Saturday, 30 July 2016

Cybersecurity firms are booming thanks to Russian hackers

When the Democratic National Committee discovered in April that its computer networks had been hacked, leaders there did not just alert government intelligence. They called CrowdStrike, a five-year-old cybersecurity firm that makes millions from mercenary work sold with a promise: “We Stop Breaches.”

The contractor last month revealed what it had found: Two Russian intelligence groups, code-named Cozy Bear and Fancy Bear, had spearheaded competing hacks over the last year using a barrage of malicious “implants” and “backdoors.” CrowdStrike’s experts knew the hackers well: They’d also recently infiltrated the White House, State Department and Joint Chiefs of Staff.

Their weapon of choice: The cybersecurity equivalent of “a neighborhood watch program on steroids,” said CrowdStrike co-founder George Kurtz. That same offering has helped them turn their young business into a juggernaut, with sales of $100 million this year.

“Our clients now include the crème de la crème of companies,” said Kurtz, a former chief technology officer of anti-virus giant McAfee. “From a growth perspective, it’s just been explosive.” For the full article click here 



from cyber security caucus http://ift.tt/2aEe8OE
via IFTTT

Friday, 29 July 2016

Infographic: The 5 phases of a ransomware attack

Ransomware is the most profitable type of malware attack in history—and attacks will only get worse in the future, according to Cisco Systems’ midyear report on the state of cyber security, released Tuesday. It’s now important for employees to understand the different phases of an attack and best practices to prevent them.

Ransomware is “weaponized encryption,” said James Scott, senior fellow and co-founder of the Institute for Critical Infrastructure Technology, and co-author of the 2016 Institute for Critical Infrastructure Technology Ransomware Report. Attacks involve malware delivered through spear phishing emails that lock up valuable data assets and demand a ransom to release them.

Hackers who previously used ransomware only to secure money from individual users are now looking to steal data from larger hospitals and corporations and sell it on the Dark Web, Scott said. For the full article click here 



from cyber security caucus http://ift.tt/2ahGaPT
via IFTTT

Should You Stop Sending Private Messages Over Email?

With another high profile hack in the news, it’s worth asking: Can anyone trust email anymore?

The breach of the Democratic National Committee’s email by the website Wikileakspublished a trove of over 20,000 emails. It reminds us of the urgency of concerns surrounding cyber security.

No email that you’ve ever written is ever deleted. There’s always a copy out there,” says Stephen Ward, a vice president with Pinkerton, an expert in risk management and security who specializes (among other things) in electronic security. “So you should always use that common sense approach: If this is something that’s groundbreaking for my company or it could change the world, should I send that in an email? Probably not.

One of the biggest problems with cyber theft, he explained, is the online data can’t be destroyed. Once a user’s secrets are released, they’re gone.  For the full article click here 



from cyber security caucus http://ift.tt/2awhxvL
via IFTTT

How to avoid ransomware attacks: 10 tips

Nigerian princes are no longer the only menaces lurking in an employee’s inbox. For healthcare organizations, schools, government agencies and many businesses, ransomware attacks—an especially sinister type of malware delivered through spear phishing emails that locks up valuable data assets and demands a ransom to release them—are a rapidly-growing security threat.

“We’re currently seeing a massive explosion in innovation in the types of ransomware and the ways it’s getting into organizations,” says Rick McElroy, security strategist for cyber security company Carbon Black Enterprise Response. “It’s a big business, and the return on investment to attackers is there—it’s going to get worse.” While ransomware has existed for years, 2015 saw a spike in activity. The FBI received 2,453 complaints, with losses of over $1.6 million, up from 1,402 complaints the year before, according to annual reports from the bureau’s Internet Crime Complaint Center. And the numbers are only growing in 2016, the FBIreports.

“The Dark Web and Bitcoin allow almost anyone to sell stolen data without identification—cyber criminals understand they can make easy cash without the risk of being jailed,” says Ilia Kolochenko, CEO of web security company High-Tech Bridge. And hackers—most of which are located in developing countries—are growing more sophisticated, even developing downloadable ransomware toolkits for less-experienced hackers to deploy, according to the 2016 Institute for Critical Infrastructure Technology Ransomware Report.

For the full article click here 



from cyber security caucus http://ift.tt/2aiHzQ7
via IFTTT

Overcoming Security Overload

There are too many security tools not providing comprehensive solutions.

You have to be reactive and proactive when it comes to IT security. There is always some vendor or service that states that they have a different, better, more inclusive security solution. You buy these solutions to protect your organization against security breaches. You install firewalls, SBCs, and other perimeter solutions, but a new threat seems to emerge every day. You invest in training your users, but they still cause the majority of security headaches. The CISO and staff are on overload.

Too Few – Too Many Tools

You install the proper security tools, but is this enough? Should you work with a cloud service that has more resources and staff than you, or implement DIY solutions? There appears to be no absolute answer to these security questions. If you have the budget, you could duplicate what the cloud service offers, but that is assuming the cloud security service is invulnerable — not likely.

Cloud Security Alliance surveyed more than 200 IT/IT security professionals, and the resulting report, “IT Security in the Age of Cloud,” explores how recent trends in IT management and security are shaping IT security budgets and talent acquisition. The charts in this article are taken from the report. For the full article click here 



from cyber security caucus http://ift.tt/2aiIX5e
via IFTTT

£3 million funding approved for Berkeley cyber security centre

MILLIONS of pounds of funding has been approved for a new cyber security training and conference centre in Berkeley.

The board of GFirst LEP, Gloucestershire’s local enterprise partnership, approved £3million of funding from the Gloucestershire Growth Deal to be spent on the new centre.

The Cyber Security Training and Conference Centre is a joint initiative between the University of Gloucestershire (UoG) and South Gloucestershire and Stroud College (SGSC) and will create new cyber security facilities in Cheltenham and at Berkeley Green.

Facilities at Gloucestershire Science and Technology Park, Berkeley will be used to deliver science, technology, engineering and maths (STEM) skills development, and will support business development and training in Gloucestershire.

It will be connected into existing activity in the region with the aim of making Gloucestershire a regional force in cyber security training, employment and expertise.

The Cheltenham site will become the main regional hub for higher education courses and research in computing and cyber security at undergraduate, postgraduate and doctoral level. For the full article click here 



from cyber security caucus http://ift.tt/2aPjkv3
via IFTTT

Week-in-Review: IT talent crisis creates cybersecurity risks

Gaps in security talent pose significant risk to businesses

The IT talent crisis creates many challenges for CIOs and business leaders – making it harder to keep up with emerging technology trends and even putting their own careers on the line. According to a new report from Intel Security, the IT skills shortage is also putting organizations directly at risk for an attack. The research found, “82 percent of respondents admitting a skills shortage, with 71 percent claiming that this lack of trained information security professionals has directly led to damage to the organization as it’s become a bigger target for hackers.” The outlook of the survey appeared grim, with respondents “predicting an average of 15 percent of cybersecurity positions in their company will go unfilled by 2020.”

The research highlighted four ways for organizations to address the gap in security talent: increase cybersecurity budgets, impose stricter policies, boost cybersecurity training, and find new and creative ways to recruit and retain security experts.

In addition to these tips, business leaders facing their own talent issues might learn from the criticism of Yahoo’s talent acquisition strategy in Fast Company this week. The article, by Cale Guthrie Weissman, argues that the company, “simply did not have the system in place to cultivate the new talent and make them feel part of the new company.” A key takeaway for enabling new talent to thrive and making them feel wanted: they “must feel free to innovate.” For the full article click here 



from cyber security caucus http://ift.tt/2aPiI8t
via IFTTT

Cybersecurity at the election has been less than spectacular

At a time when computer security has been front and center in the Election news, given the Clinton private server scandal and the DNC hack, not to mention one candidate calling on a foreign nation to hack our systems — something he later walked back on, saying it was sarcasm — this is a bad time to put additional questionable practices on display.

Now that thing are wrapped up and we have two official nominees, we also have a report of the major failures that were on display (not just politically).

2016 has been a banner year for those who show innate ineptitude for protecting information, and that isn’t just in politics.

Here’s the top five from a recent report from identity theft and data privacy firm IDT911:

5. Hotel Hell. In April, Donald Trump’s luxury property brand, the Trump Hotel Collection, acknowledged that its credit-card system had been hacked, exposing customers’ card numbers — for the second time in less than a year. A similar breach occurred in July 2015. For the full article click here 



from cyber security caucus http://ift.tt/2a4HXGS
via IFTTT

Cyber security market rising at 10.6% CAGR to hit USD 202.36 billion by 2021 scrutinized in new research

The global cyber security market to grow from USD 122.45 billion in 2016 to USD 202.36 billion by 2021, at a Compound Annual Growth Rate (CAGR) of 10.6%. The cyber security market is growing rapidly because of the increase in adoption of cyber security solutions, due to the increase in security breaches targeting enterprises.

“Rise in security breaches targeting enterprises driving the growth of the cyber security market”

Complete report on “Global Cyber Security Market” spread across 259 pages, profiling 10 companies and supported with 98 tables and 55 figures is now available athttp://www.rnrmarketresearch.com/cyber-security-market-iam-encryption-dlp-risk-and-compliance-management-idsips-utm-firewall-antivirusantimalware-svmsiem-disaster-recovery-ddos-mitigation-web-filtering-security-servic-market-report.html .

The report includes the study of key players offering “Cyber Security Solutions & Services”:

  1. Intel Security (U.S.)
  2. Symantec Corporation (U.S.)
  3. Hewlett Packard Enterprise (U.S.)
  4. IBM Corporation (U.S.)
  5. Cisco Systems, Inc. (U.S.)
  6. Rapid7, Inc. (U.S.)
  7. EMC RSA (U.S.)
  8. Fire Eye, Inc. (U.S.)
  9. Trend Micro, Inc. (Japan)
  10. Sophos Ltd. (U.K.)

Make an Inquiry on “Cyber Security Market by Solutions (IAM, Encryption, DLP, UTM, Antivirus/Antimalware, Firewall, IDS/IPS, Disaster Recovery), Services, Security Type, Deployment Mode, Organization Size, Vertical & Region – Global Forecast to 2021” research report can be requested For the full article click here 



from cyber security caucus http://ift.tt/2aPiMFg
via IFTTT

Thursday, 28 July 2016

Fighting the ‘cyber caliphate’s’ social media addiction

Shattuck: All of a sudden DNC cares about cybersecurity

PHILADELPHIA — You would have thought it was a global cybersecurity convention this week instead of the Democratic National Convention here at the Wells Fargo Arena.

It is certainly heartening that the multitudes of Democrats walking around have such deep knowledge of computer forensics and counterintelligence. What’s even more remarkable and fortunate is that their principled and learned grasp of the issues developed just in time for the WikiLeaks hack of the DNC.

They’ve dropped in on Herald Radio at Radio Row and one after another shared their concerns, but only when asked about Democratic Party officials actively working to steal the election from Bernie Sanders. For the full article click here 



from cyber security caucus http://ift.tt/2abZZUI
via IFTTT

BAE First-Half Earnings Rise 6.1% on Jets, Cyber-Security

BAE Systems Plc’s first-half earnings rose 6.1 percent as its main customers expanded military budgets and the manufacturer delivered more training combat jets and cyber security systems.

Underlying earnings before interest, taxes and amortization increased to 849 million pounds ($1.12 billion), or 17.4 pence a share, from 800 million pounds, or 17.1 pence, a year earlier, London-based BAE said Thursday in a statement. That compares with the 851.5 million-pound average of four analyst estimates compiled by Bloomberg. The company reiterated a forecast that full-year underlying earnings per share, which exclude some one-time items and financial costs, will rise 5 percent to 10 percent.

The maker of Astute submarines and Eurofighter warplanes is gaining new orders as mounting tensions between its main government clients in NATO and China and Russia prompt a reversal of military-budget cuts that followed the 2008 global recession. BAE is also boosting existing export programs, including to India, Turkey and Persian Gulf states, and building up revenue from outside the defense area through acquisitions in recent years to bolster its cyber-security business. For the full article click here 



from cyber security caucus http://ift.tt/2azg0rb
via IFTTT

Guest column: Cybersecurity, the election and you

With the election just around the corner, it seems the scandals will never cease. The latest cloud to darken the campaign trail involves thousands of leaked Democratic National Committee (DNC) emails. Hillary Clinton’s campaign manager Robby Mook suggested on Monday that Russians are responsible for the hack and subsequent email dump.

This latest scandal deals a blow to Hillary Clinton’s campaign, after she herself came under fire last year for handling classified documents on her own private email server. But news of a DNC breach isn’t actually new. In fact, threat intelligence agency CrowdStrike has been investigating the breach on behalf of the DNC since April. The latest email dump occurred, however, occurred conveniently only days before the commencement of the Democratic National Convention. But back in June, a hacker named Guccifer 2.0 claimed responsibility for the breach and denied any involvement with Russia, shedding some doubt on the Clinton campaign’s claim that Russian hackers are behind it.

Critics of Clinton and the Democratic Party will certainly enjoy the small fervor surrounding the DNC data breach this week; others will question the likely motives of Russian or any other hackers in leaking these specific emails at this specific time. Democrats are surely hurting right now, but it is worth noting that the Republicans may not be doing much better when it comes to security: journalist Brian Krebs recently pointed out on his blog, Krebs on Security, that the DNC, RNC, and Donald Trump’s campaign website all fail disastrously at implementing measures to prevent email spoofing. For the full article click here 



from cyber security caucus http://ift.tt/2azgyxc
via IFTTT

Intel report finds global cybersecurity talent shortage

A new survey from Intel Security and the Center for Strategic and International Studies (CSIS) has found that there is a global cybersecurity talent crisis with governments being blamed by a number of respondents.

The Intel and CSIS report entitled Hacking the Skills Shortage consulted with nearly 1,000 global respondents working for large organisations who are deeply involved within the cybersecurity sector.

What immediately stands out is that 82pc of respondents admitted that there is a shortage of cybersecurity skills, with 71pc of respondents saying this lack of talent makes particular organisations more vulnerable to direct attacks. For the full article click here 



from cyber security caucus http://ift.tt/2azfYj3
via IFTTT

Cybersecurity, Technology is Top of Mind for the Global C-Suite

While so many of today’s headlines center around geopolitical tensions and the lackluster global economy, it may come as a surprise that the future of technology is the issue that actually weighs most heavily on the minds of executives across industries globally.

Each year, A.T. Kearney’s Global Business Policy Council, of which I am chairman, conducts our Views from the C-Suite survey, which reflects the collective judgment of executives on both the opportunities and the challenges in the global business operating environment. This year, technology issues are among the top of both opportunities and challenges for global C-suite executives.

In particular, cybersecurity and the adoption of new technologies are top of mind for CXOs as the role of technology in business becomes increasingly complex.

Rising cybersecurity risks top the list of operational challenges. Given the high-profile cyberattacks that companies in a variety of sectors and markets have suffered in recent years, it is unsurprising that 40 percent of business executives cite cybersecurity as one of their top three challenges. For the full article click here 



from cyber security caucus http://ift.tt/2azfKJ0
via IFTTT

Wednesday, 27 July 2016

10 tips to avoid ransomware attacks

As ransomware increasingly targets healthcare organizations, schools and government agencies, security experts offer advice to help IT leaders prepare and protect.

Nigerian princes are no longer the only menaces lurking in an employee’s inbox. For healthcare organizations, schools, government agencies and many businesses, ransomware attacks—an especially sinister type of malware delivered through spear phishing emails that locks up valuable data assets and demands a ransom to release them—are a rapidly-growing security threat.”We’re currently seeing a massive explosion in innovation in the types of ransomware and the ways it’s getting into organizations,” says Rick McElroy, security strategist for cyber security company Carbon Black Enterprise Response.

“It’s a big business, and the return on investment to attackers is there—it’s going to get worse.” While ransomware has existed for years, 2015 saw a spike in activity. The FBI received 2,453 complaints, with losses of over $1.6 million, up from 1,402 complaints the year before, according to annual reports from the bureau’s Internet Crime Complaint Center. And the numbers are only growing in 2016, the FBI reports.

“The Dark Web and Bitcoin allow almost anyone to sell stolen data without identification—cyber criminals understand they can make easy cash without the risk of being jailed,” says Ilia Kolochenko, CEO of web security company High-Tech Bridge. And hackers—most of which are located in developing countries—are growing more sophisticated, even developing downloadable ransomware toolkits for less-experienced hackers to deploy, according to the 2016 Institute for Critical Infrastructure Technology Ransomware Report.

“The days of grammatically incorrect, mass spam phishing attacks are pretty much over,” says James Scott, senior fellow and co-founder of the Institute for Critical Infrastructure Technology, and co-author of the report. Hackers can now check a victim’s social media accounts, and create a fake email address pretending to be a friend or contact in order to get them to click on an infected link or attachment.

For the full article click here 



from cyber security caucus http://ift.tt/2agSXzD
via IFTTT

Responding to cybersecurity threats: tips from Theresa Payton

The 2016 Bangladesh bank hack raised new concerns related to cyber threats among financial providers, including credit unions. A former White House chief information officer, Theresa Payton, was a keynote speaker at the World Credit Union Conference in Belfast.

She told credit union representatives that cyber security should be one of the main topics on their agenda. “Members deserve the latest and greatest technology. But a breach is inevitable. All technology can be upgraded by design today, which means it can be open, which means it can be hacked,” she said.

Ms Payton is herself a member of two credit unions, through her father, a former US Marine and her husband, who serves in the US Navy. Credit unions provide financial services for USA military personnel and their families across various states.

Between 2006 and 2008 Ms Payton was White House chief information officer where she oversaw IT operations for president Bush and his 3,000 staff. Her prior positions include roles in banking technology at Bank of America and Wells Fargo. In 2008 she founded Fortalice Solutions, a security, risk and fraud consultancy company that works to help organisations understand and improve their IT systems. For the full article click here 



from cyber security caucus http://ift.tt/2ax3zt7
via IFTTT

Cybersecurity in Saudi Arabia calls for clear strategies

When it comes to cyberattacks, Saudi Arabia is the most targeted country in the Middle East. While the Kingdom’s cybersecurity is improving, clear national strategies, policies, and legal frameworks are absent.

As part of its recent National Transformation Program and Saudi Vision 2030, Saudi Arabia aspires to rapidly develop its non-oil economic sectors and privatise state-owned enterprises. Central to these goals is a nationwide digital transformation initiative to improve the Kingdom’s technology infrastructure, drive innovation, and grow its high-skilled workforce.

Digitalisation in Saudi Arabia is already well under way…

Evidence of Saudi Arabia’s digital transformation already exists. The Kingdom holds the highest number of fixed broadband Internet subscribers in the Arab world and internet access has increased nearly 30 percent since 2010. The government provides over 500 services through mobile and online platforms, and Saudi Arabia is home to over 40 percent and 10 percent of all Twitter and Facebook users in the Arab world respectively. Saudi energy, power, and water services are deploying smart grids and advanced digital meters, and e-commerce is projected to double by 2020. For the full article click here 



from cyber security caucus http://ift.tt/2avblY1
via IFTTT

Global Study Reveals Businesses and Countries Vulnerable Due to Shortage of Cybersecurity Talent

Intel Security, in partnership with the Center for Strategic and International Studies (CSIS), has just released Hacking the Skills Shortage, a global report outlining the talent shortage crisis impacting the cybersecurity industry across both companies and nations. A majority of respondents (82 percent) admit to a shortage of cybersecurity skills, with 71 percent of respondents citing this shortage as responsible for direct and measureable damage to organizations whose lack of talent makes them more desirable hacking targets.

“A shortage of people with cybersecurity skills results in direct damage to companies, including the loss of proprietary data and IP,” said James A. Lewis, senior vice president and director of the Strategic Technologies Program at CSIS. “This is a global problem; a majority of respondents in all countries surveyed could link their workforce shortage to damage to their organization.”

In 2015, 209,000 cybersecurity jobs went unfilled1 in the United States alone. Despite 1 in 4 respondents confirming their organizations have lost proprietary data as a result of their cybersecurity skills gap, there are no signs of this workforce shortage abating in the near-term. Respondents surveyed estimate an average of 15 percent of cybersecurity positions in their company will go unfilled by 2020. With the increase in cloud, mobile computing and the Internet of Things, as well as advanced targeted cyberattacks and cyberterrorism across the globe, the need for a stronger cybersecurity workforce is critical. For the full article click here 



from cyber security caucus http://ift.tt/2avb1sd
via IFTTT

Cybersecurity Posture Grows In Importance In Mergers and Acquisitions

In mergers and acquisitions (M&A), corporate acquirers are increasingly aware of the need for vigorous cybersecurity due diligence, yet often lack the proper personnel to conduct thorough analyses, according to a new study by technology consulting firm West Monroe Partners and research firm Mergermarket.

As the importance of big data and IT rises across industries, cybersecurity has become a vital area to assess at deal targets, according to the study, which included interviews with 30 North America-based senior M&A practitioners.

About three quarters (77%) of the participants said the importance of cybersecurity issues at M&A targets had increased significantly over the last two years, due to the increase in corporate data breaches and the liabilities that can be incurred as a result.

Vulnerable security systems can also indicate poor risk management at a company. For the full article click here 



from cyber security caucus http://ift.tt/2avbeeS
via IFTTT

Tuesday, 26 July 2016

Albany Law launches online cybersecurity master’s program

Albany Law School is launching the nation’s first online master’s program aimed at the legal studies of cybersecurity and data privacy.

Building off a new alliance with the University at Albany, the program will allow students to cross-register with UAlbany’s new College of Emergency Preparedness, Homeland Security and Cybersecurity, the nation’s first security college.

The 30-credit master of science in legal studies in cybersecurity and data privacy will launch in January. The program is designed to appeal to both traditional students and working professionals looking to advance their careers. Students can earn the degree in one year of full-time study or opt to complete coursework over a longer period with a customized part-time schedule.

The law school developed the program in response to “extensive research” that shows growing demand in these areas of study, both regionally and nationally. For the full article click here 



from cyber security caucus http://ift.tt/2atL6xw
via IFTTT

Cyber Security Concerns Growing for Political Leaders

DAVENPORT, Iowa (KWQC) – Cyber security is an important issue for both private individuals and political leaders.

Yesterday, Debbie Wasserman Schultz resigned as the Democratic National Party Chair after an email leak showing support for Hillary Clinton over Bernie Sanders.

In addition, Illinois Republican lawmaker Ron Sandack resigned yesterday for reasons of “cyber security concerns.”

Political leaders on both sides must be aware of what private information they put into the public sphere.

Regulation of cyber security is difficult to pin down because of the vast size of the Internet. For the full article click here 



from cyber security caucus http://ift.tt/2as0DkU
via IFTTT

Five simple steps to reduce the impact of cyber security breaches

It feels like almost every day we’re confronted by news of yet another high-profile breach, resulting in millions in damage and bruised reputations and there are many small breaches that we even don’t hear about.

These aren’t your run-of-the-mill organisations, either. They are large, well-established multinational corporations with sophisticated and very expensive security detection and prevention systems. And yet, they all have a similar story; breaches that may have claimed user passwords or identities, emails, customer credit card or healthcare information, proprietary business plans and even valuable product roadmaps. All gone, and probably for sale to the highest bidder somewhere on the dark web. It’s such a daily occurrence that it’s easy to become numb to the scale of the damage.

Many companies with operations in the U.S., such as Sony Pictures, Target and LinkedIn, quickly come to mind, not because their security systems are any worse than others, but simply because U.S. law demands that these organisations publicise information about data breaches involving customer information. That’s not always the case in other countries, although in the UK there is always the prospect of the information commissioner issuing hefty fines under the Data Protection Act. And, that raises an important point For the full article click here 



from cyber security caucus http://ift.tt/2as0NJ4
via IFTTT

Cybersecurity firm offers users reimbursement for ransomware infections

Security firm SentinelOne is confident it can beat any of today’s ransomware — and is willing to put money behind that claim.

The company is offering a new service that will cover up to US$1 million in damages for any customers infected by ransomware.

SentinelOne is calling it the “Cyber Threat Guarantee” and treating it like an extended warranty that customers can buy starting Tuesday.

However, the company is convinced it won’t have to make any pay outs, said Jeremiah Grossman, its chief of security strategy. SentinelOne’s failure rate in stopping ransomware attacks is “way less than 1 percent,” he said in an interview. For the full article click here 



from cyber security caucus http://ift.tt/2atKxUN
via IFTTT

Why CyberSecurity Spending Is Much Higher Than Reported

Earlier this year there were various predictions – including from the CEO of information-security technology vendor FireEye – that spending on cybersecurity would slow down in 2016. I was unconvinced when I initially heard the negative predictions, and, to this day, I remain skeptical; my feelings were recently reinforced by a conversation with Steve Morgan, the CEO and Founder of research firmCybersecurity Ventures. Morgan authored a report last month that noted that, in fact, cybersecurity spending appears to be growing, rather than shrinking.  He even predicts that spending will increase to a total of over $1-Trillion over the next five years, up from $77-Billion annually in 2015.

How could CEOs in the industry be so far off? Why is information security spending so hard to track and predict? Morgan and I discussed several reasons:

1. A large portion of information security related spending it not accounted for as being information-security related. Consider, for example, that an organization developing a software package for internal use might spend money from its development budget on technology to scan code for vulnerabilities – the expenditure, however, may never be tracked back to an information-security budget.

2. Similarly, Value Added Resellers (VARs) and consultants doing security work don’t always define products and services as “security.” For example, a networking project may include the purchase of security components that are simply categorized as part of the overall project. Sometimes, even when the products are attributed to a security need and budget, the associated services are not. For example, if networking consultants install and configure firewall (not that doing so is recommended), their work may never be categorized as a security spend. For the full article click here 



from cyber security caucus http://ift.tt/2as0r4Z
via IFTTT

Monday, 25 July 2016

Swiss cyber security firms Wisekey, OpenLimit to merge

Swiss cyber security companies Wisekey and OpenLimit have signed an MoU to merge their operations. Under the terms of the deal, OpenLimit would be merged with and into Wisekey, with Wisekey being the surviving entity. The signing of definitive agreements is subject to satisfactory reciprocal confirmatory due diligence, to be conducted over the next month, and other conditions as are customary.

Wisekey has also agreed to provide interim financing to OpenLimit of up to EUR 4.99 million through subscription to an equity-linked instruments issued by OpenLimit. The deal will allow Wisekey to further expand its cybersecurity and IoT platform and gain access to the German and EU IoT market. It will gain access to OpenLimit customers, in particular in Germany and other large and more mature markets in Europe. OpenLimit is based in Baar, Switzerland, and has a subsidiary in Berlin with 65 staff. For the full article click here 



from cyber security caucus http://ift.tt/2aq1wqR
via IFTTT

New report examines the global cyber security market business growth – forecast to 2027

Global Cyber Security Market Information, by Solutions (Network, Endpoint, Content, Application), by Service (Design, Consulting, Training), Application Verticals (Telecommunication, BFSI, Manufacturing), by region (Europe, Americas, APAC & MEA) – Forecast to 2027

Study Objective of Cyber Security market

  • To provide detailed analysis of the market structure along with forecast of the various segments and sub-segments of theglobal cyber security market
  • To provide insights about factors affecting the market growth
  • To analyze the hydroponics market based on various factors- price analysis, supply chain analysis, porter’s five force analysis.
  • To provide historical and forecast revenue of the market segments and sub-segments with respect to four main geographies and their countries- North America, Europe, Asia, and Rest of the World (ROW)
  • To provide country level analysis of the market with respect to the current market size and future prospective
  • To provide country level analysis of the market for segment by solution, by service, by application and sub-segments.
  • To provide strategic profiling of key players in the market, comprehensively analyzing their core competencies, and drawing a competitive landscape for the market
  • To track and analyze competitive developments such as joint ventures, strategic alliances, mergers and acquisitions, new product developments, and research and developments in theglobal cyber security solutions market For the full article click here 


from cyber security caucus http://ift.tt/2aq1eA8
via IFTTT

Cybersecurity Experts Say Russia Hacked the Democrats

Is the Kremlin trying to throw the U.S. presidential election to Donald Trump? It sounds like something out of a spy novel. But many cybersecurity experts, as well as the Hillary Clinton campaign, are now saying the Russians are responsible for last month’s hack of the Democratic National Committee.

That hack has dominated the news cycle on the eve of the Democratic convention, and for good reason. The emails disclosed Friday by WikiLeaks are embarrassing. They show DNC chairwoman, Debbie Wasserman Schultz, plotting to undermine the campaign of Senator Bernie Sanders, confirming the worst suspicions of the left flank of the party. She resigned her post on Sunday.

But the bigger issue is who was responsible for the hack in the first place. Bob Gourley, a former chief technology officer for the Defense Intelligence Agency and now the co-founder and partner Cognitio, a cybersecurity consultancy, told me Sunday that he thinks the Russians did it. For the full article click here 



from cyber security caucus http://ift.tt/2aq0Ul9
via IFTTT

U.S. cyber security startup StackPath raises $150 million, says CEO

Texas-based StackPath has raised $150 million in fresh funding from private equity firm ABRY Partners, the CEO of the cyber security startup said on Monday, in what is among the largest single financing rounds for a private cyber security firm.

Chief Executive Officer Lance Crosby told Reuters StackPath is a security platform that houses a suite of services to tackle a spectrum of cyber threats. The company has spent “tens of millions of dollars” to acquire several companies that provide different types of cloud security services for businesses, Crosby said.

The company’s $150 million ‘Series A’ financing is substantially larger than traditional early-stage rounds, with average Series A tech deals at about $7.8 million, according to venture capital database CB Insights.

The largest cyber deal tracked by CB Insights is mobile security firm AirWatch at $225 million, which was also that company’s Series A funding. For the full article click here 



from cyber security caucus http://ift.tt/2aojPjh
via IFTTT

Bengal cyber security centre to offer more than just forensics

The proposed centre of excellence on cyber security in West Bengal is likely to be an advanced one with the latest technologies, not just for post-crime forensic analysis.

“This will be not just a cyber forensic lab for any post-cyber crime but will also work for prevention and restoration of systems post-crime, which will be unique,” head of the state’s e-governance mission team Abhishek Roy said.

He said the Bengal centre would probably be the best centre offering services to other state governments also.

Asked about the estimated cost for the project, Roy said, “Currently the detailed project report (DPR) is under way and so the capital expenditure cannot be ascertained now. But government is working fast to float a tender for a system integrator for the project shortly.” For the full article click here 



from cyber security caucus http://ift.tt/2arrtcB
via IFTTT

Saturday, 23 July 2016

5 Free Cyber Security Courses That Will Keep You Safe Online

Keep yourself safe online with these 5 free cyber security courses

Does ever the thought of your personal details lying unsafe online cross your mind? Have you ever thought of how to keep your personal data secure online? At some point of time, these questions do cross everyone’s mind at one point or the other.

With hacking and data breaches on the rise, internet and information safety is hugely important. As our lives increasingly depend on digital services, the need to protect our information from being maliciously disrupted or misused is really important. For the full article click here 



from cyber security caucus http://ift.tt/2a5pB4i
via IFTTT

Are Americans getting cyber security wrong?

From the presidential debates to popular television shows, cybersecurity has been one of the most talked about topics among Americans over past few years. This isn’t surprising, considering the scary statistics that frequently make headlines.

Some sources claim that in 2014 alone, more than 317 million new computer viruses, worms, Trojans, and other malicious software were released; 47 per cent of American adults had their information exposed by hackers; and nearly 1.5 million cyberattacks occurred in the U.S.

Rational Concerns, Irrational Reactions

People are losing faith in the Internet. In fact, one survey found that 19 per cent of Internet-using households have been affected by an online security breach, identity theft, or similar malicious activity, and that the most common security concern was about identity theft. The same survey found that concerns surrounding security stopped an overwhelming 45 per cent of online households from making online financial transactions, buying goods or services online, and posting on social networks. For the full article click here 



from cyber security caucus http://ift.tt/2ahZnza
via IFTTT

Don’t search for a magic bullet for cyber security

Governmental agencies shouldn’t just rely on installing the latest software and hardware – they should take clear steps in training, process and practice to ensure they’re protected from cyber attacks. Although there is no such thing as one solution fits all when it comes to cyber defence, there are certain steps that every government agency must employ to create a solid foundation on which they can start building their cyber defences.

Government agencies remain in the cross hairs of cyber attackers as hostile nation-states, terrorists, hackers for profit and campaigning organisations (hacktivism) focus on breaching their systems. Government cyber security professionals should always take a holistic approach to managing their defences and response procedures, but there are some key steps which are the building blocks of a strong defence.

Edward Snowden’s data leakage and the WikiLeaks scandal have highlighted the danger of malicious disclosure, but more often than not the threat comes not from deliberate employee sabotage, but rather from ignorance or careless practice. For the full article click here 



from cyber security caucus http://ift.tt/2ahZlY4
via IFTTT

Auto Industry Giants Work Together to Address Vehicle Cybersecurity

Trade group creates list of “best practices” regarding vehicle cyber security

Each passing month, modern vehicles become more and more connected as new improved and more advanced cars and trucks reach consumers.

The so-called Internet of things (IoT), or the vast network of physical devices, various electronics, software, etc. that are all connected and exchange data, reached consumer vehicles a while ago. But the connectivity aspect has been intensified in vehicles in the past few years — and the progression of the modern car into a main component of the IoT is showing no signs of slowing down.

Alongside the ever-increasing connectivity component of modern cars is the similarly increasing cyber security risk that coincides with vehicles becoming part of the IoT. For the full article click here 



from cyber security caucus http://ift.tt/2ahZmuZ
via IFTTT

Students learn about cybersecurity in camp

HAMMOND — David King, of Valparaiso, and Danielle Paszek, of Hammond, are getting firsthand experience in learning about cyber safety, cyber ethics and critical network security skills.

“We’re learning the workings of the computer and how to program it to think,” said King, a 15-year-old Wheeler High School sophomore.

“When I grow up, I want to work on designing and developing games, so I’ll need to know lots of computer stuff.”

Paszek, a 13-year-old eighth-grader at Scott Middle School, said she intends to do something computer-related or become an attorney. For the full article click here 



from cyber security caucus http://ift.tt/2ahZiLG
via IFTTT

Friday, 22 July 2016

Roke expands cybersecurity operations

Roke Manor Research is expanding its operations by opening a second office in Gloucester, bringing it closer to defence, government and commercial partners in the region – such as Defence Equipment and Support – as well as potential new clients. It claims the move will help drive forward cyber recruitment and support technology innovation, creating opportunities for people and businesses in the region.

The digital technology sector has seen employment growing by nearly three times faster than the rest of the UK economy, with the west of England making a significant contribution. According to Roke, Gloucester is just behind London in providing the most skilled workforce in cybersecurity.

David Cole, managing director of Roke, said: “As a key cyber security adviser to UK Government, we are at the sharp end of trying to tackle the UK skills shortage of high quality engineers and consultants. Gloucester and the west of England enjoy a thriving digital economy, which has the cybersecurity talent we need to help protect both government and commercial critical infrastructure.” For the full article click here 



from cyber security caucus http://ift.tt/2adMTHx
via IFTTT

A Cybersecurity Assurance Program to Protect the IIoT

UL, a global safety science organization, has announced what it calls a Cybersecurity Assurance Program (UL CAP) for industrial control systems. Using the new UL 2900-2-2 standard, UL CAP for industrial control systems is designed to provide testable cybersecurity criteria to help assess software vulnerabilities and weaknesses, minimize exploitation, address known malware, review security controls and increase security awareness. UL CAP is intended for control system manufacturers who need support in assessing security risks while they continue to focus on product innovation to help build safer, more secure products. These steps will protect the Industrial Internet of Things (IIoT). The program should benefit OEMs, machine tool builders, system integrators, and retrofitters who want to mitigate risks by sourcing products assessed by an expert third party.

Network-connected products and systems offer capabilities that promise significant boosts in productivity to manufacturing companies. Industrial control systems, for example, are becoming more interconnected, connectable and networkable, thus making data-driven manufacturing a practical reality on the factory floor. However, there are growing risks that threaten the security, performance and financial return on these control systems and the equipment they run.

“We’re aiming to support and underpin the innovative, rapidly iterating technologies that make up the Industrial Internet of Things with a security program,” says Rachna Stegall, director of connected technologies at UL. “The more industrial control systems become interconnected with other devices, the greater the potential security risks. The Cybersecurity Assurance Program’s purpose is to help manufacturers, purchasers and end-users mitigate those risks via methodical risk assessments and evaluations.” For the full article click here 



from cyber security caucus http://ift.tt/2adMzZg
via IFTTT

Cybersecurity company executives plead guilty to hacking rival firm

Five employees from cybersecurity firm Quadsys have admitted to hacking to a rival company’s servers to allegedly steal customer data and pricing information.

According to The Register, members of the top Quadsys ranks pleaded guilty to hacking charges following a string of hearings.

The owner of Quadsys, Paul Streeter, managing director Paul Cox, director Alistair Barnard, account manager Steve Davies and security consultant Jon Townsend all appeared at Oxford Crown Court and admitted to “obtaining unauthorised access to computer materials to facilitate the commission of an offence.”

This could lead to up to 12 months in prison or fines. For the full article click here 



from cyber security caucus http://ift.tt/29YL84f
via IFTTT

EDGE2016 Now Seeking Sponsors for Annual Cybersecurity Conference

KNOXVILLE, Tenn., July 22, 2016 /PRNewswire/ — EDGE2016 Security Conference, an emerging, world-class conference where complex business security problems meet real-world solutions, is now expanding strategic partnership opportunities for companies and organizations for their inaugural conference October 18-19 at the Crowne Plaza in Knoxville, Tennessee.

Keynote speakers at the conference include Theresa Payton, former White House CIO, cybersecurity authority and expert on identity theft and the Internet of Things (IoT); and Kevin Poulsen, a former hacker once wanted by the FBI turned cyber security expert and currently the editor at Wired magazine.  “We are in a unique position to offer a world-class IT security conference, not just for IT professionals, but for C-level executives and business owners who have the authority to institute change within their organization,” said John McNeely, president ofSword & Shield Enterprise Security, the IT security firm hosting EDGE2016. “Cyber security is on everyone’s mind, and if it isn’t, it should be. We want to take the conversation of data security and move it toward action. To do that, we are looking to partner with companies who want to advance the IT security industry through innovation and collaboration.” For the full article click here 



from cyber security caucus http://ift.tt/2adN59R
via IFTTT

Automotive industry releases vehicle cybersecurity best practices

Members of the US Automotive Information Sharing and Analysis Center (Auto-ISAC) have released an overview of comprehensive Automotive Cybersecurity Best Practices, developed as a proactive measure to further enhance vehicle cybersecurity throughout the industry.

The Executive Summary has been released publicly on the Auto-ISAC website. The Best Practices provide guidance to assist an organisation’s development in seven key topic areas, including governance, risk assessment and management, threat detection and protection incident response, security by design, awareness and training and more.

The Best Practices provide deep technical and organizational breadth to support, develop, and improve defences against potential cybersecurity threats of the motor vehicle network. They are grounded in ISO, NIST and other established cybersecurity frameworks but are tailored to the motor vehicle. Auto-ISAC members have committed to continuously enhancing the Best Practices over time to keep pace with the constantly evolving cyber landscape.  For the full article click here 



from cyber security caucus http://ift.tt/29YKSC2
via IFTTT

Thursday, 21 July 2016

Firm creates cyber-security team in Gloucester

The office in Gloucester will initially employ 20 new staff. It will work with defence, government and commercial customers in the region.

David Cole, managing director of Roke, said:

“As a key cyber security adviser to UK Government, we are at the sharp end of trying to tackle the UK skills shortage of high quality engineers and consultants.”

Roke already employs 365 electronic engineering consultants at its headquarters in Hampshire, the company plans to double staff numbers over the next five years. For the full article click here 



from cyber security caucus http://ift.tt/29VXVQM
via IFTTT

Wassenaar Arrangement ‘inhibits international cyber-security efforts’

The Wassenaar Arrangement controlling the sale of technology and software which could be used as weapons is threatening the choke the cyber-security industry, according to a consortium of cyber-security companies.

The Coalition for Responsible Cybersecurity, supported by Microsoft among others, agrees with the principle of Wassenaar but believes that when it comes to cyber-security it “misses the mark”.

“Because the regulation is so overly broad, it would require cyber responders and security researchers to obtain an export license prior to exchanging essential information to remediate a newly identified network vulnerability, even when that vulnerability is capable of being exploited for purposes of surveillance,” wrote Alan Cohn from the CRC on a Microsoft blog.

This view was reinforced by Microsoft assistant general counsel Cristin Goodwin who was speaking at the RSA Asia Pacific Security conference in Singapore. She said, in its current form, Wassenaar would force Microsoft to apply for 3800 arms export licenses in a year. For the full article click here 



from cyber security caucus http://ift.tt/29We1he
via IFTTT

Cybersecurity Innovator Eastwind Networks to Sponsor Black Hat 2016

LAS VEGAS–(BUSINESS WIRE)–Eastwind Networks, provider of a hybrid network breach detection system designed to protect enterprise organizations and government agencies from cyber threats, today announced it will attend and sponsor Black Hat USA 2016.

Held in Las Vegas, Nevada from July 30 to August 4, Black Hat provides an annual platform for international security researchers, leaders in the public and private sector and business developers to come together and showcase groundbreaking research, risks and trends to further the information security community at a five day conference.

“Eastwind Networks is excited to be an active part of this community and is eager to showcase our contribution to defending tomorrow’s information security landscape,” said Paul Kraus, CEO of Eastwind Networks. “Eastwind’s active breach detection system offers unprecedented visibility and gathers over 4,000 attributes into a single dashboard to leverage a wealth of data and machine learning to build a complete picture of an organization’s network so any anomalous data–or hackers–stand out.” For the full article click here 



from cyber security caucus http://ift.tt/29VXA0u
via IFTTT

Japan Calls for Public to Follow Cyber Security Rules Playing Pokemon Go

The Japanese government is urging the public to follow the recommendations of the country’s Center on Cyber Security when playing the popular mobile game Pokemon Go, Chief Cabinet Secretary Yoshihide Suga said Thursday.

TOKYO (Sputnik) — On Wednesday, the Japanese Center on Cyber Security issued a warning about the game and urged people not to use their real names when registering as users to prevent their personal data from being leaked. The Center also called on the public not to play for long outside during hot summer days in order to avoid sunstroke.

“As for the game Pokemon Go, many have fears about its safety and people’s behavior. The Center on Cyber Security yesterday issued a warning. We would like people to follow the recommendations of the government for the safe usage of cell phones,” Suga said at a press conference. For the full article click here 



from cyber security caucus http://ift.tt/29We0da
via IFTTT

Argus’ cybersecurity systems quietly keep your vehicle safe from hackers

Are you concerned about your car or truck being hacked? It’s one thing to have your work or home computer system targeted. But it would be a whole other dimension of scary if you’re driving down the highway with family or friends when hackers pierce your network, disable your brakes, and lock your steering system. To guard against these types of nightmare scenarios, Argus Cyber Security has six layers of vehicle cyber protection.

In 2015, a team demonstrated the ability to hack into, then remotely control and shut down a Jeep Cherokee. In recent years, concern has been increasing over the potential threats to our ever-more-connected cars. Argus, an Isreali firm with offices in Michigan, Silicon Valley, Tokyo, and Stuttgart, Germany, has been building automotive cybersecurity systems since 2013. Argus’ products and services are used by car manufacturers, component suppliers, aftermarket device providers, and fleet operators. For the full article click here 



from cyber security caucus http://ift.tt/29VY5HR
via IFTTT

Wednesday, 20 July 2016

Chrysler calls on cybersecurity researchers for a bug hunt

FCU US, formerly Chrysler Group, has put up a bounty and called upon cybersecurity researchers to poke around and find holes in the security systems of their vehicles.

FCA US has put up a bounty program on Bugcrowd, an online community of cybersecurity researchers. The program stated few rules which includes providing FCA US all the information needed to replicate and validate the discovered security vulnerability. Of course the company also asks that the bounty hunters not destroy data, modify access, interrupt FCA US services and keep data that does not belong to them, reports TechCrunch. In return for dutifully following the set guidelines, bounties that range from $150 to $1,500 per bug are up for grabs depending on the severity. FCA US has also promised that no legal action will be taken against the cybersecurity researchers nor will law enforcement investigate any of the participants of the program. For the full article click here 



from cyber security caucus http://ift.tt/2aaPJzZ
via IFTTT

Sophos continues cybersecurity innovation in the Egyptian market

Sophos is an international company specialising in security software and hardware. The company is a leader in the field of cybersecurity, developing products that prevent and combat a variety of cyber-attacks.

Daily News Egypt interviewed Sophos’ vice president for the Middle East and Africa, Harish Chib, to discuss the IT and cybersecurity sector and the company’s business in Egypt.

What is your vision for the Egyptian market in terms of investment opportunities and challenges?

The Egyptian government recently launched a new cybersecurity division to protect its ministries and institutions from cyber-attacks. At a time when malicious cyber-activity is growing in Africa, this development bodes well for Egypt, particularly because Egypt is among the most affected African countries and is reported to have one of the largest networks of active malicious IP addresses on the continent For the full article click here 



from cyber security caucus http://ift.tt/2a8LmCw
via IFTTT

Work Wanted: Cybersecurity jobs a priority for government

On July 12, the federal government issued a four-part workforce strategy that would allow cybersecurity professionals to perform a “tour of duty” in the public sector as part of their career plan.

The White House plans to streamline guidelines that would allow it to hire private sector security experts more quickly. It will also create a “cybersecurity cadre” within the Presidential Management Fellows program, a leadership development program for advanced degree candidates.

The Office of Personnel Management will also build cybersecurity career paths for current information security professionals working in government, including credentialing programs, rotational assignments, and efforts to make them subject matter experts in their field.  For the full article click here 



from cyber security caucus http://ift.tt/2aaNWur
via IFTTT

Williams F1 teams up with Thales cyber security

The Williams Formula One motor racing team has announced a technical partnership with critical information systems, cyber security and data protection firm Thales. Under the agreement, Thales will provide cyber security systems for real-time global telemetry transmission to both the Williams Martini Racing and the Williams Advanced Engineering teams.

Cyber security, especially data protection, is of the utmost importance in the competitive world of Formula One, and Thales will help Williams to protect its confidential, high-value data.

Thales designs, develops and operates resilient and high-performance critical information systems in the aerospace, defence, finance, technology and transport sectors, supported by its 2,000 cyber security experts, 22,000 researchers and engineers, and its data protection and digital trust management systems. For the full article click here 



from cyber security caucus http://ift.tt/2atXrkN
via IFTTT

Cybersecurity Training for BT Security Employees to Include CISSP and SSCP

BT Security made news in England last April when it said it would hire 900 new security personnel. SC Magazine reported that the move was “part of a major drive to protect consumers, businesses and governments from the growing threat of cybercrime.”

New Cybersecurity Training Initiative

BT Security personnel, along with new recruits and key suppliers, will now have the opportunity to pursue British security organization ISC2’s professional certificationsduring their cybersecurity training. These include the Certified Information Systems Security Professional (CISSP) and the Systems Security Certified Practitioner (SSCP) certifications.

Starting with a class of 80, ISC2 will support the development of official instructors within the BT Security Academy. It will also deliver training programs and the certification examinations to suit the emerging demand from the facility. For the full article click here 



from cyber security caucus http://ift.tt/29Vcbu4
via IFTTT

Tuesday, 19 July 2016

5 Best Practices for Outsourcing Cybersecurity

Data breaches are getting more sophisticated, more common, and more expensive; the average cost of a breach has reached $4 million, up 29% in the past three years. No organization, regardless of size or industry, can afford to ignore information security. The shortage of qualified cybersecurity personnel, combined with modern organizations preferring to outsource ancillary functions so they can focus on their core competencies, has resulted in many organizations choosing to outsource part or all of their cybersecurity operations, often to a managed security services provider (MSSP).

There are many benefits to outsourcing information security, including cost savings and access to a deeper knowledge base and a higher level of expertise than is available in-house. However, outsourcing is not without its pitfalls, and there are issues that organizations should be aware of when choosing a cybersecurity vendor. This article will discuss five best practices for outsourcing information security. For the full article click here 



from cyber security caucus http://ift.tt/29QZ0gO
via IFTTT

Team Hodor wins New Zealand Cyber Security Challenge

They came from across the country to take part in the third New Zealand Cyber Security Challenge last week at the University of Waikato, and Team Hodor walked away the winner.

Team Hodor (Sjoerd de Feijter, Matthew Stringer and Vladimir Petko) from the Gallagher Group was the overall winner of the competition. Sjoerd de Feijter was the first awardee of the Sir William Gallagher Cyber Security Scholarship.

Runner-up was 17-year-old solo entrant Michael Robertson from Cambridge High School competing in the secondary school category. Michael also won scholarships to the Faculty of Computing and Mathematical Sciences at the University of Waikato. A team from Tararua College (PHT Hackers – Caleb Fincham, Ben Fleming and Joshua Gibbs) from the Manawatu-Wanganui region came second in the same category.

Second runner-up was Arcton (Jeremy Symon, Nathaniel Watson and Grady Hooker) from the Faculty of Computing and Mathematical Sciences, competing in the tertiary category.

Organiser Dr Ryan Ko says the goal of the Challenge was to focus on developing cyber security skills needed by professionals, and to promote innovations in the cyber field. For the full article click here 



from cyber security caucus http://ift.tt/29QX6c3
via IFTTT

Cybersecurity Response to Recent Wholesale Payment Systems Breaches

In February 2016, hackers stole $81 million from the Bangladesh central bank by sending fraudulent messages through the Society for Worldwide Interbank Financial Telecommunication (SWIFT) messaging system.

Three months later, hackers attempted to steal over $1 million from a commercial bank in Vietnam using a similar method. Since then, almost a dozen banks have reportedly launched investigations into possible hacks involving SWIFT. Coming on the heels of these investigations, last month financial regulators in the United States and abroad independently issued guidance regarding measures that can be taken by financial institutions and financial market infrastructures (FMIs) can take to protect against cybersecurity threats to the payments ecosystem.

FFIEC Joint Statement on Cybersecurity of Interbank Messaging and Wholesale Payment Networks

On June 7, 2016, the Federal Financial Institutions Examination Council (FFIEC) issued a joint statementadvising financial institutions to actively manage cybersecurity risks associated with interbank messaging and wholesale payment networks. The joint statement does not impose new regulatory requirements on financial institutions and is intended merely “to alert financial institutions to specific risk mitigation techniques related to cyber-attacks exploiting vulnerabilities and unauthorized entry through trusted client terminals running messaging and payment networks.” For the full article click here 



from cyber security caucus http://ift.tt/29QXpmV
via IFTTT

Cyber security could be improved with Exchange

Manx Technology Group says Manx data should stay on Island

Cyber security threats could be prevented by an Isle of Man internet exchange network.

That’s the message from director of Manx Technology Group Joe Hughes – the man driving it – he says Manx data should stay on Island.

It currently joins 90 per cent of all UK data that travels through the London Internet Exchange before returning to its source.  For the full article click here 



from cyber security caucus http://ift.tt/2a5Jo63
via IFTTT

Cybersecurity Education Efforts Yielding Results

Dubai — Cybersecurity education efforts are yielding results, with 61 percent of respondents to a survey conducted by Palo Alto Networks saying they would speak with IT before introducing new devices onto a corporate network or adding business applications and tools onto unsecured devices.

With 6.4 billion connected “things” predicted to be in use in 2016[1] – and many expected to enter the workplace – this survey finding represents a significant step in the right direction and demonstrates that employees’ knowledge and understanding of their role in cybersecurity is improving.

However, the contrasting findings from this survey of business managers – who typically have the salary and tendency to be early adopters of new technology – are that 39 percent would fly under IT’s radar. This leaves a large margin for risk. For the full article click here 



from cyber security caucus http://ift.tt/2a7tFWY
via IFTTT

Monday, 18 July 2016

Threat Of Cyber-Attacks On Oil & Gas Highlights The Danger In Your Thumb Drive

Earlier this year, President Barack Obama created the 12-member Commission on Enhancing National Cybersecurity. In May, commission members traveled to New York to hear about cyber-threats to banks and insurance companies. They then went to San Francisco to talk with computer developers from Silicon Valley about the latest technology to stop cyber-attacks.

Then, last week, the commission came to Houston to learn about the threat to critical industries including oil & gas, electricity, and telecommunications.

One hot topic of the testimony was what happened last December — not in the U.S .— but in Ukraine. Computer hackers had shut down the electricity grid, leaving a quarter million Ukrainians in the dark. Operators were able to regain control in a few hours by manually resetting circuit breakers. For the full article click here 



from cyber security caucus http://ift.tt/2a4Jhud
via IFTTT

Size Doesn’t Matter: Cyber Security and the SME

The research, which forms part of NJR’s cyber security report: how real is the threat and how can you reduce your risk, shows that 23 per cent of employees use the same password for different work applications and 17 per cent write down their passwords, 16 per cent work while connected to public wifi networks and 15 per cent access social media sites on their work PCs. Such bad habits and a lack of awareness about security mean that employees are inadvertently leaving companies’ cyber doors wide open to attack.

This research is supported by a report which incorporates the advice from fifteen experts in the field. Here Tarun Samtani, Findel plc, shares his thoughts on how SMEs are affected by cybercrime.

“With 63 per cent of UK SME online retailers planning to increase the number of channels they traded through in 2015 to grow sales and one in four e-retailers intending to start using online marketplaces to increase sales, small companies are increasingly opening themselves up to the cyber threat. For the full article click here 



from cyber security caucus http://ift.tt/2a4Jptz
via IFTTT

The TSA, Metadata And You: How Cybersecurity Techniques Can Avoid Security Theater

The TSA is predicting long waits for flyers. It’s also trying to hire more staff because it miscalculated the number of enrollments in TSA-PreCheck, its expedited security-screening program. The situation is so bad they fired their director of security. But how was he to understand Little’s Law, that states a queueing system under heavy load is exponentially sensitive to additional load, so a tiny increment in traffic can lead to queue lengths that grow without bound?

According to a leaked TSA document, the agency’s failure rate is about 95%, meaning it has failed to spot the “known bad” (i.e. testers with weapons) in almost every test. There are also false alerts, which waste passengers’ time as they are needlessly searched. Is it really the case that, with all of the innovative power of the U.S. tech industry, we cannot detect whether someone’s shoes contain explosives or not?

With over two decades of experience in the security industry, I find it easy to spot the similarities between the TSA and most enterprise network security perimeters that are “protected” by cybersecurity vendors. Just as weapons can make their way through airport security, cyber attackers can easily penetrate enterprise networks. For the full article click here 



from cyber security caucus http://ift.tt/2a1S5iJ
via IFTTT

Most companies still can’t spot incoming cyberattacks

Four out of five businesses lack the required infrastructure or security professionals with relevant skills to spot and defend against incoming cyberattacks.

According to a new report by US cybersecurity and privacy think tank Ponemon Institute, 79 percent of cybersecurity professionals say that their organisations are struggling to monitor the internet for the external threats posed by hackers and cybercriminals.

Just 17 percent of respondents say that they have any sort of formal process in place for intelligence gathering which is applied across the whole company. For the full article click here 



from cyber security caucus http://ift.tt/29Jlpa4
via IFTTT

Automakers Turn to Hackers for Help in Improving Cybersecurity

Today’s automobile is rapidly becoming a computer on wheels, with more microprocessing power than can be found in a typical home or office. It’s not uncommon for a modern vehicle to use more than 100 million lines of code to control everything from the engine management system to the onboard infotainment technology. By comparison, there are about 8 million lines of code on the latest F-35 fighter jet.

Until recently, hackers tended to focus on desktop and laptop computers and, more recently, smartphones and tablets. But there are growing indications the “black hat” world of what’s known as the “dark internet” is shifting attention to automotive targets.

When police in Houston recently began reporting a series of unexplained robberies, the only apparent clue was a security camera video showing one of the thieves pulling out a laptop computer after breaking into the vehicle. After tapping on the keys for a few moments, the Jeep Wrangler’s engine fired up and the thieves drove away. For the full article click here 



from cyber security caucus http://ift.tt/29JkWV5
via IFTTT

Saturday, 16 July 2016

The cyber security risks of 3D printing

RESEARCHERS in the US are warning of the dangers posed by cyber security breaches to the emerging technology of 3D printing, also known as additive manufacturing.

Additive manufacturing, where an object is ‘printed’ from a CAD file usually using metal, ceramic or polymer materials, is becoming increasingly popular as a way to produce small batch products, for rapid prototyping or producing specialist parts. It has recently been approved by the US Federal Aviation Administration to produce a part for commercial jet engines. However, Ramesh Karri and a team of cyber security experts and materials engineers at New York’s Tandon School of Engineering, say that defects could be introduced to the CAD files as part of a cyber attack.

Karri and the team say that an attacker could hack into a 3D printer connected to the internet to make changes. They believe that two specific problems are most vulnerable – the insertion of fine defects within the body of an object, and the orientation of the printer nozzles. For the full article click here 



from cyber security caucus http://ift.tt/29E9vPq
via IFTTT

House bills seek to strengthen U.S.-Israel cybersecurity partnership

Reps. Jim Langevin, D-R.I., and John Ratcliffe, R-Texas, introduced two bills Thursday to strengthen joint cybersecurity research and development efforts between the U.S. and Israel.

“The United States and Israel are the two top exporters of cybersecurity technologies,” said Langevin in a statement. “Our bills will leverage the reservoirs of expertise in both nations to advance the frontiers of cyber science.”

The bills seek to formalize a grant-funding program for early-stage cyber innovation and to expand an ongoing R&D program jointly conducted by the Homeland Security Advanced Research Projects Agency and Israeli Ministry of Public Security.  For the full article click here 



from cyber security caucus http://ift.tt/29CJvHU
via IFTTT

Domestic software in the works for cyberprotection

In the face of rising cyberattacks, the government is looking to boost its cyberdefenses with locally-made software.

Science, Industry and Technology Ministry and the Scientific and Technological Research Council of Turkey (TÜBİTAK), a state-run science and research agency will offer incentives for local software developers for cybersecurity software. Incentives as much as TL 3 million ($1 million) per software projects will be available for developers.

Turkey aims to cover loopholes in cybersecurity with software focusing on detecting abnormal activity in web traffic as most attacks targeting the country comprise of distributed denial of service (DDoS) attacks. For the full article click here 



from cyber security caucus http://ift.tt/29LVxgr
via IFTTT

Cybersecurity boot camp looks to help build workforce for growing field

The need to find qualified people to fill cybersecurity jobs has institutions like Delaware State University hosting summer camps to boost technical skills.

This week’s cybersecurity boot camp at DSU is a partnership with the U.S. Cyber Challenge. Marwan Rasamny, chair of DSU’s computer information science department, said these camps are needed to help participants keep up with the ever-changing tech landscape.

“They’re getting training,” Rasamny said. “So we’re improving their skills in cybersecurity which is very much a needed skill in the country to secure the infrastructure. We’re training these young students to actually go out there and help secure the nation.”  For the full article click here 



from cyber security caucus http://ift.tt/29LV7qF
via IFTTT

Cyber security policy in Sept.

Cyber security, data analytics and open data are the three sectors for which Telangana Government will come with a policy each in September, IT Secretary Jayesh Ranjan said here on Friday.

Four sectoral policies were released along with the IT policy in April and three more will come in September, he told presspersons on the sidelines of a seminar on e-commerce organised by trade and industry body, the Federation of Telangana and Andhra Pradesh Chambers of Commerce and Industry (FTAPCCI).

Creating a legal framework for data exchange and putting in place emergency response team are some of the features of the policies, he replied to queries.

Earlier, he told the seminar that the government, in the backdrop of e-commerce gaining popularity, wants on putting in place systems to address the adverse impact, including financial frauds. “We will be vigilant about these matters,” he said. For the full article click here 



from cyber security caucus http://ift.tt/29CG8AG
via IFTTT

Southern Colorado teachers take course in cybersecurity

COLORADO SPRINGS, Colo. — There’s a shortage in the United States and it could affect protection for banks, credit cards, your laptop and even your cell phone.

“The NSA and the nation as a whole have identified that cybersecurity is going to be a major portion of national defense, going forward in protection people’s personal information,” said Jakob Nelson, lab and systems director for Secure Set LLC and Secure Set Academy.

Experts say a lot of experience is needed in order to create qualified applicants.

To do that, education needs to start early.

“In order for students to learn it, there has to be some type of facilitator or guide and if we can put in a controllable environment where students can learn this safely,” said Nick Williams, business technology teacher at Mesa Ridge High School. For the full article click here 



from cyber security caucus http://ift.tt/29CG9oa
via IFTTT

Delaware Cyber Challenge tests skills of computer ‘whiz kids’

DOVER –– The seventh Delaware-hosted U.S. Cyber Challenge drew 50 participants to Delaware State University last week ranging in age from 16 to 50 –– all looking to improve their skills in cyber security.

“It’s really about sharpening your computer skills,” said John Foss, 48, of Dover. “You may be at home thinking you’re really skilled with computers, but you come here and see there is so much you don’t know yet.”

The week-long conference concluded Friday with a competition where participants could apply the skills they learned throughout the week and the information with which they already came equipped.

The competition portion included a list of tasks accompanied by a series of questions.

“It’s not just as easy as hacking into a computer and finding a specific file,” organizer Jerrod Bates said. “All the questions have several layers so the competitors have to show that they are able to use a combination of skills to solve a problem.” For the full article click here 



from cyber security caucus http://ift.tt/29CH5c4
via IFTTT

Energy braces for online attacks

Exxon Mobil Corp. bans its employees from using personal email and USB flash drives. It sends them simulated phishing emails, with alluring links, to see whether its workers would fall for tricks that would leave the computer networks of the nation’s biggest oil company vulnerable to attack.

These defensive measures are a response to the threat from hackers who increasingly target oil companies in efforts to steal money and intellectual property, or cause physical damage by taking over controls that adjust valves or regulate pressure pumps at refineries and pipelines. Online attacks against oil companies, whether by thieves, radical environmental activists or saboteurs, are on the rise. In a global survey last year, one third of oil companies said they’ve been hit more than twice by online attackers who penetrated their defenses, according to the SANS Institute, a nonprofit that conducts cybersecurity training.

“Any attacker with enough resources and enough determination will likely discover ways to breach a single layer of defense,” said Scott Robichaux, a cybersecurity manager at Exxon Mobil. For that reason, he added, oil companies should add several layers of security to keep hackers out their networks. For the full article click here 



from cyber security caucus http://ift.tt/29E6uyu
via IFTTT

China’s auto industry moves to protect cyber security

China has established an automotive cyber security committee to ensure the safe running of intelligent, connected and electric cars.

The founding of the committee was announced on Thursday at an ongoing international automobile technology forum in Changchun, capital of Jilin Province and a cradle of China’s automaking industry.

“The committee has been established as a platform to pool resources, carry out research and work out standards, policies, laws and regulations to defend cyber security in automobiles,” said Zhang Jinhua, vice secretary-general of the China Society of Automotive Engineers.

The committee is headed by Li Jun, a member of the Chinese Academy of Engineering and technical chief of Changchun-based FAW Group Corporation.

Cyber safety has become crucial in the automotive sector as cars are becoming intelligent and interconnected. Many automakers have partnered with Internet companies to intensify cyber security. For the full article click here 



from cyber security caucus http://ift.tt/29E6dff
via IFTTT

Cyber Security Market to Reach $150 billion with 8%-11% CAGR to 2021

Global Cyber Security Market Will Cross more than USD $150 Billion Mark By 2021 :

Market research future published a cooked research report on Global Cyber Security MarketCyber Security market is expected to grow with the CAGR of ~8%-11%% from 2016 to 2021, and due to this it is predictable to cross USD $150 billion by 2021. For the Global Cyber Security Market drivers are evolving cyber threats, lack of focus in security systems, dependency on information technology, strict government rules and policies.

Taste the market data and market information presented through more than 70 market data tables and figures spread in 125 numbers of pages of the project report. Avail the in-depth table of content TOC & market synopsis on “Global Cyber Security Market Information- Global Forecast to 2021

The early diners are offered free customization- Up To 20%

Network security segment for cyber security market is projected to be the fastest-growing market during the period 2016 to 2021. For the full article click here 



from cyber security caucus http://ift.tt/29QFHBL
via IFTTT

Friday, 15 July 2016

Are Healthcare CISOs Suffering from Cybersecurity Solution Fatigue? An Expert Probes Some of the Issues

A recent Institute for Critical Infrastructure Technology report provided some intriguing thoughts about the pressure facing CISOs to keep their organizations secure and how they are combating information and vendor solution overload.

Given the often-reported high value of health data, healthcare organizations are facing ongoing and escalating cyber threats. In fact, media reports about ransomware attacks and data breaches against hospitals, health systems and medical practices seems to be occurring on a weekly basis at this point.

In a recent report, James Scott, a senior fellow at the Institute for Critical Infrastructure Technology (ICIT), a Washington, D.C.-based cybersecurity think tank, points out that a well-informed CISO can improve the engagement of the C-suite and improve the cyber posture of the organization.

“Due to the plague of APTs, malware, ransomware and other malicious initiatives by invisible adversaries, few C-level executive positions are as critical as the CISO,” Scott writes.

For the full article click here 



from cyber security caucus http://ift.tt/29Ckedc
via IFTTT

‘BLIND’ CYBER SECURITY TRAINING ‘INCREASES RISK’

Cyber security training “implemented blindly” by managers will leave businesses open to hacking attacks, an expert panellist at an upcoming Insider event has warned.

Mark Lomas, IT consultant at Icomm Technologies in Birmingham, said ensuring employees were fully up to speed on protecting data and IT systems was more important than ever.

A recent report by PwC found six in ten companies had fallen victim to cybercrime via staff; either through inadvertent or deliberate action.

However, Lomas said security policies should not be communicated to staff via diktats, but should instead be made more relevant to employees’ lives. For the full article click here 



from cyber security caucus http://ift.tt/29WkdFw
via IFTTT

Fiat Chrysler rewards hackers who expose cyber-security flaws

In an effort to iron the electronic bugs – and vulnerabilities – out of its vehicles’ software, Fiat Chrysler Automobiles is hiring a team of hackers to search for exploitable weak spots–before they’re found by hackers who aren’t on the payroll

Fiat Chrysler Automobiles is planning to unleash dozens of international hackers upon its cars, pickups, andSUVs in an effort to hunt down weak spots in its vehicles’ on-board computers and connectivity systems.

Dubbed the “Bug Bounty Program,” the effort to clamp down on the brand’s automotive cyber-security will be led by Bugcrowd, a San Francisco-based company specializing in crowd-sourced cyber-security solutions.

Using the expertise of an eclectic group of hackers from all over the world, FCA hopes the hired hackers will find bugs and weak spots before criminal hackers have to chance to exploit these weaknesses for nefarious purposes. For the full article click here 



from cyber security caucus http://ift.tt/29VCT5q
via IFTTT

CyberSecurity: How Artificial Intelligence Is Your New Best Friend

Everybody talks about AI, but nobody talks about what it means for you. During this session, we will talk about how artificial intelligence can be used to amplify human capabilities in threat detection, evidence gathering, and remediation.

The traditional security infrastructure has changed over time, and threat behavior has evolved and become more complex than ever. To confront this shifting landscape, artificial intelligence has been introduced by numerous platforms to more accurately identify threats. For the full article click here 



from cyber security caucus http://ift.tt/29VCTm1
via IFTTT

Cybersecurity Not Stand-Alone Issue in Trump v. Clinton

July 14 —Donald Trump and Hillary Clinton are unlikely to make cybersecurity a centerpiece of their campaigns and probably won’t mention the issue during the party conventions.

But the topic underlies many of the issues that the respective Republican and Democratic presumptive nominees for president will discuss in the race to the White House, privacy and security professionals told Bloomberg BNA.

Voters care about cybersecurity issues, but they may be overwhelmed by the magnitude and the complexity of the threats, they said. Individuals are leaving it to the government to deal with the problems, they said.

Nevertheless, a large-scale cyberattack on the U.S. or a major hacking breach involving a U.S. company during the time leading up to Nov. 8 election might well put cybersecurity in the spotlight and influence the election, the privacy and security pros said. For the full article click here 



from cyber security caucus http://ift.tt/29VCRdR
via IFTTT

Cybersecurity experts lead research team on power grid protection

In light of recently increasing discussions surrounding cybersecurity concerns and the U.S. power grid, a collaborative project led by researchers from Lawrence Livermore National Laboratory (LLNL) and Lawrence Berkeley National Laboratory (Berkeley Lab) is seeking do develop new data analysis methods that would offer better protection against cyber threats.

Jamie Van Randwyk of LLNL and Berkeley Lab’s Sean Peisert will head up a project titled “Threat Detection and Response with Data Analytics” as part of a three-year Grid Modernization Initiative sponsored by the Department of Energy (DOE). The project’s methods include extended data collection that will feed advanced analyses of power grid failures, enabling security experts to determine whether the failure was caused by a natural disaster, equipment failure, physical damage or cyber attacks. For the full article click here 



from cyber security caucus http://ift.tt/29AwTRx
via IFTTT

Thursday, 14 July 2016

Cyber security and networking: The big announcements at Cisco Live 2016

News: What has Chuck Robbins been up to in his first year as CEO?

As Maroon 5 serenaded the Cisco Live 2016 delegates with a surfeit of their breezy pop tunes on Wednesday evening, the curtain closed on the first Cisco Live in decades with a new CEO in charge of the company.

John Chambers’s successor Chuck Robbins took over the helm of the company in July last year, and his keynote at Cisco’s flagship event ticked many of the old John Chambers boxes.

Amongst these was a reiteration of the transformative potential of technology, saying that successful digital transformation would require C-level sponsorship.

Yet behind this rhetoric, what direction is he taking the company in?

A more specific focus in the keynote was security, and Cisco used the event to roll out a range of new security products. For the full article click here 



from cyber security caucus http://ift.tt/29Ss6Jc
via IFTTT