organisations from cyber threats in 2016. Over two thirds (70%) said they plan to invest in hiring qualified cyber security professionals in the coming year. But where are these people going to come from? With cyber roles taking on average 3 months to fill, and salaries of those on the market escalating, organisations will find themselves at risk of cyber attack. However, rather than paying premium rates for cyber talent and waiting long lead times to fill them, we have seen real success where organisations have raised awareness amongst their employees of potential threats and re trained and up skilled existing roles responsible for cyber security.” For the full article click here

from cyber security caucus http://ift.tt/1LJtyNG
via IFTTT

Obamacare online portal has logged 316 cybersecurity incidents, report says

WASHINGTON – The web portal used by millions of consumers to get health insurance under President Barack Obama’s law has logged more than 300 cybersecurity incidents and remains vulnerable to hackers, nonpartisan congressional investigators said Wednesday.

The Government Accountability Office said none of the 316 security incidents appeared to have led to the release of sensitive data on HealthCare.gov, such as names, birth dates, addresses, Social Security numbers, financial information, or other personal information.

Most of the incidents over nearly 18 months seemed to have involved electronic probing by hackers. HealthCare.gov offers subsidized private health insurance for people who don’t have access to workplace coverage. For the full article click here

from cyber security caucus http://ift.tt/1LJtygH
via IFTTT

“How collective bargaining undermines cybersecurity”

After the Immigration and Customs Enforcement Agency (ICE) noticed a rash of malware infections, it told employees to stop accessing personal webmail accounts from their government computers. Oh, no, said the American Federation of Government Employees (AFGE), which grieved the change as having been made without prior bargaining with the union. An arbitrator agreed, ruling that “federal law did not give federal agencies ‘sole and exclusive discretion’ to manage its information technology systems.” ICE appealed, but the Federal Labor Relations Authority (FLRA) “also sided with the union.” [Washington Times]

P.S. Reports of problems at the U.S. Embassy in London suggests that controls on employee use of at-work computers to send and receive private email might need some tightening up at the State Department too. For the full article click here

from cyber security caucus http://ift.tt/21IKe9H
via IFTTT

Cash-strapped EU cybersecurity agency battles Greece to close expensive second office

The EU cybersecurity agency ENISA just won support from MEPs in a drawn-out battle with the Greek government over its costly division between two offices in Athens and Crete.

The European Union Agency for Network and Information Security (ENISA) has been pushing to close its headquarters in Heraklion, Crete’s largest city, and move all of the agency’s staff into its Athens office. But staff say local politics have kept the Crete office open, although it has already cost the Greek government around €1 million in unnecessary fees.

Since 2013, the agency has kept two offices open. Most other EU agencies only have one. The Greek government pays ENISA’s annual rent of around €640,000—an uncommon arrangement for EU agencies—as a gesture meant to make the remote island location more attractive. For the full article click here

from cyber security caucus http://ift.tt/1LJtyNw
via IFTTT

Burlington firm walks businesses through cyber security

Justin Fimlaid kept Keurig Green Mountain’s cyber secrets from 2009 to 2013. Then, Fimlaid founded his own firm, NuHarbor Security in Burlington, partly because he was so dissatisfied with the help he tried to hire to protect information while at Keurig.

“When I was at Keurig I had budget dollars to get vendors in to help out with various initiatives,” Fimlaid said. “I never found anybody I was impressed with. In almost every case we would hire some of the largest providers to come in and do the work for us, but at the end of the day, Nate and I were teaching these guys how to do their jobs.”

Working with Fimlaid at Keurig was Nate Couture, now chief technology officer at NuHarbor.

Fimlaid, 36, saw a business opportunity, and in 2013 he took it. In addition to bringing Couture with him from Keurig, he brought Scott Mosher on board as chief operating officer. Mosher, the former boy’s soccer coach at Essex High School, had a previous life in high tech, working for software companies in California, Seattle and Massachusetts. For the full article click here

from cyber security caucus http://ift.tt/21IKdTa
via IFTTT

Wednesday 23 March 2016

National cybersecurity agency honours Computerworld Malaysia for second year running, wins two awards

CyberSecurity Malaysia has honoured Computerworld Malaysia for the second consecutive year during the national cyber security agency’s second annual IT and media awards ceremony, supported by officials from the Ministry of Science, Technology & Innovation [MOSTI].

During the ceremony held 22 March 2016 at KL Hilton, the MOSTI minister YAB presented Computerworld Malaysia editor AvantiKumar with two awards including a personal award as journalist for coverage throughout 2015.

In his welcome note, CyberSecurity Malaysia’s Chairman YAB General Tan Sri Dato’ Seri Panglima Mohd Azumi bin Mohamed (Retired) commended the role played by the recipients in increasing cyber security awareness in the country.

“The presence of the [MOSTI] minister is testimony to the importance of the appreciation given today to the media,” he said. “Cyber security resilience requires the equal participation of both the public and private sectors and the support of media, which provided accurate and ethical reporting. During 2015, the media’s coverage of national CyberSecurity Malaysia initiatives reached almost 1000 features amounting to about RM15 million worth of PR (public relations) value.” For the full article click here

from cyber security caucus http://ift.tt/1WI8Ga7
via IFTTT

New UK cyber security centre to work with Bank of England

The UK’s new national cyber centre will collaborate with the Bank of England on new cyber security guidance for financial firms when it opens later this year, the government has said.

The Cabinet Office announced that the National Cyber Security Centre (NCSC) will be based in London and start operating in October. It said one of the NCSC’s first tasks will be to work with the Bank of England to “produce advice for the financial sector for managing cyber security effectively”.

“This important work with the Bank of England is paramount to ensuring that businesses of all shapes and sizes understand the threats and what they can do to mitigate them,” Cabinet Office minister Matt Hancock said. “We’ll do this by informing the entire business community and public sector about emerging threats, providing support when attacks happen and educating everyone on how best to stay safe online.”

The NCSC is being set up to aggregate “the UK’s cyber expertise”, the Cabinet Office said. It said the NCSC “will be the authoritative voice on information security in the UK”. The current director general of cyber at GCHQ, Ciaran Martin, will lead the new organisation and Dr Ian Levy, GCHQ’s current technical director of cyber security, will take on the role of the NCSC’s technical director, the Cabinet Office said. For the full article click here

from cyber security caucus http://ift.tt/1q22uiC
via IFTTT

Should you worry that your car will be hacked?

Cybersecurity Investing Summit Coming To The New York Stock Exchange

A unique event featuring investment opportunities in the fast-growing cybersecurity industry will take place on Wall Street in New York City on May 3rd.

The Cyber Investing Summit — billed as the world’s first of its kind — brings cybersecurity experts, venture capitalists, corporate investors, and financial analysts together for a one-day conference focusing on the trends and revenue generating opportunities in the cyber sector.

Andrew Chanin, CEO at PureFunds — and known by many as the 29-year-old who grew a $1 billion tech fund in less than a year — is co-founder of the Summit and a featured speaker.

Juniper Research recently predicted that the rapid digitization of consumers’ lives and enterprise records will increase the cost of data breaches to $2.1 trillion globally by 2019, increasing to almost four times the estimated cost of breaches in 2015. For the full article click here

from cyber security caucus http://ift.tt/1Rk7ckQ
via IFTTT

New Brunswick’s Cybersecurity Opportunity

FREDERICTON—How safe is your personal data? Your credit card number, social insurance number, health records and bank information? Here’s a reality check: it’s probably not as safe as you think.

Every day, hackers around the world are trying to break into company websites and data records, seeking out private information to sell on the black market.

David Shipley, a cybersecurity expert at the University of New Brunswick, has seen it firsthand. “In a peak time last year, we were getting as many as 145 attempts a second to breach our network in Fredericton,” he said.

Hackers are professionals, not just kids hiding out in the basement. For the full article click here

from cyber security caucus http://ift.tt/1Rk79pk
via IFTTT

Tuesday 22 March 2016

Fortinet Launches New Training Initiatives To Combat Cybersecurity Skills Shortage, Aid Returning Vets

Ask almost any security solution provider to describe the toughest challenge today in helping meet customers’ needs, and you’re likely to hear that it’s finding the talent to fill open security positions. Fortinet is looking to change that dynamic, launching a new training initiative Tuesday to bring more students and military veterans into the field.

The Fortinet Network Security Academy will have sites around the country at local universities and organizations to provide sponsored content and certifications. The free training, which builds on the company’s current training, is based on courses previously offered only to partners and customers, and is designed to bring professors up to speed with the latest in security trends as well as Fortinet technology.

Fortinet, based in Sunnyvale, Calif., already has seven universities globally signed up and plans to have 20 organizations by the end of the quarter, according Joe Sykora, vice president of Americas channels and enhanced technologies. Partners are involved in many of the training engagements, Sykora said. As Fortinet expands the sites through which it is offering training, Sykora said, he hopes to engage with local partners to both help with training and develop intern For the full article click here

from cyber security caucus http://ift.tt/1VzfaK1
via IFTTT

The future of cybersecurity: a growth area with a talent gap

Cybersecurity has progressed rapidly in recent years. Necessity is the overriding force in its evolution, as the IT sector has seen cyberattacks become more common and more harmful than ever before.

The fear of Y2K hackers has, since 2000, transformed into real-time prevention and understanding of advanced persistent threats (APTs). The bankers, brokers and healthcare institutions that have been concerned with cybersecurity since its early days have now been joined by a much wider demographic.

Many tasks of everyday life are completed online. And, if there is a presence online, there is a risk online. As such, reducing security vulnerabilities across infrastructure and software has become a mammoth division in the IT world. For the full article click here

from cyber security caucus http://ift.tt/21F69P9
via IFTTT

IoT Causes New Wave Of Healthcare Cybersecurity Concerns

The Internet of Things (IoT), or Internet of Healthcare Things (IoHT) as it’s known within the healthcare industry, is becoming a tangible reality. As it does, its running head long into a healthcare environment that is functioning within an increasingly hostile cybersecurity environment.

The convergence of these two factors was addressed recently at HIMSS16, according toHealth IT News.

Experts expect that by 2020, more than 50 billion objects will be connected to the IoT, and a full 6 billion will be connected in 2016 alone. In healthcare, these growth rates mean that every wearable sensor and home monitoring system presents a new level of vulnerability to hackers and internal threat actors. For the full article click here

from cyber security caucus http://ift.tt/1VzfaJQ
via IFTTT

Cyber Security Agency of Singapore holds first multi-sector cyberattack exercise

SINGAPORE – The Cyber Security Agency of Singapore carried out its first multi-sector exercise on Tuesday (March 22), in conjunction with the opening of the agency’s new Cyber Forensics Laboratory.

The exercise, named Cyber Star, aimed to bring together multiple agencies from different sectors in times of a cybersecurity incident, such as a malware infection or large-scale distributed denial of services attack, which may bring down the networks of entire agencies.

“CSA has made good progress since it was set up a year ago,” said Deputy Prime Minister Teo Chee Hean, who was at CSA to observe the exercise. For the full article click here

from cyber security caucus http://ift.tt/1Vzfcl0
via IFTTT

Put your cyber-security through the wringer with the Cyber Resilience War Game

A cyber-attack hits you out of the blue – a sucker punch you’ll never see coming. Ernst & Young’s Cyber Resilience War Game stress tests an organization’s incident response, putting its cyber-disaster preparedness through an acid test by simulating a full-scale cyber-attack.

It’s a widespread belief that a person remembers 10 percent of what he reads, and over 20 percent of what he sees. But, if one is made to experience a simulation, he remembers a great deal more, and the information is retained over a longer span of time, creating a profound impact on one’s outlook.

This is the underlying philosophy that led Ernst & Young to develop the Cyber Resilience War Game. A ‘gamified’ approach that stress tests an organization’s incident response plans and identifies strengths and weaknesses of their communications, protocols, and cyber disaster preparedness.

EY has successfully completed these Cyber War Games with top 79 CEOs, as well as in-house sessions for CXOs of leading companies across sectors like e-commerce, technology, telecom and consumer products. For the full article click here

from cyber security caucus http://ift.tt/1Vzfc4A
via IFTTT

Monday 21 March 2016

Cisco to address cybersecurity risks hindering digital ambitions at GISEC

Cisco announced its participation in the Gulf Information Security Expo and Conference (GISEC 2016), which will take place under the collective banner of Future Technology Week, at the Dubai World Trade Centre from 29th to 31st March.

The company will showcase its strategy of ‘Threat–centric Security’, which includes threat detection, defense and secure remote access. Cisco aims to use the GISEC platform to highlight its next-generation security solutions that deliver advanced threat protection across the entire attack continuum before, during, and after an attack.

At GISEC, Adam Philpott, Director of Cybersecurity, Cisco EMEA, will address issues related to digital transformation and how businesses can accelerate their digital strategies, whilst reducing the associated risks in a unique, scalable way. His keynote, titled ‘Accelerate the Digital Journey, Securely’, will be delivered on March 31st, 2016 and will also examine challenges in providing cybersecurity for the real world. For the full article click here

from cyber security caucus http://ift.tt/1S0tPbF
via IFTTT

BeyondTrust Continues Tradition of Product Excellence in Privilege and Vulnerability Management With New Industry Recognitions

PHOENIX–(BUSINESS WIRE)–BeyondTrust, the leading cyber security company dedicated to preventing privilege misuse and stopping unauthorized access, today announced that the company’s PowerBroker privileged access management suite received the highest possible rating in SC Magazine’s annual Privileged Access Management Group Test. In addition, multiple solutions offered in the company’s PowerBroker privileged access management and Retina vulnerability management portfolios earned special distinctions from Info Security Products Guide’s 12th Annual Global Excellence Awards.In SC Magazine’s annual Privileged Access Management Group Testpublished on March 1, 2016, PowerBroker privileged access management earned a 5-star rating – the highest achievable rating a reviewed solution can receive. In addition to its traditional quality and complete integration into the BeyondInsight platform, SC Magazine cited PowerBroker’s exceptional reporting and analytics capabilities as important strengths of the solution suite’s offerings. PowerBroker was also noted for its flexibility, which provides automation for dynamically managing systems as they are added to the environment. For this, PowerBroker received the Overall Recommended rating vs. all PAM tools reviewed. For the full article click here

from cyber security caucus http://ift.tt/1S0tR3e
via IFTTT

Homeland Security Department Launches Cyber Threat Sharing Platform

The U.S. Department of Homeland Security on Thursday launched a platform that allows the government and private sector to exchange cybersecurity threat information with one another, part of a larger federal push to bolster cybersecurity.

The Automated Indicator Sharing initiative has about six participants spanning the energy and technology sectors, as well as both small and large companies, said Andy Ozment, DHS’ assistant secretary for cybersecurity and communications. Groups have begun testing their ability to share and receive indicators, but there is not yet sharing at a massive scale.

“This is going to be a gradual process,” Mr. Ozment said in an interview. “It’s not our intent on day one to serve every company in the nation.” Early adopters have an advantage, he said, because their feedback can help shape the direction of the platform For the full article click here

from cyber security caucus http://ift.tt/1UfokfH
via IFTTT

SWIFT to Warn Banks on Cybersecurity

Global financial messaging body SWIFT is to issue emergency advice to the world’s banks on cybersecurity following the $81 million online heist that hit Bangladesh’s central bank earlier this month.

A spokeswoman for the group told Reuters that it would be sending a written note and calling up the banks in person, urging them to review their security posture.

“Our priority at this time is to encourage customers to review and, where necessary, to reinforce their local operating environments,” she said.

The group has maintained that its network was not compromised in the attack, but instead that it was an “internal operational issue” at Bangladesh Bank.

FireEye’s Mandiant forensics unit is investigating the incident and claimed in an interim report seen by the newswire that hackers managed to access the bank’s network, steal credentials allowing them to send SWIFT messages, and use malware to target the computers which process and authorize transactions. For the full article click here

from cyber security caucus http://ift.tt/1Ufoio5
via IFTTT

Argus Takes Center Stage at Two Major Automotive Cyber Security Events in Detroit

Following the FBI-DoT-NHTSA March 17 public service announcement (PSA), Argus Cyber Security Ltd., the automotive cyber security pioneer, will participate in three panels at two major automotive cyber security events – the 3^rd Annual Automotive Cyber Security Summit and the TU Automotive Cyber Security conference.

LaVern Sula, Argus’ President of North America, and former Global Engineering Director, Vehicle Cyber-Security at General Motors, will participate on the Automotive Cyber Security Summit Keynote Panel titled “The Next Steps for OEM and Tier 1 Companies in Standardizing Cybersecurity Mitigation.” Sula will share her knowledge on improving collaboration between the automotive industry, security vendors and regulators.

Yoni Heilbronn, Argus’ VP Marketing, will participate on the panel titled, “Security and Next Gen Automotive Technology” at TU Automotive Cyber Security. Heilbronn will discuss current trends and future challenges faced by automakers as they advance car connectivity and autonomous driving. Also at TU Automotive Cyber Security, the company’s Lead Researcher, Ofer Kapota, will share his views on the Roundtable titled “Real Life Telematics Attacks and Vulnerabilities.” Kapota will offer insights from research conducted by Argus on telematics and infotainment systems. For the full article click here

from cyber security caucus http://ift.tt/1S0tOV9
via IFTTT

Saturday 19 March 2016

Cybersecurity Stocks Head to Head: FireEye (FEYE) vs. Fortinet (FTNT)

Headquartered in Milpitas, California, FireEye provides security platform for cyber-attacks to enterprises and governments. The company offers web security, email security, file security, and malware analysis. It provides products and services through distributors, resellers, and strategic partners primarily in the United States and internationally.

The company sits at a Zacks Rank #3 (Hold), and its industry, INTERNET SOFTWARE, falls in the top 17% of all 265 industries ranked on the Zacks Industry Rank.

FireEye has a beta of 0.36, and a trailing 12 month Return on Equity (ROE) of -47.0%. Its net profit margin is -86.56%, which means its expenses are greater than its sales, and its current ratio is 3.03. FireEye’s EPS is projected to see year-over-year growth of -11.50% for the current quarter and 4.44% for the current year. For the full article click here

from cyber security caucus http://ift.tt/1MtKp1C
via IFTTT

NJBPU approves cybersecurity measures

TRENTON – The board that regulates New Jersey’s utilities has adopted a set of policies to protect against cyberattacks.

The New Jersey Board of Public Utilities on Friday adopted a set of requirements that will apply to the state’s regulated electric, natural gas, water and wastewater utilities.

The utilities will be required to develop programs and procedures to identify and mitigate risks, report cyber incidents and suspicious activity, create incident response and recovery plans and provide training programs.

“As cyberattacks against utility systems nationwide continue to increase in number and sophistication, addressing cybersecurity is a top priority to enhancing the security and reliability of utility service in New Jersey and across the nation,” BPU President Richard Mroz said in a statement. For the full article click here

from cyber security caucus http://ift.tt/1T11ern
via IFTTT

Feds to share cybersecurity threat info with businesses

WASHINGTON — The Homeland Security Department on Thursday formally began sharing details of new digital threats with private business and other government agencies, a culmination of a longtime effort to improve cybersecurity.

“This is the ‘if you see something, say something’ of cybersecurity,” said Homeland Security Secretary Jeh Johnson at the agency’s Virginia-based data sharing hub, the National Cybersecurity and Communications Integration Center

A federal law passed at the end of 2015 was intended to encourage corporations to shareinformation about cyberthreats, making it harder for businesses to be targeted by threats used elsewhere.

The program is voluntary, and the number of companies that will participate or how effective the program will be remains unclear.

Companies have long been reluctant to acknowledge security failures. As of Thursday, about six organizations had signed up and others have expressed interest, Andy Ozment, the assistant cybersecurity secretary at Homeland Security, said. The names of companies participating are closely held, and records about their involvement are exempt from disclosure under the Freedom of Information Act. For the full article click here

from cyber security caucus http://ift.tt/1RtaEGG
via IFTTT

Bank of England to work with new cybersecurity body

The first task of Britain’s new cybersecurity centre will be to work with the Bank of England, the government has announced.

The work will involve setting standards for the financial sector in terms of resilience to the type of cyber threats which could undermine the UK economy.

The new body – now renamed the National Cyber Security Centre (NCSC) – was unveiled last year by the Chancellor.

It is designed to bring the UK’s cyber expertise into one place.

Ciaran Martin, currently a senior official at GCHQ, will be the NCSC’s first head.

“We need to have a one-stop shop that people inside and outside government can go to,” Matthew Hancock, the Minister for the Cabinet Office told the BBC, saying that the NCSC will aim to be the authoritative voice on information security in the UK. For the full article click here

from cyber security caucus http://ift.tt/1T11bMc
via IFTTT

Secure Sterling Heights lab aims to boost cybersecurity

Businesses are getting access to a new, secure computer lab that’s part of an effort to hone software and train specialists in cyberdefense.

The Velocity Hub in Sterling Heights is linked to the Michigan Cyber Range, offering a place for training and exercises to simulate data hacks and test the effectiveness of software or networks for defense contractors, the auto industry and other businesses.

The lab is a place for businesses to work securely and should help boost collaboration between companies, the state and others on cybersecurity, said Jennifer Tisdale, cyberprogram manager for the defense and auto offices of the Michigan Economic Development Corp. For the full article click here

from cyber security caucus http://ift.tt/1RtaG1t
via IFTTT

Friday 18 March 2016

What we’ve learned from malware epidemics

Cybersecurity breaches are the norm rather than the exception today, although they have changed over the years. They’re rarely the worms of early 2000’s fame.

Instead, malware programs lie in wait – sometimes for months at a time – before springing forth to capture personal identity information (PII), syphon money to undisclosed locations and accounts, and wreak havoc around the cyber-sphere.

Over the course of the last decade, as cybersecurity breaches have become more invasive, everyone on the web has been forced to adapt. Indeed, some of the most malicious malware attacks in recent years have incited a major reevaluation of how corporations, security professionals, and individual users approach data management and protection. For the full article click here

from cyber security caucus http://ift.tt/1SXZdw8
via IFTTT

Car Cybersecurity: FBI Says Motor Vehicles ‘Increasingly Vulnerable’ To Hacking

The FBI and U.S. National Highway Traffic Safety Administration (NHTSA) Thursday warned vehicle owners and automakers of possible hacking. A joint statement by the two agencies said that motor vehicles are “increasingly vulnerable” to hacking.

The bulletin said criminals are likely to make use of online vehicle software updates by sending fake “email messages to vehicle owners who are looking to obtain legitimate software updates. Instead, the recipients could be tricked into clicking links to malicious websites or opening attachments containing malicious software.”

“Modern motor vehicles often include new connected vehicle technologies that aim to provide benefits such as added safety features, improved fuel economy, and greater overall convenience,” the FBI and NHTSA said in the statement. “Aftermarket devices are also providing consumers with new features to monitor the status of their vehicles. However, with this increased connectivity, it is important that consumers and manufacturers maintain awareness of potential cyber security threats.” For the full article click here

from cyber security caucus http://ift.tt/1WvBOkD
via IFTTT

Most students say cyber security is a growing threat

Some 70% of higher education students say they are aware that cyber crime and attacks are a threat, but less than half think security is their responsibility

Students in higher and further education are aware of the importance of cyber security, with 77% recognising it as a growing threat.

But only 35% think it is their responsibility to learn about cyber security, and fewer than 20% say they are concerned about it.

Research by digital education services firm Jisc found that media exposure of cyber attacks on large companies is raising awareness of cyber security among undergraduates and others in higher education. For the full article click here

from cyber security caucus http://ift.tt/1SXZbUY
via IFTTT

Secure computer lab part of effort to boost cybersecurity

STERLING HEIGHTS, Mich. (AP) – A new, secure computer lab that’s part of an effort to hone software and train specialists in cyberdefense is opening in suburban Detroit.

The facility in Sterling Heights is linked to the Michigan Cyber Range, offering a place for training and exercises to simulate data hacks and test the effectiveness of software or networks for defense contractors, the auto industry and other businesses.

Jennifer Tisdale, cyberprogram manager for the defense and auto offices of the Michigan Economic Development Corp., says the lab offers the opportunity for businesses, the state and others to work together on cybersecurity issues that are increasing in importance. For the full article click here

from cyber security caucus http://ift.tt/1WvBLpd
via IFTTT

Stocks advance…Sharing cybersecurity info…Joint TV effort

SEOUL, South Korea (AP) — International stock markets mostly advanced today amid higher prices for commodities, including crude oil, after the Federal Reserve’s decision for a slower rate hike underpinned sentiment. But shares in Tokyo fell as the yen’s strength worried investors. Futures point to a moderately higher Wall Street opening. Benchmark U.S. crude oil fell below $40 per barrel. The dollar fell against the yen and gained slightly against the euro.

WASHINGTON (AP) — The Homeland Security Department is now formally sharing details of new digital threats with private business and other government agencies. It’s seen as culmination of a longtime effort to improve cybersecurity. The program is voluntary, and the number of companies that will participate or how effective the program will be remains unclear. Companies have long been reluctant to acknowledge security failures. So far, about six organizations had signed up and others have expressed interest.

COPENHAGEN, Denmark (AP) — Denmark’s high-end electronics company Bang & Olufsen is joining forces with South Korea’s LG Electronics to make televisions that make use of the latest screen technology. Chief executive Tue Mantoni said today that the “strategic technology partnership” with the world’s second-largest TV maker will allow his company “to stay at the forefront of innovation.” No financial details were disclosed but the hope is that a new television with an organic light-emitting diode screen will emerge in 2017. For the full article click here

from cyber security caucus http://ift.tt/1RT2aJu
via IFTTT

Thursday 17 March 2016

GCC spend on cyber security to triple to $1bn

GCC countries are among the global leaders in cybersecurity preparedness, with the region’s network security spend tripling to $1 billion by 2018, industry experts said at an IT security form in Abu Dhabi, UAE today (March 17).

Infosecurity Middle East is being held as part of International Exhibition for Security and National Resilience (ISNR), the region’s foremost platform dedicated to homeland security, safety and national resilience at the Abu Dhabi National Exhibition Centre.

Organized by the UAE Ministry of Interior and Reed Exhibitions Middle East, the event includes Emergency Response and Disaster Prevention, Fire Fighting Middle East, and Occupational Safety and Health Middle East.

At Infosecurity Middle East’s 6th International Cyber Crime Conference, localized from Europe’s leading cyber security exhibition, law enforcement, legal, and business and IT experts debated and discussed Smart City, Internet of Things, and financial cyber security, the UAE National Agenda for Information Security, and online safety and privacy for children. For the full article click here

from cyber security caucus http://ift.tt/1SVrZh2
via IFTTT

Cyphort-Ponemon Study: 34% of Senior Execs Unaware of Their Firms’ Cybersecurity Challenges

A Cyphort-commissioned survey indicates about 34 percent of C-level corporate executives lack awareness about cyber threats to their companies’ information technology systems.

Ponemon Institute polled 597 IT leaders across the U.S. private sector for Cyphort’s “State of Malware Detection & Prevention” report and found that 39 percent of respondents said their firms do not have intelligence data they can use to convince CEOs to prioritize cybersecurity, Cyphort said Wednesday.

“Companies are still struggling to have an effective strategy to prevent and detect malware and advanced threats,” said Larry Ponemon.

Twenty-one percent of IT professionals unveiled it can take one to two years for their companies to detect a sophisticated attack and 27 percent said their companies’ breach containment efforts can take up to six months to complete. For the full article click here

from cyber security caucus http://ift.tt/1Mp2DBo
via IFTTT

China, Germany Working on Cybersecurity Deal, Envoy Says

(Beijing) – China and Germany are working to reach an agreement this year to strengthen cybersecurity as both countries seek to upgrade their manufacturing industries with advanced digital technologies, says Michael Clauss, the German ambassador to China.

The countries’ separate strategies – which China calls “Made in China 2025″ Germany refers to as “Industry 4.0″ – will generate a tremendous amount of data that need to be safely stored and communicated, the ambassador said in a recent interview with Caixin.

“We will witness an exponential increase in industrial data flows,” he said. “This is why cyber and data security have become such important issues.”

Clauss said that in October Premier Li Keqiang agreed with visiting Chancellor Angel Merkel to prepare a Sino-German agreement on cyber matters that is expected to be finalized around June, when the cabinets of the two nations meet for joint governmental consultations. For the full article click here

from cyber security caucus http://ift.tt/1SVrZgU
via IFTTT

Bravatek Discussing Potential Licensing/Acquisition/Spin-Off Deals of Its Ecrypt One Cybersecurity Email Solution

AUSTIN, TX–(Marketwired – March 17, 2016) – Bravatek Solutions, Inc. (OTC PINK: BVTK) is in discussions with firms about the potential licensing of its patent-pending software, an acquisition deal, and potential spin-offs for Ecrypt One.

Ecrypt One is a game-changing cybersecurity email solution designed to replace traditional email servers which require additional security products and services to be secured.

The company is ramping up resources to meet the Telecom services demand for its current customers. In addition, management is in negotiations for work involving the massive FirstNet program, whereby Congress made history by allocating valuable spectrum and up to $7 billion in funding for the construction of the FirstNet network. This can provide Bravatek with a truly nationwide footprint. For the full article click here

from cyber security caucus http://ift.tt/1Mp2Dl4
via IFTTT

KPMG teams up with Singapore firm for cybersecurity scheme

The aim is to provide clients with a one-stop-shop to prepare them for handling data breaches, either with an effective response or by preventing them from occurring, by bringing together the technical and forensic know-how of KPMG with the firm’s legal expertise.

‘We decided to work with KPMG to address the growing concern among corporate clients around the profound consequences for their businesses and their customers from data breaches,’ said technology, media & telecommunications partner Steve Tan. For the full article click here

from cyber security caucus http://ift.tt/1SVrZ0A
via IFTTT

Wednesday 16 March 2016

IOActive to Present Exclusive Research Findings at TU-Automotive Cybersecurity USA

Corey Thuen, Senior Research Consultant at IOActive, will be presenting for the first time analysis of all IOActive’s research to-date, combining publicly available findings, such as the 2015 Jeep Cherokee zero day hack, with anonymized private assessments. The analysis will give the big picture of the kind of vulnerabilities that have been found, which systems and attack vectors seem to be the most affected, and how significant the vulnerabilities really are.

The session, entitled “Back to the Future of Vehicle Cybersecurity”, will be on the first day of the conference, March 29. Mr Thuen will also be taking part in a round-table focusing on real-life telematics attacks and vulnerabilities found by security researchers alongside the DOT, CERT and Argus Cyber Security on March 30.

Annie Reddaway, head of cybersecurity research at TU-Automotive, commented “IOActive have been responsible for producing high-class research that has highlighted the importance of vehicle cybersecurity. We are excited to see the collated results, which will be of huge benefit for the audience.” For the full article click here

from cyber security caucus http://ift.tt/1Vcbj5u
via IFTTT

Carleton professor fights cyberattacks from Orléans

Behind locked doors at a municipal building in the Ottawa suburb of Orléans, Tony Bailetti is quietly working on a plan to turn Canada into a global powerhouse for fighting cyberattacks.

The professor is known for nurturing more than 200 companies in his job straddling Carleton University’s business and engineering departments.

These days, he jokes that he practically sleeps at VENUS Cybersecurity, a non-profit hub he created in a former town council office.

Bailetti is preoccupied by much more than malicious software nabbing credit card data from retailers like Target.

His eye is on big intrusions — the idea that cyberattackers could take down power grids and water systems, or remotely take over control of cars from their drivers. For the full article click here

from cyber security caucus http://ift.tt/1VcbjSO
via IFTTT

Secure Trading Appoints Cybersecurity Expert To Consult On Blockchain Project ‘Trustery

Secure Trading, the payments and cyber security group, has announced that it has hired reformed hacktivist and renowned cyber security expert, Mustafa Al Bassam, as a security advisor on the company’s technology and services, including its new blockchain research project.

The blockchain research project ‘Trustery’ aims to commercialise blockchain technologies to improve the visibility and security of online payments.

“There are very few experts in blockchain technology, and we’re very lucky to have Mustafa on board. By developing this project we hope to use his skills and create technology to help make the world of ecommerce safer for thousands of customers”, said Kobus Paulsen, Chairman Secure Trading.

The press release said that Paulsen approached Mustafa to help the company develop and commercialise next generation payment innovations such as Bitcoin and blockchain. Mustafa will be working alongside Secure Trading’s senior management team including Paulsen, CTO Ian Hughes, and COO Gerald Kitchen. For the full article click here

from cyber security caucus http://ift.tt/1RNWgcC
via IFTTT

UK universities ‘losing cyber security battle’

More than a third of UK universities are hit by a successful cyber attack every hour, according to a study that raises questions about institutions’ ability to cope with the rising tide of hacking.

A survey of IT leaders at 50 UK universities found that almost all – 87 per cent – had experienced at least one successful cyber attack, such as the distributed denial of service attack that brought down the nationwide JANET network four months ago.

But what was striking was the reported frequency of the violations, with 36 per cent of respondents saying that they had to contend with a successful cyber attack every hour.

Such attacks can leave staff, students and institutions’ economic interests highly vulnerable. Forty-three per cent of respondents said that hackers had targeted student data, including dissertation material and exam results, while a quarter had experienced intellectual property theft and had had research data infiltrated. For the full article click here

from cyber security caucus http://ift.tt/1VcbgXf
via IFTTT

WISeKey Presents at the FT Cyber Security Summit USA the Latest Developments in Cybercrime and Ways to Assess Cyber Risk

GENEVA & WASHINGTON–(BUSINESS WIRE)–WISeKey, a leading Cybersecurity company announced today its participation at the FT Cyber Security Summit USA which brings together information security experts from the private and public sectors to discuss cybercrime and share ideas on ways to better cooperate in face of this common threat. Following the inaugural Summit in March 2015, the 2016 FT Cyber Security Summit will cover the latest developments in cybercrime and the risks to businesses.

CEOs and the rest of the senior management teams in most corporations now realize that cyber security is not just an IT issue; it is a critical business risk that requires their full attention to develop and implement the appropriate strategy to manage that risk. Yet, a very large numbers of CEOs admit they are not fully aware of vulnerabilities within their organization which can be exploit by hackers, do not have a strong plan for defending their organization from cyber attacks and do not have an action plan to deal with the potential aftermath of such attack.

Cyber attacks are happening more frequently, and despite the obvious benefits that technological advances bring to companies, business leaders are facing fresh challenges as cyber criminals find even more sophisticated ways to launch attacks against these organizations. For the full article click here

from cyber security caucus http://ift.tt/1RNWhNR
via IFTTT

Tuesday 15 March 2016

Malicious Insiders are high on the list of 2016 cloud cyber security “Treacherous 12”!

The Cloud Security Alliance (CSA) identified its dirty dozen cloud security threats “to provide organizations with an up-to-date, expert-informed understanding of cloud security concerns in order to make educated risk management decisions regarding cloud adoption strategies. The February 2016 CSA report entitled “T he Treacherous 12 Cloud Computing Top Threats in 2016” was released at the RSA Conference and observed that a “…malicious insider, such as a system administrator, can access potentially sensitive information” and used this definition of “insider threat” from CERN as follows:

A malicious insider threat to an organization is a current or former employee, contractor, or other business partner who has or had authorized access to an organization’s network, system, or data and intentionally exceeded or misused that access in a manner that negatively affected the confidentiality, integrity, or availability of the organization’s information or information systems. For the full article click here

from cyber security caucus http://ift.tt/1UdzbGb
via IFTTT

China seeking cybersecurity cooperation with FBI

China is calling for increased cooperation with the FBI on matters related to online security and counterterrorism.

According to reports the Chinese minister of public safety Guo Shengkun told FBI Director James Comey in a recent meeting in Beijing, that China was looking to boost its trust and partnerships with the U.S., regarding cybersecurity issues. Shengkun particularlysuggested the need to ‘deepen law enforcement and security cooperation in the fields of internet security and counterterrorism.’

Seeking this trust, China would need to prove itself to be a respected leader in the field – already sitting on a dubious track record for internet security. Questionable practices included a suspected state-sponsored attack on American firms, despite Chinese President Xi Jinping having agreed with Barack Obama not to conduct or back campaigns hunting out and stealing intellectual property online. For the full article click here

from cyber security caucus http://ift.tt/1R0jDQr
via IFTTT

Deep Run Security Services, LLC releases SPECTRUM 2.0….. the leading tool to manage cyber operational risk

BALTIMORE–(BUSINESS WIRE)–After years of investing in technology, the direction is clear, businesses must now invest in the operational and human elements of cyber security.

How SPECTRUM completes the cyber journey:

According to The Verizon Data Breach Investigations Report, over 90% of all breaches occur because of a “Human or Business Process Errors”.

Deep Run Security has years of experience as the thought leaders in identifying and overcoming this 90% problem. Our experience in making our customers secure has culminated in the development of an unparalleled analytics portal, SPECTRUM, that empowers the executive team to lead their company on the course to becoming secure. SPECTRUM is designed to focus all elements of cyber security into a single portal that can be understood and utilized by the Board of Directors, Executive teams and the most detailed security work groups.

“With SPECTRUM, a lack of communication and understanding becomes a thing of the past. Our customers can quickly understand their strengths and weaknesses and move their organizations forward within their corporate priorities and long term planning.” says Gary Merry, CEO of Deep Run. For the full article click here

from cyber security caucus http://ift.tt/1nLohcE
via IFTTT

Amazon files patent for payment-by-selfie tech

Dive Brief:

Amazon has filed for a patent for pay-by-selfie technology similar to that demonstrated last year by Alibaba/Alipay founder Jack Ma and by MasterCard, Re/Code reports.
The development of fingerprint and facial recognition is an attempt to get past the clunkiness and other inadequacies of using Personal Identification Numbers or passwords to pay, which are easily forgotten, or, if stored, somewhat easily accessible.
Apparently, Amazon’s technology would require the user to make a motion, like a head-tilt, that would identify the user and prevent thieves from just holding up a picture of the user to access payment.

Dive Insight:

Getting away from PINs or passwords may seem like an obvious development in cyber-security, but privacy advocates don’t like the idea of companies using faces to pay. They warn that, without proper privacy protections in place, the Internet of Things could become the “Loophole of Things” that eventually might allow companies or government to run amok with access to our data, as advocate Alvaro M. Bedoya put it last year. For the full article click here

from cyber security caucus http://ift.tt/2522csp
via IFTTT