now browsing by tag
Where do we stand with the management of cybersecurity
risk? Answer … Not in a good place.
This position was further augmented upon reading an
article in the January 23, 2020 Washington Post by Anna Fifield
with the title “Wuhan quarantine expands as Chinese fear authorities
withholding information about coronavirus outbreak,” available at https://www.washingtonpost.com/world/coronavirus-china-wuhan-latest/2020/01/23/2dc947a8-3d45-11ea-afe2-090eb37b60b1_story.html
One statement, by Guan Yi, a virologist who helped
identify severe acute respiratory syndrome (SARS) in 2003, really resonated. In
reference to the coronavirus epidemic, he said that “We have passed through the
‘golden period’ for prevention and control.”
That characterization rings so true if applied to
cybersecurity attacks and defenses. One can argue as to when that transition
took place. My opinion is that it happened a decade or more ago.
What this means for cybersecurity is that we are beyond
protection, avoidance and (minimally) deterrence, and are turning to detection
In an interview article “Epidemics expert Jonathon Quick:
‘The worst-case scenario for coronavirus is likely,’” in The Guardian
of March 1, 2020 available at https://www.theguardian.com/world/2020/mar/01/the-worst-case-scenario-for-coronavirus-dr-jonathan-quick-q-and-a-laura-spinney , Quick, the
former heads of the Global Health Council, states that:
“… we have a measure of epidemic preparedness—the Global
Health Security (GHS) Index—that scores countries on six dimensions:
prevention, detection, response, health system, risk environment and compliance
with international standards.”
The GHSI does not appear to include protection, avoidance or
deterrence. I think that it should. Perhaps they are implicit. In any event, it
would seem to make sense for Infosec professionals to consider a similar index
for cybersecurity risk by country, region, industry and organization. Yes,
there are some forms of these considerations such as the Payment Card
Industry’s Data Security Standard (PCI DSS), but they are not ubiquitous and
not completely effective. Furthermore, we don’t have generally-accepted
international cybersecurity standards.
There have been a number of attempts to establish such
standards, but they always seem to fizzle out. I was involved in the GAISP
(Generally-Accepted Information Security Principles) effort when it eventually
came under the auspices of the ISSA (Information System Security Association)
and I was involved directly in the project, heading up one of the tracks. A
January 2004 draft of the GAISP principles is available at https://citadel-information.com/wp-content/uploads/2010/12/issa-generally-accepted-information-security-practices-v3-2004.pdf and is well
The project was never completed. It collapsed under its own
weight and because of differences of opinion among the leaders of the project. It
is one of my greatest regrets that the standards were never finalized. It was
the right time. Since then, we have seen significant failures in cybersecurity
risk management, in large part because there are no universal standards and
global enforcement mechanisms.
We can be reasonably certain that eventually the coronavirus
will be controlled and that vaccines will be developed and made available to
the masses. At this point, we do not know how much physical, emotional and
economic harm will be inflicted on the world population, but it is reasonable
to believe in the prospect of protection against the coronavirus and/or a cure.
Wish that it were so for cybersecurity risk. At this point in
time, there is little indication that cybersecurity risk will be constrained
nor that we will develop the prevention and protection mechanisms needed to
mitigate, if not eliminate, the risk.
It is time to resurrect the creation of global standards and institute
effective organizational structures that will begin to contain rampant
cyberattacks and minimize the destruction that they cause.
*** This is a Security Bloggers Network syndicated blog from BlogInfoSec.com authored by C. Warren Axelrod. Read the original post at: https://www.bloginfosec.com/2020/03/09/cybersecurity-risk-management-beyond-the-golden-period/?utm_source=rss&utm_medium=rss&utm_campaign=cybersecurity-risk-management-beyond-the-golden-period
View full post on National Cyber Security
#cybersecurity | #hackerspace | 2020 And Beyond: Idaptive’s Predictions and Expectations for the New Decade
The close of a year is a natural time for reflection, and when it also means turning the page on a new decade people are inspired to speculate on what the next ten years might hold. At Idaptive, of course, we’ve always got our minds on what’s new, what’s next, and what nascent idea is going to shake up and redefine our industry.
We expect to see so many of the seeds planted over the past few years sprout and bear fruit in the next decade, and old, antiquated systems finally replaced with more efficient, more secure, and more user-friendly ways of operating. Passwords will finally become as obsolete as CD-ROMs, and artificial intelligence, machine learning, and analytics will blossom to make security more nimble, automated and adaptable.
As we welcome in 2020, Idaptive has identified what we believe will be the primary catalysts for life-changing innovation, laying the groundwork for a period in which we collectively learn to think more holistically about digital identity, and come to understand that unchecked trust has no place in our online security.
Prediction: Identity, analytics, and passwords evolve.
Fittingly, for the year 2020, identity and access management will finally begin to feel as advanced and sophisticated as the sci-fi-worthy date suggests. Increased adoption of tools like on-device biometric authenticators and the FIDO2 standard will fold behavior patterns, contextual data, and even user idiosyncrasies into an enhanced authentication system that will eliminate passwords from applications and endpoints. You will be the key that unlocks your devices and apps, and password sharing, resetting, or hacking will be significantly less of a security threat.
Just as passwords will no longer be the dominant access management tool, so, too, will the IT world move towards reducing and even eliminating the concept of policies that govern identity and access management altogether. They will begin to more broadly leverage AI, machine learning, and contextual data of users, locations, and networks to drive more identity use cases in the next three to five years.
We’ve watched carefully over the past few years as point solution vendors have reached scale and become market leaders, thanks to the increased popularity of the cloud and mobile devices. This year we anticipate a consolidation of these point vendors, products, and technologies in the various sub-market segments of identity and access management to produce the next generation identity platform. At the same time, the next several years will see a wider proliferation of use cases related to identity that leverages blockchain technology such as self-sovereign identity for the purpose of identity verification and management, and for managing credentials, consents, and preferences.
Prediction: Zero Trust and multi-cloud environments become commonplace.
As for what we expect to see ripple across the identity and access management industry in the coming decade, it all comes down to Zero Trust.
We see 2020 as the year when investment in Zero Trust technologies (which has been slowly sown over the past few years) begins to bear real fruit. Conventional security systems like firewalls are disappearing, and more and more organizations are adopting technologies that allow them to access on-premises data center resources like apps, servers, and the cloud anytime, from anywhere.
On-premises user directories will be another technology that will find itself phased out and made obsolete in the new year, as more companies shift to the cloud. Being faster, more efficient, and more agile (not to mention more secure) will kick off a swell of momentum around quantum computing. IBM, Google, D-Wave and even AWS will push each other to bring commercial quantum computing to market, and its impact on cybersecurity will rise in line with that conversation.
As we at Idaptive raise a glass to the new year, we prepare for a decade of massive, impactful change in our industry, in technology, and in our collective understanding of all that cybersecurity is and can be. So cheers, and Happy New Year to you and yours!
Looking for more predictions? Check out the following:
Blog: Five Identity and Access Management Predictions for 2020 and Beyond
20 Predictions for 2020 @IdaptiveHQ on Twitter
View full post on National Cyber Security
Source: National Cyber Security – Produced By Gregory Evans by DH Kass • Jan 20, 2020 The Federal Bureau of Investigation will now notify state officials when a local election has been hit by hackers, a course reversal from a prior closed door policy not to extend notification beyond victims of cyber attacks. A protracted […] View full post on AmIHackerProof.com
Source: National Cyber Security – Produced By Gregory Evans Another day and another clever PayPal phishing scam tolearn from to better protect yourself and your organization “In this world, nothing can be said to be certain, except death, taxes, and PayPal phishing email scams,” said Benjamin Franklin. Don’t believe me? Google yourself. Okay, okay, he […] View full post on AmIHackerProof.com
#cyberfraud | #cybercriminals | Big sales and big scams – What you should be wary of on Black Friday and beyond
Lots of people looking for a deal means that there are also a number of criminals looking to take advantage of those shopping.
Black Friday kicks off a shopping frenzy in the US and that same frenzy is leaking into other parts of the world, particularly here in South Africa.
As many shoppers move their shopping online, criminals have shifted their approach online as well.
Despite cybercriminals developing new and terrifying ways of scamming folks out of money, some attack vectors still prove popular such as email.
Phishing scams have become increasingly complex and unless you are paying full attention, things can slip past you. Take the electronic mailer for instance, these mails seem innocent enough but they can be an effective front for criminals to use.
Mailers containing attachments that require you download them before viewing should be avoided at all costs. Firms are more likely to embed deals directly into emails so they are easier for you to browse.
In addition to this, even if you receive a mailer containing incredible specials, it’s worth heading directly to the website rather than following a link. This is because links can be compromised and you may be heading to a website that looks legitimate but really isn’t.
“Black Friday and Cyber Monday are major shopping events on the South African calendar, and this makes them a breeding ground for fake specials, malicious links and criminal activity,” explains managing director of security training company Popcorn Trading, Anna Collard.
“There’s always an increase in fake special offers designed to lure people into clicking on a malicious link or opening a malicious attachment. People can end up handing out money for something that doesn’t exist,” the MD elaborates.
A good way to tell if a website is legitimate or not is in the URL. Often criminals will make use of special characters and letter combinations (vv to look like a w for instance) to try to fool users.
If scamming innocent civilians out of money isn’t scummy enough, how about using charity to do it?
Cybercriminals are not above using charity to trick folks into parting ways with their money. To combat this, folks need to be especially critical of donating to charities during this time.
“At the end of the year, most of us feel the need to give back and fraudsters know it. They set up fake charities that use existing events or trends, such as refugees, and get you to donate the money to them. Only give money to reputable charities that are accredited or well known, check their URLs to ensure they’re not bogus, and never give out your personal information unless you’re 100 percent sure,” advises Collard.
This goes for fundraising websites as well. While many causes are legitimate and there are measures in place to protect those kind enough to donate money, things can slip through cracks.
Once you’re done shopping you may think the danger is over but sadly, cybercriminals are always on the look out and the best time to strike is when you least expect it.
Fake shipping notices are a good attack vector as you likely won’t expect good customer service to be a risk. While downloading a form and filling it in sounds innocent enough that form could be headed for criminals with less than innocent intentions.
That form could also be malicious software that could compromise your PC when downloaded and executed.
Above all, keep your wits about you this shopping season. If an offer seems suspicious get a second opinion or avoid it altogether.
[Image – CC 0 Pixabay]
View full post on National Cyber Security
The cybersecurity talent shortage keeps getting worse. According to Cybersecurity Ventures, the cost of cybercrime will double from $3 trillion globally in 2015 to $6 trillion by 2021. Meanwhile, the number of open cybersecurity jobs will increase from 1 million in 2016 to 1.5 million by 2019. Meanwhile, the scale…
View full post on National Cyber Security Ventures
To Purchase This Product/Services, Go To The Store Link Above Or Go To http://www.become007.com/store/ China’s individuals and small firms are embracing the digital economy, but they are facing cybersecurity threats beyond their capabilities, according to a whitepaper by Mastercard. The whitepaper indicates that digital technologies … View full post on Become007.com
In light of the recent news that Zika virus could stay in semen for more than six months ― twice as long as scientists previously though the virus could be detected ― it’s time for the United States to ramp up its focus on the major mechanism for Zika virus transmission after mosquitos: sex.
“For the public health community, Zika represents an unprecedented emergency,” Tom Frieden, director of the Centers for Disease Control and Prevention, wrote in the Journal of the American Medical Association in August.
“Never before, to our knowledge, has a mosquito-borne virus been associated with human birth defects or been capable of sexual transmission,” Frieden wrote.
The post To Fight Zika Beyond Florida We Need Better Sex Education appeared first on Parent Security Online.
View full post on Parent Security Online
Teachers must look beyond paperwork and conventional interventions and try to work with students as individuals, writes Ann Marie Stevens.
View full post on Education Week: Bullying
#pso #htcs #b4inc
View full post on Parent Security Online