Wednesday, 31 August 2016

MO cybersecurity summit helps residents protect themselves

The summit was funded by a grant from the U.S. Department of Homeland Security as part of our state’s ongoing initiative to strengthen cybersecurity. A number of state leaders were in attendance, and the event was aimed at both raising awareness and sharing best practices.

Michael Roling, Chief Information Officer for the State of Missouri, says our state is one of the leaders nationwide in terms of cybersecurity.

“We’ve been using a four point plan over the last several years to secure our state’s networks and other resources from criminals and other adversaries,” Roling says, adding, “We [Missouri] have been a model for other states in terms of building up our defenses and protecting state resources.”

Experts say one of the best ways to protect yourself is ask questions.

“It’s part of your own responsibility to keep your information protected,” Kayla Wilber, an IT consultant with Huber & Associates tells ABC 17 News.  “Consumers should start asking questions about, ‘How is my data that is shared with you protected?” For the full article click here 



from cyber security caucus http://ift.tt/2bV3Ozg
via IFTTT

Cyber security company Intsights raises $7.5m

Tuesday, 30 August 2016

Elite private girls’ school bans app Musical.ly over fears videos of young pupils imitating ‘sexualised dance moves’ will be used to track them

Roslyn Mahony, the head of Wenona, and Beth Oakley, Dean of Students, warned girls in year 4, 5 and 6 were imitating the raunchy routines in pop music videos.

‘When the celebrities whose music they enjoy present their songs with highly sexualised dance moves, these performance styles are then imitated as girls create their own music videos through the app,’ the letter reads.

‘A number of girls have been singing and dancing and uploading performances in school uniform, which introduces numerous other potential risks.’

Students have been asked to remove the app from their phone if they do not meet the age requirement of being 13 years old. For the full article click here 



from cyber security caucus http://ift.tt/2bxp0hT
via IFTTT

Skills Shortage Means Salaries Soar As US Cities Vie For Cybersecurity Talent

The notion of a job for life appeared to have withered away from contemporary existence as surely as Luddites were ejected from the workforce in the early 19th Century.

The ongoing rise of automation, machine learning and the so-called march of the robots meant that humans could not rely on a lifelong career using learnt skills. Even knowledge workers would have to have portfolio skills to survive.

This, however, does not seem to apply to cybersecurity. A recent report from Cisco reported there was a global skills shortage of more than one million people, as governments and corporations belatedly address the seemingly ubiquitous dangers of cybercrime.

Moreover, according to a Peninsula Press analysis of numbers from the Bureau of Labor Statistics, there are 209,000 US cybersecurity jobs without candidates and jobs are up 74% over the past five years. The same analysis says that demand for cybersecurity professionals will grow 53% through 2018. For the full article click here 



from cyber security caucus http://ift.tt/2bX20aw
via IFTTT

Monday, 29 August 2016

ICIT Analysis: Hacking Elections is Easy! Part One: Tactics, Techniques, and Procedures

True democracy relies on the reliability of the democratic process. The “Help America Vote Act”, passed in 2002, ushered in an era of uncertainty by proliferating the use of electronic voting systems vulnerable to cyber, technical and physical attack. More often than not, electronic voting systems are nothing but bare-bone, decade old computer systems that lack even rudimentary endpoint security. Despite the recurring discussion on electronic voting vulnerabilities that occurs every four years, only limited attention is given to the systemic problem undermining American democracy. It’s time for a complete overhaul in the electoral process’ cyber, technical and physical security.

In this analysis, entitled, Hacking Elections is Easy! Part One: Tactics, Techniques, and Procedures”, the Institute for Critical Infrastructure Technology provides a detailed analysis of the risks that voting machines and the digital age have introduced into our democratic process which have the potential to impact the integrity of election results.  The report discusses:

  • The shocking ease of hacking all aspects of virtually any voting machine’s “black box” technology
  • The cyber, technical and physical attack methods that could be enlisted by Nation States, Hacktivists and black hat hackers
  • Social Engineering attack vectors and methods that are so easy, even a novice script kiddie can do it
  • A few simple tactics that can “fix” any local, state or national campaign in just days or even hours
  • And much more

This paper was authored by:

  • James Scott (Senior Fellow – Institute for Critical Infrastructure Technology)
  • Drew Spaniel (Researcher – Institute for Critical Infrastructure Technology)

The following experts contributing to this report:

  • Rob Roy (Fellow – Institute for Critical Infrastructure Technology & Federal CTO, HPE)

Part Two of this paper will be published shortly and provide a deeper technical analysis of this threat.

Download the paper here:  http://ift.tt/2c4hYNx

This paper was underwritten by:

HP

 



from cyber security caucus http://ift.tt/2c4i87J
via IFTTT

Banking From Brexit to Blockchain: Enabling Commerce by Expanding the International Privacy Shield

Customer privacy concerns are key impediments to international growth in banking and commerce, and there are many companies and individuals who remain “underbanked” due to these issues. Fortunately, recent advances in blockchain and other cybersecurity business technologies can help address consumer and regulatory requirements, particularly in the current volatile and changing commercial climate.

Privacy: A Global Concern

The recent vote by Britain to exit the EU — the so-called Brexit — elicited various reactions from many quarters. It may be said, however, that there is consensus on one topic: Personal privacy, regardless of country, should be jealously guarded, and personal data used sparingly and appropriately. In that regard, the emerging technology of blockchain, if judiciously implemented, may provide privacy support both within and outside a particular jurisdiction.

Many countries are concerned about the collection and use of their citizens’ data outside their national borders. In many instances, even a well-intentioned viewing of data can be construed as collection and use. For the full article click here 



from cyber security caucus http://ift.tt/2bL7ep7
via IFTTT

Security Talent Gap Leaves Enterprises Vulnerable

The shortage of workers in the cyber-security field is well-documented. What’s more, study after study shows that the problem is growing worse. However, “Hacking the Skills Shortage,” a recently released report from Intel Security, in partnership with the Center for Strategic and International Studies (CSIS), has found that the problem has reached crisis levels, and the potential fallout is enormous.

A vast majority of respondents admitted that they are understaffed and overwhelmed, and they believe that an inability to address key cyber-security issues makes their organization a more desirable target for hacking. The survey—which tapped more than 775 IT decision-makers in Australia, France, Germany, Israel, Japan, Mexico, the United Kingdom and the United States—offers insights into the state of cyber-security. Chris Young, senior vice president and general manager of Intel Security Group stated: “The security industry has talked at length about how to address the storm of hacks and breaches, but government and the private sector haven’t brought enough urgency to solving the cyber-security talent shortage. … We need to foster new education models, accelerate the availability of training opportunities, and we need to deliver deeper automation so that talent is put to its best use on the front line.”   For the full article click here 



from cyber security caucus http://ift.tt/2btzvCQ
via IFTTT

Saturday, 27 August 2016

Experts: Same Russians Hacked Olympic Whistleblower, Democrats

The same Russian hackers who hacked the email accounts of Democratic Party officials are behind the recent hacks targeting the Olympic anti-doping agency and a Russian athlete whistleblower, cybersecurity experts told NBC News.

The experts said the hacks are all part of the same covert influence campaign by the Putin regime against the U.S. government, political organizations and other perceived enemies.

ThreatConnect, a group of cybersecurity researchers who investigated the breach, says the “Fancy Bear” hacker group, which is connected to GRU, Russia’s military intelligence agency, was behind the cyberattacks two weeks ago on the World Anti-Doping Agency (WADA) and affiliated Court of Arbitration for Sport (CAS). For the full article click here 



from cyber security caucus http://ift.tt/2bIjbcl
via IFTTT

Friday, 26 August 2016

China to tighten its cyber security to tackle growing online frauds, leaks

China has introduced new regulations to beef up its cyber security to address the growing complaints of online frauds and leakage of private information on the internet costing billions of dollars. Cyberspace Administration of China (CAC), the General Administration of Quality Supervision, Inspection and Quarantine of China; and the Standardization Administration of China (SAC) unveiled a document yesterday which contained new guidelines. The document stipulates that mandatory national standards will be introduced to regulate the fields of major information technology infrastructure protection and classified networks, Xinhua news agency reported.

Authorities will accelerate the introduction of standards in cyber security, personal information protection, cyber security information sharing and other fields. The new standards will be in line with the country’s laws and regulations. The document also requires the establishment of an information sharing mechanism for major cyber projects and unified national standards to reduce the burden for companies and to improve the country’s overall cyber security  For the full article click here 



from cyber security caucus http://ift.tt/2bU8tB5
via IFTTT

China Invites Microsoft, Intel to Join Elaboration of Cybersecurity Standards

Chinese authorities have invited foreign hi-tech companies to participate in activities of the government committee aimed at elaboration of cybersecurity rules for such companies. MOSCOW (Sputnik) — The Wall Street Journal reported that Beijing had allowed Microsoft Corp.,

Intel Corp., Cisco Systems Inc. and International Business Machines Corp. (IBM) to join the activities of China’s Technical Committee 260 (TC260), which was responsible for defining of standards in the sphere of cybersecurity. The newspaper added that IBM and Intel had not commented the information, but Microsoft and Cisco reported that they had joined the initiative. According to the media outlet, China has been paying special attention to the issue of its technical supplies’ security after US whistleblower Edward Snowden’s revelations about Washington’s use of US-developed products for espionage. For the full article click here 



from cyber security caucus http://ift.tt/2ce4nr8
via IFTTT

Thursday, 25 August 2016

NUIX claims industry first cybersecurity technology

Prevention, detection and deception rolled into one.

Australian cyber tech firm Nuix said its Insight Adaptive Security is the first product to tightly integrate cybersecurity threat prevention, detection, response, remediation, and deception in one solution.

It said unlike traditional endpoint security products, Nuix designed its adaptive security platform from the ground up to provide an end-to-end approach for protection. Most endpoint security products focus only on a few links of the security kill chain, forcing organizations to invest in multiple point solutions in order to implement a complete security workflow. This inevitably leads to greater risks, costs, and productivity losses.

“Previous attempts at applying an adaptive model to security software have failed because they’ve ineffectively cobbled together several overlapping tools that were never intended to work with each other, creating a sort of ‘security Frankenstein’,” said Eddie Sheehy, CEO of Nuix Read the earlier CBR interview with Eddie Sheehy. “Nuix Insight Adaptive Security is a tightly integrated endpoint defense solution that closes the feedback loop between sensing, filtering, detecting, and disrupting security events earlier in the kill chain.” For the full article click here 



from cyber security caucus http://ift.tt/2bC47g9
via IFTTT

More investment in cyber security a must for Indian firms to tackle attacks: FireEye

While governments the world over are concerned about how to tackle growing cyber crimes, Indian firms are more vulnerable to data breach because poor investments in adopting and implementing top-of-the-line security solutions, a top executive of US-based network security company FireEye has said. “If we had to compare countries, the Australian Strategic Policy Institute ranks India lower in cyber security maturity than Singapore, Australia, New Zealand, Malaysia, China and Vietnam,” said Vishak Raman, Senior Regional Director for India and SAARC, FireEye.

“It is important to see the bigger picture and not see vulnerability as a horse race between regions. The US cyber security far outpaces India’s and yet, the US is routinely plagued by massive cyber challenges,” Ramn told IANS as FireEye released its first “Mandiant M-Trends Asia-Pacific” report on Thursday. “In some ways, India is more vulnerable to advanced attacks and in some, we are less vulnerable because cyber security is increasingly becoming a priority for our leaders,” he noted. For the full article click here 



from cyber security caucus http://ift.tt/2bC4A2e
via IFTTT

Tuesday, 23 August 2016

COB ranks Top 10 Online Cybersecurity MBA Degrees

Missouri State University’s College of Business has earned 2nd place for ‘Top 10 Online MBA Degrees in Cybersecurity 2016’ from Online MBA Today. MSU was chosen out of over 350 school programs based on their respective tuition costs, accreditations, PayScale early career salaries, prestige and overall graduation rates, according to Online MBA Today.

MSU’s online MBA program offers several different distinctions for students to specialize in. The cybersecurity niche adds courses in telecommunications, information technology, legal issues and techniques that hackers use.

While the online MBA program has been available since 2012, courses for the cybersecurity program began fall of 2015, according to the College of Business News.

The Bureau of Labor Statistics website projects jobs for information security analysts to grow at a rate of 18 percent over the next 10 years. This is much faster than the average for all occupations, according to the job outlook on their website.

Dr. Elizabeth Rozell, associate dean of the COB and director of the MBA program, said that this ranking is a “signal of the quality faculty and a program with high standards.” For the full article click here 

 



from cyber security caucus http://ift.tt/2bCuar8
via IFTTT

Expertise in Cyber Security meeting in Montreal

MONTREAL, Aug. 23, 2016 /CNW Telbec/ – For the 12th consecutive year, more than 400 participants will take part in GoSec, a major event in North America organized by GoSecure, a Quebec company highly specialized in Cyber Security. The event to be held on 31 August and 1 September at the Palais des congrès de Montréal will bring together dozens of researchers, lecturers and experienced professionals.

All topics regarding current and potential issues in cyber security will be discussed. In addition to the 25 confirmed speakers, GoSec will receive two keynote speakers.

These are Shannon Lietz, a multi-Award winning leader and Security Innovation visionary with more than 20 years of experience andJames Mandelbaum, a renowned Security Pre-Sales Engineer and Identity Architect specialized in working with complex solutions for large clients in the US and Canada.

Again this year, EY and ISACA Montreal contribute to the success of the event as loyal partners and many other sponsors as well. Registrations are currently underway at www.gosec.net  For the full article click here 



from cyber security caucus http://ift.tt/2bLN2Cs
via IFTTT

Monday, 22 August 2016

Beyond20 offers CISSP boot camp cyber security training

ITSM consulting and training firm Beyond20 has added CISSP boot camp (certified information systems security professional) to its line-up of IT best practice course offerings, the company said.

CISSP is the second cyber security course to be offered by the firm, which currently offers Security+ training in both public and private on-site capacities.

BEYOND20 is a technology-enabled services firm focused on transformative project management and IT service management solutions. For the full article click here 



from cyber security caucus http://ift.tt/2bfi1WL
via IFTTT

Jonathan Aberman: The one void that could slow our cybersecurity dreams

More and more people agree: cybersecurity is in our region’s DNA and can continue to be a boom for greater Washington.

But venture capital is pivotal in providing the accelerant for rapid growth of technology companies, and it I fear that the lack of sufficient risk capital is strangling some promising startups.

Overall, the greater Washington region is the eighth-largest venture capital market in the country. For 2015, approximately $1.4 billion of venture capital was invested here.

This capital was provided by 351 investment firms and of those, 252 were from outside of our region — with the remaining 45 indigenous to our market, according to Pitchbook, a well-respected source of market data. For the full article click here 



from cyber security caucus http://ift.tt/2bfixnG
via IFTTT

Saturday, 20 August 2016

Cybersecurity program expands at Frederick Community College

Cybertech is a two-semester program that will allow students at Frederick Community College (FCC)  to receive an information security and assurance certificate.

“We can put you in a class. It is a cohort of 18 students maximum and they go from class to class from one semester to the next, two semesters; and they can end up from a basic certification to an advanced certification,” James Hatch, Cybersecurity program coordinator, Frederick Community College, said.

FCC was awarded the TAACCCT grant in the fall of 2014 which led to the start of the Cybersecurity degree and has allowed the school to expand.

“Because we have the technology in place, we have the skill set in place and we have all the rooms and instructors, everything; this allows us to create something that is compressed,” Hatch said. For the full article click here 



from cyber security caucus http://ift.tt/2b7YmJC
via IFTTT

Ignorance about cyber security makes websites in MP sitting ducks

Ignorance about the need for cyber security has made owners and developers of websites in Madhya Pradesh prone to cyber attacks by hackers, said a top police official at the state cyber cell.

Today’s hackers are highly sophisticated and have the means to attack any target they choose and most owners and developers of websites live a blissful state of ignorance about the need of cyber security and many still have not taken sufficient measures to guard themselves against hackers, said Vijay Khatri, additional inspector general police (cyber cell).

“Most of the website owners in the state do not pay attention to cyber security due to which cyber criminals find it easy to attack them,” he told Hindustan Times. For the full article click here 



from cyber security caucus http://ift.tt/2b7Yj0h
via IFTTT

Friday, 19 August 2016

WHY CYBERSECURITY IS A MANAGEMENT PROBLEM FOR CAMPAIGNS

Republicans have made hay out of the Democrats’ recent hacking woes, but the GOP isn’t immune from cybersecurity breaches. Just this past weekend there were reports of Russian hackers dumping emails from Republican campaigns and operatives.

As these events spatter the headlines, the campaign community has no option but to confront an unfortunate reality. Bad actors are actively seeking their information, and failure to adjust strategy could result in not only lost elections, but in national security consequences for us all.

Certain systemic characteristics of campaigns and committees can make prioritizing cybersecurity seem like a herculean task. They’re flooded with temporary employees and volunteers that come in and out of their offices. Senior aides have to manage these staffers and volunteers while rapidly making decisions on a wide array of topics. In this work environment where budgets are limited, cybersecurity can easily get lost in the shuffle. For the full article click here 



from cyber security caucus http://ift.tt/2b65m9O
via IFTTT

Clinton Foundation Fears It Was Hacked, Hires Cyber Security Firm

High-ranking officials at the Bill, Hillary, and Chelsea Clinton Foundation believe the charity’s internal servers may have been hacked as part of a wide-ranging probe, spurring the billion dollar non-profit to hire a cyber security firm.

The family foundation belonging to the former president and the Democratic party presidential nominee has been embroiled in scandals revealing that top aids to then-Secretary of State Clinton gave preferential treatment to million-dollar Clinton Foundation donors when she was the head of the State Department.

To date, there’s been no evidence that the Clinton foundation was, indeed, hacked.

But the potential of leaked evidence of the global nexus of influence peddling involving million dollar donations from foreign entities to the Clinton Foundation that often coincided with favorable State Department actions while Hillary Clinton was Secretary of State, spurred the Clinton Foundation to hire the security firm FireEye. For the full article click here 



from cyber security caucus http://ift.tt/2b65dmI
via IFTTT

Thursday, 18 August 2016

The Clinton Foundation fear donation data stolen after suspected hack

The Clinton Foundation, a multi-million dollar charity group that receives hefty donations from governments, corporations and wealthy elites, has reportedly hired a top cybersecurity firm to investigate its computer systems amid mounting fears it was targeted by hackers.

Sources close to the ongoing probe, who spoke to Reuters on condition of anonymity, said officials spotted ‘indications’ it was compromised by ‘spearphishing’ tactics similar to those used to breach the Democratic National Committee (DNC) and the Democratic Congressional Campaign Committee (DCCC). To date, no documents or emails have been leaked from the Clinton Foundation, which is described on itswebsite as a charitable organisation that funds work into climate change, economic development and women’s rights. For the full article click here 



from cyber security caucus http://ift.tt/2bhM54U
via IFTTT

Analog Devices Adds Cybersecurity Software and Services Capabilities across Its Portfolio with New Acquisition

NORWOOD, Mass.–(BUSINESS WIRE)–Analog Devices, Inc. (NASDAQ: ADI) today announced the acquisition of the Cyber Security Solutions (CSS) business of Sypris Electronics LLC.

This acquisition represents a significant leap forward in ADI’s ability to deliver secure high-performance analog solutions demanded by current and future market needs. The CSS business of Sypris Electronics, LLC is well-known as a leader in secure system and software products and technology. For more than 50 years, Sypris has built a proven track record of delivering high-assurance information security services to the world’s most demanding customers, including military and government organizations needing to protect against sophisticated nation-state level threats and attacks. With this transaction, ADI enhances its aerospace and defense capabilities in the area of secure radio communications, bolsters its portfolio of system hardware and software-based cryptographic technologies, and adds a cybersecurity software and services business that supports our ability to offer more comprehensive high-performance analog solutions across multiple market segments such as Internet of Things (IoT), industrial, automotive, and more. For the full article click here 



from cyber security caucus http://ift.tt/2bpSlbW
via IFTTT

Wednesday, 17 August 2016

There’s No David vs Goliath in Cybersecurity Innovation

Our mission at BAE Systems is to secure and defend the connected world. This is a big challenge, and like all big challenges, it’s best to work with others who can bring different viewpoints, experience and expertise to the discussion.

To this point, we have a partnership with Cyber London (CyLon), Europe’s first cybersecurity accelerator and incubator that offers cyber technology start-ups professional training and mentorship and access to the expertise of seasoned entrepreneurs, academics, government officials and other senior executives.

We are not alone. Technology companies like Microsoft, Google, Cisco and Intel actively work with the start-up community, running both accelerator schemes to support start-ups in their initial growth stage, and venture arms to provide the funding needed which can make an enormous difference in their growth trajectories. For the full article click here 



from cyber security caucus http://ift.tt/2b15ozC
via IFTTT

5 federal agencies with a role in ensuring enterprise cybersecurity

As hackers hone their skills, businesses deal with cybersecurity concerns on a daily basis. Most major hacks to date have focused on a specific company or agency. But what if a large cyberattack were to occur on a national scale? Who would enforce cybersecurity measures and provide guidance to businesses on what to do and how to react?

Though some federal guidance is still being worked out, the following is a roundup of five agencies that have a role in ensuring cybersecurity and responding to cyber incidents:

The Federal Bureau of Investigation:

Until recently, the level to which the federal government could get involved in a major private sector cybersecurity incident was unclear. But last month, the White House issued a presidential policy directive (PPD) on cyber incident coordination. The PPD outlines the federal role and pledges that, in the case of a major private sector cybersecurity event, federal government responders will safeguard sensitive private sector information and abstain from interfering while remaining informed of the affected organization’s response. For the full article click here 



from cyber security caucus http://ift.tt/2aVpLQn
via IFTTT

Tuesday, 16 August 2016

Cyber-security webinar aimed at nonprofits

Cyber attacks are costing business around the world an estimated $400 billion a year, an expense that’s only expected to keep growing.

Major corporations and small businesses are not the only enterprises at risk of losing valuable personal data and finances to hackers.

Nonprofits are just as vulnerable, particularly given their relatively limited resources to protect themselves from an attack or recover once one has been detected.

That’s why the Delaware Small Business Development Center and the Delaware Alliance for Nonprofit Advancement are hosting a free cyber-security webinar on Sept. 20 designed specifically for the nonprofit community.

The one-hour online workshop will cover common risks and behaviors that can expose an organization to a data breach, how to detect and respond to a possible hack and how to recover using the National Institute of Standards and Technology’s cyber-security framework. For the full article click here



from cyber security caucus http://ift.tt/2aWwTXL
via IFTTT

LogMeIn & Kaspersky Lab Team Up to Provide Cybersecurity Solution to IT Managers & MSPs

LogMeIn, Inc. and Kaspersky Lab today announced a new partnership that will provide LogMeIn Central Premier customers with a complementary license of Kaspersky Endpoint Security for Windows. As part of the partnership, the two companies will create an integration between the two offerings, giving Central Premier customers better insight and control over their managed computers and new third party patch management functionality. Managed completely through a centralized dashboard within Central, users will be able to view and manage anti-virus status for all computers and workstations, and provide patch updates to third party software such as Adobe, Chrome, Java, and more. As a result, IT managers and MSPs will be equipped with a solution that combines their IT automation and advanced malware protection needs into a single tool for easier, more efficient management.

A leader in anti-virus protection, Kaspersky Endpoint Security for Windows includes advanced security for workstations and defends against viruses and malware. LogMeIn Central is a powerful web-based console giving IT the control needed to remotely monitor and manage all of their computers easily and securely. With Central, every computer in the workspace is equipped with premium remote access and enabled with productivity enhancing features so employees can work from virtually anywhere.

For the full article click here



from cyber security caucus http://ift.tt/2bbaNnt
via IFTTT

Monday, 15 August 2016

Big concern over vehicle cybersecurity vulnerabilities

With the connected car becoming commonplace in the market, vehicle cybersecurity grows more important by the year.

An analysis by IOActive shows the risks faced by vehicle manufacturers, where there are numerous vulnerabilities present in vehicle software.

The analysis found that 22% of vehicle cybersecurity vulnerabilities are critical and are not solvable using “bolt-on” solutions.

These are high-priority “hair on fire” vulnerabilities that are easily discovered and exploited. For the full article click here 



from cyber security caucus http://ift.tt/2aNEP2t
via IFTTT

The inside man: Sage cyber security breach puts 280 UK firms at risk

On Friday, Sage (an accounting, payroll and payments software company) announced that there had been unauthorised access to customer information using an internal login.

Sage is one of Britain’s largest technology companies, and it says it has more than 6 million small and medium-sized businesses using its software worldwide, while operating in 23 countries.

The breach, however, is said to have only impacted customers in the UK.

This is the latest high profile data breach in an age where cyber attacks are commonplace.

Indeed, it is reminiscent of the 157,000 TalkTalk customers who had their personal information hacked last year. For the full article click here 



from cyber security caucus http://ift.tt/2aNEM6I
via IFTTT

Saturday, 13 August 2016

Cyber security: Australian spy agency runs high school hacker recruitment drive

Australia’s top cyber security agency is targeting high school students as young as 14 as part of a recruitment plan to build an army of “white hat” hackers to shield the country from internet attacks like those that crippled the census.

The Australian Signals Directorate, the shadowy spy agency that works out of the Department of Defence, has embarked on a major new recruiting drive – and teenaged bedroom hackers and computer whizkids are in its sights.

The directorate – which is tasked with intercepting and analysing foreign communications under the motto “Reveal their secrets, protect our own” – has been distributing a recruitment brochure in public and private secondary schools and has even begun opening its doors for work experience placements for students from years 9 to 12.

More than 100 high school students have been given placements over the last three years and a number have subsequently joined ASD as cadets or later as graduates. For the full article click here 



from cyber security caucus http://ift.tt/2aQs1U1
via IFTTT

Will Artificial Intelligence remould the world of cyber security?

Cyber security is a crucial challenge in today’s world, as government agencies, corporations and even individuals are increasingly becoming victims of cyber-attacks. It is a well-known fact that businesses are turning more and more to the cloud and mobile applications as a way to stay competitive in the market. However, cloud storage, IoT and mobile applications escalate security risks for all enterprises. When smaller organizations invest in security measures they frequently

It should be considered that cyber-attacks are not only frequent, but frequently creative and innovative. Though many large corporations around the world consistently employ “‘security in their very DNA”, they often fail to keep up pace with hackers who are always figuring out newer ways to bunk your security vaults.

Big companies mostly have security deeply embedded in their system; however SMBs usually patch low-cost security solutions onto their overall IT infrastructure and thus, are more susceptible to cybercrimes. One emerging technology with an immersive and potentially data-protective quality is artificial intelligence. For the full article click here 



from cyber security caucus http://ift.tt/2aSafmT
via IFTTT

Friday, 12 August 2016

China’s proposed cybersecurity laws spark concerns among businesses

China’s proposed cybersecurity laws have sparked concerns among international businesses, prompting a scoalition of 46 business groups from the US, Europe and Asia to caution that the new rules, if implemented, may negatively impact international trade relations.

The group sent a letter to China’s top economic official Premier Li Keqiang, warning that the proposed laws, imposing limitations on information security, may make it easier for hackers to steal data and may also be in violation of WTO (World Trade Organisation) rules.  “The current drafts, if implemented, would weaken security and separate China from the global digital economy,” the letter said. It was signed by the US Chamber of Commerce, Washington DC-headquartered Business Software Alliance, as well as organisations for insurers and manufacturers from the UK, Japan, Mexico and Australia, ZDnet reportedFor the full article click here 



from cyber security caucus http://ift.tt/2aQme71
via IFTTT

Lock picking aids cybersecurity

LAS VEGAS — Lock picking might seem ridiculously old-fashioned at a cybersecurity gathering — but learning it can actually help people protect machines from digital threats.

As security improves to block remote attacks over the Internet, hackers look for ways to deliver malicious software physically instead — for instance, by breaking into a company’s data centers. Like cracking a digital system, picking locks involves solving puzzles, along with a certain amount of finesse and skill.

And for the good guys, knowing how to pick locks is important for learning how to defend against it.

The recent Def Con security conference in Las Vegas had one section devoted to hands-on lock picking. Getting a seat was tough. At times, the tables looked like knitting circles, with participants at various skill levels looking intense as they used tiny rakes and tension bars to pop open a variety of practice door and padlocks. For the full article click here 



from cyber security caucus http://ift.tt/2bleR48
via IFTTT

Thursday, 11 August 2016

HITRUST bringing cybersecurity to small physician practices

With cybersecurity an increasing concern for healthcare organizations of all types, a health IT security organization is trying to help smaller physician practices respond to the threat.

The Health Information Trust Alliance (HITRUST), developer of a framework for health data security, on Thursday is launching HITRUST CyberAid, a package of products, services and processes that even small healthcare providers can afford and manage. CyberAid is designed for medical practices with no more than 75 employees.

“The premise was that we needed a solution that was easy to deploy, easy to operate, but at a high level of effectiveness,” Daniel Nutkis, CEO of Frisco, Texas-based HITRUST, said. “I think we’re on to something.” For the full article click here 



from cyber security caucus http://ift.tt/2b7xyao
via IFTTT

SecuLore Solutions Debuts Paladin(TM) Cybersecurity Appliance at APCO 2016

The team at SecuLore Solutions is preparing to debut its Paladin™ appliance in the APCO 2016 Exhibition Hall on August 15 &16, 2016 in Orlando, Florida. The Paladin product is designed for public safety professionals and other organizations seeking to protect networks from intrusion, data extraction, cyber attackers, ransomware and other “client-side” attacks that attempt to extract data or communicate with illegitimate individuals or organizations.

“We’re honored to be part of APCO 2016 and debut the Paladin tool to public safety professionals,” said Timothy Lorello, SecuLore’s President and CEO. “We believe that cybersecurity protection is critical for Public Safety Answering Points and Dispatch Centers that are installing or contemplating Next Generation 9-1-1 solutions.”

The Paladin product complements existing firewalls and other cybersecurity solutions, providing an “invisible permeable shield” that monitors all traffic entering and leaving a network. Its traffic visualization feature shows any anomalies that otherwise may be missed. Further, it provides sophisticated protection that detects and blocks inappropriate traffic flowing in either direction. It offers an elegant solution that attaches directly to external data feeds and requires no software installation. For the full article click here 



from cyber security caucus http://ift.tt/2aDEkb1
via IFTTT

Wednesday, 10 August 2016

Krakow to host 2nd European Cybersecurity Forum in September

September 26-27, 2016, Krakow, Poland, will host the 2nd European Cybersecurity Forum – CYBERSEC, the Annual Public Policy Conference dedicated to strategic aspects of cybersecurity.

This is reported by the Forum organizers.

The invited experts will focus on building a regional cybersecurity system for Central and Eastern Europe, cyberdefence of NATO member states, cyber education and cyber innovations as well as public-private partnerships,” the statement reads.

As noted, the ever growing number of cyberattacks is a “dark side” of the fourth industrial revolution. It is a problem that realistically jeopardise states and millions of citizens alike.  It also gravely affects the private sector which is increasingly becoming a direct or indirect target of cyberattacks, suffering huge financial losses as a consequence. The dynamics of hostile acts in cyberspace will only increase in the coming years; therefore, it is so crucial to enter into a dialogue now that takes into account a cross-stakeholder and comprehensive approach to the problem. European Cybersecurity Forum will aim to develop ideas and make strategic decisions in this area. For the full article click here 



from cyber security caucus http://ift.tt/2b7ORfA
via IFTTT

Schneider Electric Publishes New White Paper on Cyber Security Issues Affecting Data Centre Remote Monitoring

Remote monitoring services for IT infrastructure installations and data centres have evolved over the years from systems based on intermittent status updates delivered via email to cloud-based online services where monitoring is performed in real time, making use of cloud storage, data analytics and mobile apps.

These online monitoring platforms offer reduced downtime, deeper insight into the workings of the infrastructure being monitored and faster mean time to recovery (MTTR) with lower overheads and improved efficiency for power and cooling systems. However, as with any systems dependent on communications over a public network they are susceptible to attack from cyber criminals, a growing problem that will cost global industry an expected $2 trillion to withstand by 2019.

Choosing defensive systems and implementing work procedures for optimal security is a mission-critical discipline. A new White Paper, #239 from Schneider Electric, a global specialist in energy management and automation, entitled “Addressing Cyber Security Concerns of Data Center Remote Monitoring Platforms” provides a basic overview of a Secure Development Lifecycle (SDL) process, describing how a product should be designed and developed with security in mind at every stage. For the full article click here 



from cyber security caucus http://ift.tt/2b7OGRr
via IFTTT

Tuesday, 9 August 2016

Cyber Security Market Worth USD 202.36 Billion by 2021 – Rise in Security Breaches Targeting Enterprises Driving Growth – Research and Markets

DUBLIN–(BUSINESS WIRE)–Research and Markets has announced the addition of the “Cyber Security Market – Global Forecast to 2021″ report to their offering.

The report estimates the global cyber security market to grow from USD 122.45 billion in 2016 to USD 202.36 billion by 2021, at a CAGR of 10.6%. The cyber security market is growing rapidly because of the increase in adoption of cyber security solutions, due to the increase in security breaches targeting enterprises.

Network security is estimated to have the largest market size in 2016 because of the need for stringent compliance and regulatory requirements. The growth in the network security is associated with the rise in security breaches targeting enterprise networks, where hackers try to gain access to sensitive data. Furthermore, application security will grow at the highest CAGR during the forecast period, due to the rise in Internet of Things (IoT) and Bring Your Own Device (BYOD) trend. For the full article click here



from cyber security caucus http://ift.tt/2axVmrb
via IFTTT

Pokémon Go’s strategy could thwart cybersecurity threats

Monday, 8 August 2016

Suspected computer bug cripples Delta airline: another case of cyber attacks beating cyber security?

A suspected system wide computer bug has brought the US airline Delta (and resulting other airlines) to its knees.

“Delta experienced a computer outage that has impacted flights scheduled for this morning,” it said in a statement.

Thousands of passengers are stranded.

On Twitter, Delta told passengers: “Our systems are down everywhere.”

The airline has said en route flights are unaffected, but passengers awaiting departure are currently delayed.

The bug has had such an effect that it is not possible to rebook passengers on other airline carriers. For the full article click here 



from cyber security caucus http://ift.tt/2b2Su6v
via IFTTT

In Cybersecurity Hiring, Aptitude Trumps Experience and Skills

As a hiring manager, you may be presented with a choice: hire the candidate with the most experience or a natural ability to get things done. While tenure is the indicator of expertise in many careers, the case can be made for hiring based on aptitude versus experience in cybersecurity.

Aptitude Predicts Future Performance while Experience and Skills Show the Ability to Repeat

When it comes to cybersecurity jobs, the only certainty is change. As cybersecurity professionals are constantly forced to adapt to new threats and new tools, they must be imminently improvisational. The ability to demonstrate the capacity to try new things, work with different tools and vendors, and weave together a fluid framework of people, process, and technology beats bullets on a resume every time.

In positions where experience denotes expertise, there’s little variance in performance expectations. A tailor that makes bespoke suits can usually be judged by tenure, as the end product is the same. However, in information security, the expectation is that critical information stays safe despite a constantly evolving threat from anonymous bad guys. Bad actors have to be right once, where defenders have to be perfect 100% of the time. While experience and skills certainly help, aptitude is what keeps the lights on. For the full article click here 



from cyber security caucus http://ift.tt/2be13aH
via IFTTT

Public Officials, Business Leaders and Cybersecurity Experts Gather at Cybersecurity Event hosted by the National Cyber Security Alliance

The National Cyber Security Alliance (NCSA), a nonprofit public-private partnership focused on helping all digital citizens stay safer and more secure online, is coming to the San Jose metropolitan area with its STOP. THINK. CONNECT. Two Steps Ahead: Protect Your Digital Life tour to educate businesses about adopting simple security measures like two-step authentication, training employees to be more cyber aware, and finding resources needed to improve data security.

The event, which takes place on Tuesday, August 9th at The Tech Museum of Innovation (201 S Market St, San Jose, CA 95113), is part of a national tour to generate much-needed awareness about activating easily implemented security features, like two-step authentication, available on many of the Internet’s most popular sites. Rachel Wilner, ‎Vice President for Media and Community, for The Tech Museum of Innovation will kick-off the morning with welcome remarks, highlighting the museum’s “Cyber Detectives” exhibit, the nation’s first interactive exhibit designed to help visitors learn about Internet safety. The morning will feature a hands-on demonstration educating attendees on how to improve employee and business security, and a panel discussion with local business protection and cybersecurity experts will follow.

Small businesses provide the fabric that builds communities and holds them together. SMBs are the places people visit with family and friends to eat, buy clothes, gifts or gas and get personal services like pet care, haircuts or medical care. These businesses generally don’t think they are targets for cyber attacks; they may think they are too small or have nothing of value for cybercriminals to steal. Many SMBs don’t hire IT or technical security people because of cost or a lack of awareness about the cybersecurity vulnerabilities their businesses face. For the full article click here 



from cyber security caucus http://ift.tt/2b2SBic
via IFTTT

Air Force awards cybersecurity contract

Charles River Analytics has been awarded a $500,000 Air Force contract to develop a cyber defense toolkit.

Charles River will build the Managing Evaluation and Testing for Red Team Investigations of Cyber Security (METRICS) toolkit, according to a company news release.

“METRICS includes four components: a library for real-time assessment and identification of security failures; authoring tools to develop and collect customizable metrics; a visualization framework to review the results of analysis, and the capability to identify requirements for non-invasive data collection,” the company said. For the full article click here 



from cyber security caucus http://ift.tt/2b2SdR0
via IFTTT

root9B Statement on Remaining #1 in the Cybersecurity 500 For 3rd Consecutive Quarter

COLORADO SPRINGS, Colo., Aug. 8, 2016 /PRNewswire/ — In response to remaining #1 in the Cybersecurity 500, root9B’s Chief Executive Officer Eric Hipkins issued the following statement:

“root9B is extremely proud to be listed for the third consecutive quarter as the #1 company on the Cybersecurity 500. Our team is a recognized leader in cyber operations, development and threat intelligence across the commercial and defense community. This consistent ranking adds further confidence that our Manned Information Security approach is the critical model needed to defend our current and future clients.

“As the organization that first introduced proactive HUNT operations to the commercial community, we have developed and refined our proprietary capabilities and methodologies to facilitate the necessary shift from automated passive technologies. We are very pleased with the response and traction we continue to gain. As we continue to witness the adversary target the commercial community, this alternative approach has proven to be the future of cyber. We are also very excited to see many organizations within the cyber community embrace the future that HUNT provides. For the full article click here 



from cyber security caucus http://ift.tt/2aFXR7Z
via IFTTT

Saturday, 6 August 2016

21st century cybersecurity: People are the first step

FBI Special Agent Jamil Hassani specializes in fighting cybercrime, and he told a gathering of lawyers and judges at the ABA Annual Meeting in San Francisco that because of their profession, stature and potential to poke back, he skipped something he often does just before such an appearance.

He typically sends a “spear-phishing” email to some of the people with whom he’s about to meet. “They get an ominous screen saying: ‘I just spear-phished you’ and a follow-up saying “Just kidding.”

His story illustrates the first level of security, which is people—those in the audience, employees of companies and others. He has found that when he uses the stunt, “one in 20 click on the link.”

The presentation titled “Effective Cybersecurity in the 21st Century: Privacy, Policy & Protocol,” was sponsored by the ABA’s Litigation Section. For the full article click here 



from cyber security caucus http://ift.tt/2b2lcnd
via IFTTT

ADVISER: Cybersecurity tips for every business

Every business is, almost by definition, unique. Each faces its own specific risks, including information security risks.

Nevertheless, we have found 13 common principles at the heart of any enterprise’s information security profile. The order is not necessarily important, but a comprehensive approach is.

Data mapping: A business cannot protect information that it does not know it has. Before undertaking any information security upgrade, the business should confirm its understanding of what types of information it actually gathers, uses and stores; how that information really is used in the company’s operations; where it is stored; and who interacts with it. For example, a well-secured document management system is a good thing, but if users regularly email documents and save them as attachments, or if they copy them to desktops and mobile storage media, the document management system itself no longer provides security. A realistic assessment of actual information practices is the only way to ensure that security measures meet the real world.

Network security: Formal network security requires having the proper technology in place to secure the internal network from unwanted intrusions. Examples are multi-layered firewalls, intrusion detection systems and intrusion prevention systems. For the full article click here 



from cyber security caucus http://ift.tt/2b2lxWW
via IFTTT

Kennesaw State University’s Information Security Education Center to boost conference with grant money

Kennesaw State University has recently received a $50,000 grant to improve its annual conference for students studying cybersecurity, a growing field the university is hoping to expand.

The Virginia-based National Science Foundation awarded KSU’s Center for Information Security Education the grant. Housed in KSU’s Coles College of Business, the center was notified of the grant in July and plans to use it to fund programming for graduate and undergraduate students at its 12th Cybersecurity Education Research and Practice Conference on campus in October.

Herb Mattord, associate director of the Center for Information Security Education, said the grant will fund a graduate student research workshop that will include mentorships with five information services experts from across the country. For the full article click here 



from cyber security caucus http://ift.tt/2aOfdPu
via IFTTT

CSU law arms attorneys, execs for cybersecurity frontlines

From the investigation surrounding Hillary Clinton’s private email server to the multi-million dollar lawsuits related to massive consumer data security failures by the likes of Target, eBay and UCLA Health, one fact is becoming glaringly clear: The data protection “buck” does not stop — or start, for that matter — in the IT department.

“It used to be ‘We don’t have to worry about it; The IT guys will take care of that,’” said Brian Ray, a Cleveland State University Cleveland-Marshall College of Law professor. “Now organizations recognize it really is something that the C-suite and even the board of directors need to be aware of and have a working understanding.”

That includes attorneys, Ray said, who are increasingly involved in setting information security policies at one end, litigating cases of data intrusion at the other and various stops in between.

“We are at the point where law is very aggressively — and much more quickly than being asked — beginning to confront these issues,” he said. For the full article click here 



from cyber security caucus http://ift.tt/2aOf7qX
via IFTTT

Cyber pros claim drones could be hackers’ dream

Hackers could utilise flying drones for intercepting business communications and buzzing office buildings, cyber experts have warned.

A drone could be employed to attack Bluetooth, Wi-Fi and other types of wireless connection, making intercepting a communication as easy in private buildings as in public cafes.

A partner of IT security consulting company Bishop Fox, Francis Brown, said that drones can operate as a laptop with flying ability. With help from his research team, he has developed a drone that security professionals can use to test connections and defend against hackers using the flying devices.

The drones have the ability to target Wi-FI guest connections and short-range Bluetooth and Wi-Fi devices, including Bluetooth keyboards, which may not be protected otherwise due to current security set-ups failing to take into account that anyone could be so close as to successfully target them. For the full article click here 



from cyber security caucus http://ift.tt/2aOeKNb
via IFTTT

Friday, 5 August 2016

Cybersecurity company kills Pokemon

(CNN) – There’s a company that’s now in the business of killing Pokemon.

Looking Glass is a cybersecurity company.

It’s been hired by power utility companies in Florida to help stop Pokemon Go players from entering private land and encountering electrical equipment.

The company alters Pokemon Go’s game code to eliminate the title creatures from restricted areas.

The coders then send their suggestions to the maker of Pokemon Go, Niantic labs. For the full article click here 



from cyber security caucus http://ift.tt/2aFVnp4
via IFTTT

Cyber-Security Firm FireEye Announces Layoffs

Cyber security firm FireEye Inc said on Thursday it planned to lay off 300 to 400 of its 3,400 workers as it announced quarterly sales below its own forecast, due to a slowdown in demand for its services helping businesses respond to hacking attacks.

FireEye’s shares were down 16.2 percent at $14.02 in extended trading.

The Milpitas, California-based company also cut its full-year sales outlook.

Chief Financial Officer Michael Berry told Reuters that the job cuts were part of a restructuring effort that will reduce annual costs by about $80 million (roughly Rs. 534 crores).

Chief Executive Kevin Mandia said the company is now responding more frequently to financially driven cyber criminals, who engage in crimes such as ransomware, which are relatively simple to clean up. For the full article click here 



from cyber security caucus http://ift.tt/2aFUQmW
via IFTTT

Supercomputers give a glimpse of cybersecurity’s automated future

Giant refrigerator-sized supercomputers battled each other on Thursday in a virtual contest to show that machines can find software vulnerabilities.

The result: the supercomputers time and time again detected simulated flaws in software.

It represents a technological achievement in vulnerability detection, at a time when it can take human researchers on an average a year to find software flaws. The hope is that computers can do a better job and perhaps detect and patch the flaws within months, weeks or even days.

Thursday’s contest, called the Cyber Grand Challenge, was a step in that direction. The final round of the competition pitted computers from seven teams to play the hacking game “Capture the Flag,” which revolves around detecting software vulnerabilities.

All the machines were brought together to compete in Las Vegas at DEF CON, a cybersecurity event where human hackers have annually played the Capture the Flag game for years. For the full article click here 



from cyber security caucus http://ift.tt/2aTusJM
via IFTTT

Artificial intelligence takes centre stage in cyber security

Artificial intelligence-led cyber security technology has been in the spotlight at two major industry conferences in Las Vegas, signalling a firm trend in cyber defence research 

At the Def Con hacker conference, attendees gathered to witness the final rounds of the eight-hour Cyber Grand Challenge (CGC) run by the USDefense Advanced Research Projects Agency (Darpa).

According to Darpa, the world’s growing dependence on computer systems demands the creation of some kind of smart, autonomous security system.

The CGC, dubbed the world’s first automated network defence tournament, aims to push the state of the art in automatic program analysis to find ways to fix bugs faster than humans can. For the full article click here 



from cyber security caucus http://ift.tt/2aFUn4o
via IFTTT

FCC Asked To Be V2V Cybersecurity, Privacy Traffic Cop

Public Knowledge has asked the FCC not to let vehicle-to-vehicle (V2V) communications systems launch until it finds a way to protect them from hackers, and they have the support of a couple of powerful senators.

On June 1, the FCC issued a public noticeseeking comment on sharing in the 5.9 GHz band, including setting a January 2017 deadline for completing testing of sharing in the band.

Cable operators have been pushing for more 5 GHz spectrum to fuel their Wi-Fi hotspots, the industry’s primary mobile broadband play.

Public Knowledge is not targeting the proposal to share DSRC and Wi-Fi spectrum in its petition, and the Senators–Ed Markey (D-Mass.) and Richard Blumenthal (D-Conn.)–aren’t getting into that debate either, according to a source speaking on background. For the full article click here 



from cyber security caucus http://ift.tt/2aTtMUx
via IFTTT

Thursday, 4 August 2016

Global cyber security skills shortage places contractors in higher demand

IT contractors with cyber security knowledge and experience are in extremely high demand at present, as 82 per cent of businesses around the world have reported a shortage of workers with these skills.

A new report from the Intel Security Group and the Center for Strategic and International Studies found that almost three-quarters (71 per cent) of global recruiters believe that their organisations are at greater risk of being the target of a cyber attack because they employ few or no experts in this area.

The research was based on the responses of business leaders from all over the world and found that the cyber security skills shortage is currently most prevalent in the UK, US, Mexico, Australia, Japan, France, Germany and Israel.

As a result, limited company contractors based in Britain could be set to see an increase in demand for access to their coveted cyber security expertise, both at home and overseas. For the full article click here 



from cyber security caucus http://ift.tt/2awEJHF
via IFTTT

RBI’s Cyber Security Framework For Banks: 3 Key Takeaways

In June 2016, the Reserve Bank of India (RBI) sent to CEOs of Indian banks an important circular, the Cyber Security Framework in BanksThe document states that banks have an urgent need to put in place a robust cybersecurity/resilience framework and ensure adequate cybersecurity preparedness on a continual basis. Issuing cybersecurity guidance is not new for RBI, which issued a similar document in 2011. However, this particular document is timely and essential. Information technology (IT) is now part of banks’ operational strategies, essential for both them and their customers.

At the same time, as RBI points out, the number, frequency, and impact of cyber incidents on Indian banks has increased substantially. Like their peers globally, Indian banks are committed to maintaining customer trust, protecting financial assets, and preserving their own brand and reputation as the industry will remain a top target of cybercriminals using increasingly sophisticated methods. Thus, it is urgent that banks continue to improve their cyber defenses.

The RBI guidance consists of the overall/introductory framework and guidance and three annexes For the full article click here 



from cyber security caucus http://ift.tt/2axIZd9
via IFTTT

Cybersecurity guru joins Squire in Japan

A Japan-based cybersecurity litigator who was formerly in-house counsel at Microsoft and Sega has joined Squire Patton Boggs’ Tokyo office as a cybersecurity litigator.

Squire Patton Boggs has added significant Asian cybersecurity expertise with the hire of Tokyo-based litigator and former Sega general counsel Scott Warren.

Although he joins as a partner in the corporate practice, Warren’s focus will be on cybersecurity litigation, expanding the firm’s relationship with its corporate clients.

Warren brings significant in-house experience of the technology sector, having served as a senior attorney for Microsoft in Japan between 2001 and 2006, in charge of cybercrime enforcement among other responsibilities for the company in Japan, South Korea and China, and worldwide director of anti-piracy for its Xbox and Xbox 360 games platforms. He oversaw the launch of the Xbox console in the Far East. For the full article click here 



from cyber security caucus http://ift.tt/2awFC2N
via IFTTT

Is China’s Role in a UK Nuclear Plant Really a Cybersecurity Risk?

Last week, the UK delayed plans to build the proposed Hinkley Point C nuclear power plant, which would have been the first nuclear plant to be built in the UK in 20 years.

While the government did not give a specific reason for the hold-up, one reason suggested is that it has reservations over China’s role in the construction. The state-owned China General Nuclear Power Corporation has agreed to a 33 percent stake in the project, and some suggest that the new British government may be concerned about the cybersecurity of the plant. Nick Timothy, Prime Minister Theresa May’s chief of staff, has previously said that experts think the Chinese government could use its involvement to introduce vulnerabilities into systems, which would allow it to tamper with Britain’s energy production in the future. For the full article click here 



from cyber security caucus http://ift.tt/2aCzKG0
via IFTTT

Hackers reveal their cybersecurity secrets at Black Hat Summit

Heavy metal and hackers – it’s a pair only Sin City could bring together.

At the 19th annual Black Hat Conference, an expected 11,000 hackers from 108 countries are trying to solve the cybersecurity problems of the future, reports CBS News correspondent Mireya Villarreal.

Heavy metal and hackers – it’s a pair only Sin City could bring together.

At the 19th annual Black Hat Conference, an expected 11,000 hackers from 108 countries are trying to solve the cybersecurity problems of the future, reports CBS News correspondent Mireya Villarreal.  For the full article click here 



from cyber security caucus http://ift.tt/2aPZkuv
via IFTTT

Wednesday, 3 August 2016

2016 State of Cybersecurity Report from the Federal Cyber Executive Perspective – An (ISC)² Report

In March 2016, (ISC)² and KPMG LLP surveyed a targeted pool of executive-level government officials and contractors from civilian, military and intelligence agencies to determine the state of cybersecurity and to provide recommendations for advancing the federal government’s cybersecurity progress.

The survey covered a range of topical areas that are key to understanding the state of cybersecurity today: professional development, governance and standards, resource and program management and risk management and resiliency.

Not surprisingly, nearly half of federal executive respondents reported that “people,” through actions both intentional and neglectful, remain the greatest security vulnerability to federal agencies. Half of respondents identified training/recruiting as one of their top three areas for applying proposed Cybersecurity National Action Plan (CNAP) resources. For the full article click here 



from cyber security caucus http://ift.tt/2aC6BuU
via IFTTT

Hacking America’s Energy Sector: It’s No Longer a Matter of If, but When

Electronic Health Records and the Black Market

Australia suffers from highest national cybersecurity skills shortage

Australia tops the list when it comes to a skilled shortage in cybersecurity, as reflected in a recent study conducted by Intel Security, in partnership with the Center for Strategic and International Studies.

Findings from report found that 88 per cent of participants in Australia reported a skilled shortage in their organisations, compared to an average of 82 per cent in the other countries.

According to the study, the low supply and high demand for cybersecurity professionals has also driven up salaries. In the US, cybersecurity positions pay almost 10 per cent more than other IT jobs. For the full article click here 

 



from cyber security caucus http://ift.tt/2aszKd5
via IFTTT

U.S. Air Force Awards Telos Corporation Contract Worth $26.9 Million for Cyber Security Upgrade in De-Militarized Zone

ASHBURN, Va.–(BUSINESS WIRE)–Telos® Corporation, a leading provider of continuous security solutions and services for the world’s most security-conscious agencies and organizations, today announced that it has been awarded a contract to upgrade the U.S. Air Force (USAF) De-Militarized Zone (DMZ), an agreement worth $26.9 million. With this contract, Telos will provide modification and replacement of an aging DMZ by updating the networking equipment including firewall, intrusion prevention and intrusion detection systems, anti-virus software, web-portal capability and security management.

Telos will perform the work at Robins Air Force Base in Georgia, Beale Air Force Base in California, Langley Air Force Base in Virginia, Ramstein Air Base in Germany and Wichita, Kansas, with plans to complete the upgrade by 2019. Telos has a rich history of providing security services and solutions to military, civilian and intelligence agencies, particularly with its market-leading cyber security and risk management suite, Xacta®.

“Telos is committed to providing the highest-level of security services and solutions to the U.S. Air Force, and have done so for decades,” said Brendan D. Malloy, senior vice president and general manager, cyber operations and defense at Telos Corporation. “After a competitive acquisition process, we’re proud to be chosen to continue this work.” For the full article click here 



from cyber security caucus http://ift.tt/2asA0bZ
via IFTTT

How cyber security can boost digital transformation

Dubai: Emerging technology paradigms such as the Internet of Things (IoT), which is defined as the network of devices that are connected to the internet and can be controlled remotely, are expected to add $14 trillion to the world’s 20 largest economies by 2030. That’s one fifth of current global GDP.

Necip Ozyucel, Cloud and Enterprise Solutions Lead at Microsoft Gulf, said there is no doubt that the future of humankind is digital. But in the Middle East and Africa, many businesses are held back from fully realising digital transformation because of a lack of a robust and agile IT security policy.

According to researchandmarkets.com, in 2015, half of all GCC organisations were subjected to distributed denial-of-service (DDoS) attacks, where websites and applications are taken offline by massive volumes of external resource requests. In the same period, 45 per cent of UAE social media users were victims of cyber crime. For the full article click here 



from cyber security caucus http://ift.tt/2asAfnf
via IFTTT

What’s in Your Event Cybersecurity Strategy?

In the wake of the violent attack on Bastille Day in Nice, France, and recent other events, it would be negligent to think of physical security and digital security as two separate entities. At the White House, we discussed in great detail that an event cybersecurity strategy must dovetail physical and digital security together and that a one-sided approach was doomed to fail.

It is no secret that large crowds and popular events, especially those with controversial topics or provocative speakers, are a target for ne’er-do-wells. Thankfully, there are a host of proven strategies and tools that can help you manage a proactive and dynamic security strategy and, if the inevitable breach happens, an effective recovery effort. If you leverage these strategies and tools, you can improve the digital and physical security of the guests of the event.

There is not a specific or single recipe for success. Rather, you must first define what you are protecting, brainstorm the various threats targeting your event and then conduct a risk/reward analysis to prioritize resources on your digital and physical security strategy. For the full article click here 



from cyber security caucus http://ift.tt/2aukLDe
via IFTTT

Dem party hack shows neither side is serious about cybersecurity

The news that the Democratic National Committee (DNC), the Democratic Congressional Campaign Committee (DCCC) and the Hillary Clinton Campaign were hacked — ostensibly by hackers associated with the Russian government — started trickling out just before the start of the Democratic convention. These developments could not have come at a worse time for the Democrats. The messy revelations stemming from these breaches threatened to upend the convention itself. They cost the DNC chairman her job and forced the resignation of the DNC’s CEO. All this sound and fury because a whole bunch of intemperately written emails were revealed to the public. These emails showed that the DNC was heavily skewed to support Clinton’s presidential campaign over her primary rival, Sen. Bernie Sanders (Vt.). And there may be worse to come for the Democrats. If WikiLeaks — who somehow got its hand on these emails and other private data — fulfills its promise to release even more of them from any of these party organizations, we could be in for a whole new set of unwelcome surprises in the next 98 days.

But it’s not just the Democrats who should be concerned about these breaches. This cyberattack has implications for every political group and, frankly, every organization in the U.S. From the Republicans to the Libertarians to the Greens, to your bank, our electric grid and your place of work, it’s way past time for America to have a rational and informed discussion about cybersecurity. For the full article click here 



from cyber security caucus http://ift.tt/2aIhRI5
via IFTTT

Tuesday, 2 August 2016

IoT Security Takes Center Stage At Black Hat

Tokyo: SPB gets cybersecurity heft with ex-Microsoft, Sega hire

Squire Patton Boggs has hired Scott Warren, a former Microsoft attorney and general counsel at Sega, as head of its Asia cybersecurity practice. Warren, who will be based in Tokyo, was head of Japan for Epiq Systems until last year in Japan. He has more than 30 years of experience in litigation, licensing and protecting intellectual property, of which more than 20 years have been spent handling legal, regulatory and investigative matters in Asia. He is a member of the executive board of The Society for the Policing of Cyberspace. While working with Microsoft, Warren worked on the launch of Xbox platform in Asia, supporting commercial and IP transactions related to the distribution, service, support, internal game development and third party incentive agreements for Xbox. For the full article click here 



from cyber security caucus http://ift.tt/2aMYFM6
via IFTTT

82% of global IT pros admit to a shortage of cyber-security skills

On a global scale, the UK IT industry is the least satisfied with its education system. Only 14 percent of UK IT decision makers (ITDMs) feel that the UK education system fully prepares professionals for the cyber-security industry

A new global report from Intel Security and the Centre for Strategic and International Studies (CSIS) found that 75 percent of IT experts claim there is a cyber-security talent shortage across the UK. The number one skill that is lacking amongst UK IT pros is threat analysis.

Responses from 775 ITDMs involved in cyber-security within their organisation were gathered from across the UK, US, France, Germany, Australia, Japan, Mexico and Israel. The respondents were from organisations with at least 500 employees coming from both public and private sectors.

Most respondents (82 percent) admit to a shortage of cyber-security skills, with 71 percent citing the shortage as responsible for direct and measurable damage to organisations whose lack of talent makes them more desirable targets for hacking. For the full article click here 



from cyber security caucus http://ift.tt/2aMYH6z
via IFTTT

CompTIA introduces new cybersecurity and MPS standards

IT trade body CompTIA has launched two new industry standards for channel companies.

The CompTIA Channel Standard for Cybersecurity is based on the Framework for Improving Critical Infrastructure Cybersecurity created by the National Institute of Standards and Technology.

It provides ‘intelligent business practices’ for the five pillars of cybersecurity: identify, protect, detect, respond and recover.

Then there’s the CompTIA Channel Standard for Managed Print Providers – this standard details intelligent business practices for managed print services firms. The standard covers four business functions: business generation, delivery and operations, customer relations and business direction. For the full article click here 



from cyber security caucus http://ift.tt/2aP4ogY
via IFTTT

Distil Networks Raises $21M to Block Bots From Wrecking the Web

Arlington-based cybersecurity startup Distil Networks has closed a $21 million Series C funding round barely more than year after raising the same amount for its Series B funding.

“It was opportunistic, Distil co-founder and CEO Rami Essaid told DC Inno in an interview. “We weren’t in a hurry and we didn’t need the cash, but in February everyone was getting cold in venture funding so we took up the offer.”

Distil specializes in blocking malicious automated attacks on company servers. These bot attacks are capable of helping criminals steal vital information, commit identity theft and and hamstring the processing speed of major companies and organizations.And they are getting better and more adaptive, which is where Distil comes in.

“When we first started, bots being used for taking over systems wasn’t a thing,” Essaid said. “Now it is a major thing. Bots are taking that data and using it to take over accounts. They’re advanced enough to look like a real person and very persistent.” For the full article click here 



from cyber security caucus http://ift.tt/2aP3IIv
via IFTTT

NETSURION CISO AND CYBERSECURITY EVANGELIST JOHN CHRISTLY TO PRESENT OPENING KEYNOTE AT ‘SECURE BERMUDA 2016’

FT. LAUDERDALE, Fla., Aug. 02, 2016 (GLOBE NEWSWIRE) — Netsurion, a provider of remotely-managed data and network security services for multi-location businesses, today announced that its Chief Information Security Officer (CISO) John Christly, a cybersecurity industry veteran and evangelist, will present the opening keynote at Secure Bermuda 2016, a premier one-day conference focused exclusively on cybersecurity intelligence.

Christly’s speech, “Securing Bermuda businesses from the storm of cybersecurity threats of today’s globally connected ecosystem,” is backed by a wealth of experience and thought leadership in the IT security space.

As CISO, Christly leads Netsurion’s internal security efforts and operations, ensuring the company maintains the same unwavering confidence in its own IT security practices that it provides its customers. Prior to this role, he served as the CISO/HIPAA security officer for Florida’s Nova Southeastern University, co-founder/CEO for cybersecurity advisory firm OMC Systems, IT Security/HIPAA security officer for multi-hospital Memorial Healthcare System and chief security officer (CSO) for eTERA Consulting, a forensics and eDiscovery firm.  For the full article click here 



from cyber security caucus http://ift.tt/2aP30LB
via IFTTT

Monday, 1 August 2016

Why threat hunting as-a-service is worth considering, but ‘not a silver bullet’

Accenture and Endgame Inc. seek to detect and remove cyber threats from organizations’ systems, but their solution may be only part of a strong security plan. 

Accenture and Endgame Inc. announced Monday a new threat hunting as-a-service program created to identify and remove known and never-before-seen adversaries lurking in an organization’s system.

Accenture offers senior cybersecurity hunters who set out to find latent attackers targeting a company’s intellectual property, business systems, or other assets. Clients do not experience any interruption in day-to-day operations, unlike traditional security approaches, according to a release.

“Today, cyber attackers can circumvent even the most fortified of traditional enterprise defense systems,” said Vikram Desai, managing director of Accenture Analytics. “Rather than building a taller defensive wall, we’re giving our clients the ability to strike first—to stop adversaries before they attack.” For the full article click here 



from cyber security caucus http://ift.tt/2aXqrRW
via IFTTT

Raytheon opens new cyber center in Augusta, Georgia

Israel not protected from DNC-style hacks under new Cybersecurity laws

cyber defense would not protect Israel’s democratic process from foreign hackers, in a case similar to the hack of the Democratic National Committee’s e-mails, apparently by Russia, Knesset Foreign Affairs and Defense Subcommittee on Cybersecurity members said Monday.

The subcommittee, led MK Anat Berko (Likud), presented its findings as to how government responsibilities for Cybersecurity should be divided. A bill expected to pass a final reading this week will put its recommendations into effect, making the National Cyber Authority in charge, except in a state of emergency, when the responsibility moves to the Shin Bet. For the full article click here 



from cyber security caucus http://ift.tt/2aJguev
via IFTTT

New cybersecurity and managed print channel standards

The free certification for channel providers is being provided by CompTIA

CompTIA has unveiled two new industry standards for IT channel companies, including the CompTIA Channel Standard for Cybersecurity and the CompTIA Channel Standard for Managed Print Providers.

They are available free of charge to both CompTIA members and non-members.

Kelly Ricker, senior vice president, events and education, CompTIA, said: “The channel standards are just one example of how, through the sharing of knowledge and ideas, we can help channel partners operate more effectively.”

The cybersecurity standard is based on the Framework for Improving Critical Infrastructure Cybersecurity created by the National Institute of Standards and Technology. The standard provides intelligent business practices for the five pillars of cybersecurity: identify, protect, detect, respond and recover. For the full article click here 



from cyber security caucus http://ift.tt/2alYiUM
via IFTTT

Symantec Completes Acquisition of Blue Coat to Define the Future of Cyber Security

MOUNTAIN VIEW, Calif.–(BUSINESS WIRE)–Symantec (NASDAQ:SYMC) today announced that it has successfully completed its acquisition of Blue Coat, Inc., a leading provider of web security for enterprises and governments worldwide. The acquisition of Blue Coat complements Symantec’s innovative product portfolio and creates the industry’s largest pure play cyber security company.

“At a time when the world faces more threats than it’s ever encountered before, I couldn’t be more confident in our ability to deliver what our customers need or more honored to lead Symantec’s next chapter of innovation and growth,” said Greg Clark, Symantec CEO. “With Blue Coat now part of Symantec, we are well positioned to solve the industry’s most difficult challenges of securing a mobile workforce, protecting the cloud and stopping advanced threats.”

Clark added, “Since announcing the transaction, our integration planning teams have been working diligently to capture the strengths of both companies. With our increased scale, portfolio and resources, large enterprises can now look to Symantec as a single strategic source for integrated solutions across endpoints, cloud and infrastructure to defend against sophisticated attacks and create a stronger, more cost-efficient security posture.”

With the acquisition of Blue Coat complete, Symantec has begun executing its integration strategy and accelerating its commitment to define the future of cyber security. For the full article click here 



from cyber security caucus http://ift.tt/2aJgnj2
via IFTTT

Arbor Networks and Cybersecurity Expert to Present at Black Hat 2016

BURLINGTON, Mass.–(BUSINESS WIRE)–Arbor Networks Inc., the security division of NETSCOUT (NASDAQ: NTCT), today announced that the company will be exhibiting and presenting at Black Hat USA 2016, July 30 – August 4, 2016 in Las Vegas, Nev., at the Mandalay Bay Convention Center.

At booth #547, Arbor Networks will be sharing information on the global threat landscape and conducting product demonstrations of its advanced threat and distributed denial-of-service (DDoS) solutions. Additionally, Arbor Networks’ Chief Technology and Security Officer Sam Curry and MGM Resorts International’s (NYSE: MGM) Chief Information Security Officer Scott Howitt will be discussing a joint presentation titled Cyber Hustles – Lessons Learned from Vegas and Film.

Who: Sam Curry, Chief Technology and Security Officer, Arbor Networks; Scott Howitt, Chief Information Security Officer, MGM Resorts International

What: Cyber Hustles – Lessons Learned from Vegas and Film – “The house always wins” is a casino truism. But it hasn’t kept scores of individuals and teams from using both time-tested strategies and new techniques to beat the odds in search of big payouts. What happens in Vegas – sophisticated operators using observation, analysis, action and persistence to outsmart the house – provides valuable insights into adversary thought processes and behaviors. Classics like the Boesky, Jim Brown, Miss Daisy, Jethro and Leon Spinks have morphed and become current cyber techniques. These learnings can be readily applied to understanding and disrupting the plans and attack campaigns of cyber criminals.

When: Wednesday, August 3; 12:40-1:25 p.m. PDT

Where: Reef B; Mandalay Bay Convention Center

Arbor Networks Solutions Overview
Arbor Networks Spectrum™ is designed for the security teams, from the most senior responder to the front line analyst, to search the network to uncover and investigate complex attacks within minutes, not hours or days using existing tools. By accelerating the workflows where security operations spend most of their time, and utilizing Arbor’s unique internet visibility to connect threat actor activity happening on the global internet with the internal conversations and lateral movement of attackers on customer networks, Arbor is delivering a leading platform to reduce business risk from cyber threats. For the full article click here 



from cyber security caucus http://ift.tt/2alXuPJ
via IFTTT