business

now browsing by tag

 
 

GDPR #Raising #Cybersecurity #Awareness Among #EU Business #Leaders

Source: National Cyber Security – Produced By Gregory Evans

As if the daily beating of data breach news wasn’t enough reason to bring the stark reality of cyber risks to the attention of corporate leaders, here comes the European Union’s General Data Protection Regulation (GDPR). Taking effect in May 2018, GDPR is managing to elevate cyber risks to the top of the corporate agenda for organizations that store data in citizens of the European Union.

According to a survey of more than 1,300 senior executives, conducted by insurance and risk management firm Marsh, 65 percent of respondents from organizations that operate in the EU say that they consider “cyber” to be a top risk. That’s a doubling from a similar survey conducted last year that found 32 percent citing “cyber” as a top five risk. Further, the survey finds that 23 percent of those organizations that fall under GDPR have endured a successful cyber attack in the past year.

The heightened cybersecurity concerns and looming GDPR deadline have EU organizations upping their security and risk management spending. “Of those respondents whose organizations have plans for GDPR implementation, 78% said they would increase spending on addressing cyber risk over the next 12 months, including spending on cyber insurance. Notably, 52% of those who do not have a plan for GDPR indicated that their investment in cyber risk management would increase,” Marsh writes in this news release.

Surprisingly, with about seven months left, only 8 percent of survey respondents claim that their organizations are currently GDPR compliant and a startling 57 percent say that their enterprises are currently developing compliance plans. And another 11 percent of respondents are in for a very rude awakening, as they’ve reported that they have no compliance plans at all. “Smaller organizations were more likely not to have a plan for GDPR with 19% of respondents from businesses with less than $50m annual revenue replying that no plan was in place,” Marsh wrote.

For those not familiar, GDPR mandates:

  • EU citizens’ personally identifiable information (PII) must be adequately protected, managed, and controlled.
  • Data breaches must be reported within 72 hours.
  • Non-compliant organizations risk significant fines, from 4 percent of annual revenue down to €20 million.

Forty-nine percent have fully developed a data breach incident response plan. Another 10 percent, however, have no plans to do so. It’s shocking that any organization today doesn’t have an incident response plan should sensitive data be exposed.

It is not pragmatic for an organization to assume it will never have to disclose a breach as required by GDPR – that’s just hope. It’s much more sensible to expect to be breached at some point and consider how to make a public disclosure. Because when it comes down to it, the difference between the winners and losers here is how well the breach is mitigated and managed, and the effectiveness of the public response.

 

The post GDPR #Raising #Cybersecurity #Awareness Among #EU Business #Leaders appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Where #Emerging #Cybersecurity #Technology Fits in Your #Business

Source: National Cyber Security – Produced By Gregory Evans

Where #Emerging #Cybersecurity #Technology Fits in Your #Business

As 2017 enters the final stretch, security professionals still find themselves locked in a furious battle with hackers.

Some 80 percent of the IT and security executives surveyed for the most recent AT&T Cybersecurity Insights report said their organizations came under attack during the previous 12 months. The percentage soars to 96 percent for companies in the technology industry.

All the more reason why enterprise defenders are under acute pressure to create multiple layers of defense, detection and mitigation to withstand future attacks. But what worked in the past is no guarantee it will work in the future. This is a threat landscape that is fluid and changes from one year to the next.

Tool Up for the Long Haul

In the end, a good cyberdefense strategy depends on making hard decisions that correctly match investments against an organization’s risk profile. There’s never a one-size-fits-all solution, but the approach should start with the recognition that breaches are inevitable. Then it’s up to management to select countermeasures that will mitigate potential damage, all the while ordering steps to routinely tighten up vulnerabilities in order to reduce the risk of a devastating attack.

The stakes are as high as ever: Ponemon Institute estimates the average cost of a data breach in 2017 at $3.6 million. But in the AT&T report, 65 percent of the executives surveyed expressed confidence about their ability to handle cybersecurity challenges in the coming year.

Also, more than two-thirds (70 percent) of them said they plan to increase their investments in next-generation security technologies, including threat analytics, cloud security solutions and machine learning.

New skills will clearly be in high demand as organizations seek to deploy next-generation technologies in areas such as cloud security, data science and analytics. And as more information gets pumped out daily, artificial security intelligence will become increasingly important.

Clearly, those new tools and techniques would not only come in handy against their adversaries. They can also help bridge gaps in their cybersecurity defenses exacerbated by a nagging skills shortage. But what if they don’t have the personnel to deploy them?

Half of the organizations surveyed by AT&T indicated they plan to increase their security staffs over the next 12 months. However, talent has never been as tough to come by. The U.S. has a reported skills gap of 300,000 cybersecurity experts. The shortage is particularly evident when it comes to threat prevention, threat detection and threat analysis – three of the most important areas of any cyberdefense.

Even those organizations that lean heavily toward security technology can be hard-pressed to stay abreast of the rapid advances in security defense because of the state of the IT jobs marketplace.

In the interim, one option is to increase the use of outside consultants and managed service providers, who can provide the needed next-gen capabilities to deal with this ever-changing constellation of cyberthreats.

These specialists are able to attract top-of-the-line talent and can implement cutting-edge security technologies rapidly. They also can deploy analytics that generate deep insights about the overall threat landscape – knowledge that can be shared with all of their customers to strengthen their own defensive postures.

The post Where #Emerging #Cybersecurity #Technology Fits in Your #Business appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Business Intelligence Analyst

Source: National Cyber Security – Produced By Gregory Evans

Business Intelligence Analyst
Job Details

Experienced

Corporate – Austin, TX

Full Time

4 Year Degree
Description

Silvercar is looking for a motivated analyst with a get-it-done attitude to join our growing business intelligence team. As a BI analyst, you will be responsible for leveraging the vast amounts of data at Silvercar and enabling business users access to data needed to drive business decisions. You will work directly with the head of business intelligence team and support each of Silvercar’s business units with their BI, analytics and reporting needs.

Responsibilities:

  • Drive BI use cases throughout the company
  • Provide reliable access to high quality data through dashboards and reports
  • Work with business stakeholders across the organization to gather and analyze BI requirements
  • Provide technical leadership for and hands on experience in BI, analytics, ETL, data warehousing and reporting
  • Architect an ETL process using Treasure Data by importing data from various sources (transactional databases, business systems, and flat files), transforming data using SQL, and outputting data into BI systems for analysis and visualization
Qualifications
  • BA/BS in Mathematics, Computer Science, Engineering or other quantitative field
  • 3+ years of experience working directly with BI tools like Looker or Treasure Data
  • Advanced SQL skills
  • Solid spreadsheet skills (Excel, Google Sheets, etc.)
  • Experience with ETL processes, data warehousing or building out data pipelines
  • Ability to work with business stakeholders to define BI requirements
  • Ability to act as a project manager and collaboratively work with business stakeholders to define and develop BI use cases
  • Maintains a positive attitude and shares Silvercar’s values

The post Business Intelligence Analyst appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

14 #Cybersecurity Tips All #Business Leaders Should Know

Source: National Cyber Security – Produced By Gregory Evans

14 #Cybersecurity Tips All #Business Leaders Should Know

As a business owner, cybersecurity can be a daunting topic: It’s complex, threatening, and you might not even know where to start. But considering hacks will cost companies as much as trillions of dollars annually within the next five years, cybersecurity is a measure all businesses — both big and small — must take.

To help break down different pieces of the puzzle, we’ve compiled tips and takeaways from 14 cybersecurity experts from Forbes Technology Council.

1. Cyber criminals feed off human error

“With the proper behavioral changes, organizations can greatly minimize their chances of suffering a devastating blow. It all starts with developing a culture of cybersecurity. But what does that look like?,” writes Reg Harnish, CEO, GreyCastle Security.

“A consistent buy-in among employees starts with driving home the fact that everyone has a role to play in protecting the company’s assets, and no role is more important than any other,” writes Harnish. “Additionally, employees are more likely to stay committed to the task if the security concepts can be easily implemented into their daily routines, much like brushing their teeth.”

Read more in What It Means To Have A Culture Of Cybersecurity

2. But you might want to hire a hacker …

Research forecasts the cost of cybercrime to hit $6 trillion per year by 2021. Whether you own a company or not, everyone is at risk of having their data stolen, as cybercrime is the fastest-growing crime in the U.S.. Knowing how to best position yourself before an attack happens is essential.

“More and more businesses and government agencies are engaging with independent security researchers to help them find vulnerabilities in their systems that they otherwise wouldn’t,” writes Alex Bekker, VP of engineering at HackerOne, “Most cyberattacks are executed via security holes unknown to the target organization, so having well-intentioned hackers find vulnerabilities in our computer systems is the closest we can get to real-world conditions.”

3. Most companies know about cyber threats, but aren’t doing much about it

“The hackers have done an excellent job of bringing the cybersecurity industry to the forefront, but how can we translate that into successfully helping corporations, governments and individuals defend themselves? The answer is rather simple: education,” writes Nick Espinosa, Chief Security Fanatic of Security Fanatics.

“Consider two major points in this vein: First, a recent study of global governments shows that while they’re aware of cyberthreats to their infrastructure, roughly 50% of said governments do not have a formal cyberdefense strategy or plan,” writes Espinosa. “Second, we have plenty of corporations and governments with vast amounts of intellectual property who continue to be behind in cyberdefense, using outdated strategies instead of the latest and greatest defense hardware, software and methodology. The ‘if it ain’t broke, don’t fix it’ mentality is alive and well, sadly.”

4. Beware of another threat: biased security providers

As cybersecurity becomes non-optional, third-party vendors seem to be popping up out of the woodwork. They make big promises, but not all of them can deliver.

“Setting advanced testing standards would be an important step in codifying what is promised and delivered by various products,” writes Jamie Butler, CTO of Endgame, “Unfortunately, much of the available third-party testing organizations receive compensation for testing, which makes the results inherently biased. Instead, non-pay-to-play organizations like MITRE and the Cyber Independent Testing Lab need to become the norm.”

5. It’s not enough to plan against an attack, IT departments must plan for one as well

“No matter the extent and level of investment an organization puts into cyberthreat prevention, leadership must recognize a hard reality: It only takes one wrong click to invite an intrusion . Thus, a restorative approach (i.e., a well-equipped disaster recovery plan) is needed to ensure ongoing business in the event of a ransomware attack,” writes Jeffrey Ton, EVP of product and service development at Bluelock.

“It’s crucial for companies to ensure their restorative capabilities are just as strong, if not stronger, than their preventative measures in place. In every breach scenario, quick responsiveness avoids extensive data loss and reputational fallout,” writes Ton. “Achieving the creative and analytical tension for this type of resilience is just another reason for IT departments to shift their traditional approach.”

The post 14 #Cybersecurity Tips All #Business Leaders Should Know appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

The #Future of #Work Hinges on Making #Cybersecurity Everyone’s #Business

Source: National Cyber Security – Produced By Gregory Evans

The #Future of #Work Hinges on Making #Cybersecurity Everyone’s #Business

Conversations about the future of work have to include security. I’ll take that one step further: the future of work very much revolves around the future of security. New ways of working offer exciting opportunities to boost employee productivity, creativity, and engagement, but they can’t come at the expense of security. On the contrary, many of the same practices already shaping the future of work—BYOD, unprecedented mobility, any-network access, employee-centric experiences—can increase risk for data, applications and networks. The attack surface has never been so broad or so inviting—and threats have never been more sophisticated.

At a time when data is both more valuable and more vulnerable than ever, how will we secure the future of work? As a guiding principle, we can’t rely on add-on security technologies and siloed teams. Security must be woven throughout both the IT architecture and the organization to ensure that no matter how or where people work, the organization is protected. At the same time, the measures we rely on can’t be allowed to impair the user’s experience or productivity. Today’s workforce won’t accept arbitrary restrictions or barriers; the same creative spirit that fuels innovation will also lead them to seek consumer-market workarounds.

The key is to make cybersecurity everyone’s business. When employees are fully bought in to security—when they understand its importance and relevance, and they’re empowered to support it without sacrificing their own work, your security team becomes truly organization-wide.

To that end, here are five security best practices for the future of work.
Educate users
This isn’t exactly new—fair enough. User education has been a tenet of cybersecurity since the early days. But that makes it all the more important to reinforce its importance, so that we never overlook it or take it for granted. As people gain the freedom to work anywhere, on any device, knowing how to do so safely must be a top priority.

In the employee-centric modern workplace, it’s also important to consider how this education takes place. It’s not enough simply to recite lists of rules and protocols. Instead, engage in a true dialogue—take the time to understand users’ needs and practices, and then explain your security policies in ways that are accessible and relevant to their daily experience.

Extend the discussion beyond the office environment to encompass every other setting where work takes place. How can you recognize whether a public wifi connection is safe to use? What are the risks around USB sticks? How can employees secure the consumer technologies in their homes, so their kids don’t introduce vulnerabilities into the family WiFi network with a jailbroken phone?

Engage with lines of business
Security doesn’t happen in a vacuum. The most effective policies are grounded in a firm knowledge of operational processes. Meet regularly with business decision-makers to understand the implications of new initiatives. By building rapport and trust, you can gain a seat at the table to make sure that appropriate safeguards are built into each project right from the beginning. You’ll also get crucial perspective into the tools, workflows and practices that enable the group to drive value, helping you design measures that maintain protection and control without getting in the way of business.

Modernize and mobilize your security policies
Mobility increasingly defines IT—in terms of both the mobile devices people use, and the constant movement of people, devices and data from one place to another. As employees use non-corporate devices, networks and storage systems to meet their needs—whether personally owned, third-party or public—your risk profile rises dramatically. At the same time, they usually have valid reasons for doing so. You can’t just say no; you’ve got to find secure ways to accommodate it.

Make sure your security policies reflect the real world—not some antiseptic, locked-down cybersecurity dream (and employee nightmare). Create clear rules and guidelines to help employees stay safe without losing the freedom and flexibility they’ve come to rely on. Specify convenient yet secure alternatives to consumer-grade technologies. Differentiate between scenarios—what’s safe at Starbucks vs. headquarters, what types of work should be saved for a more secure location—and set up your granular access control policies accordingly.

Enforce policies fairly and consistently
Inconsistent enforcement can doom even the best security policy—and can undermine the credibility of any subsequent policy. You put a lot of thought into creating the right rules and procedures for your business; now make sure they’re enforced the same way every time, for every user, with no exceptions. A sense of fairness will promote employee buy-in. After all, it’s not just a matter of meaning what you say—users have to take it to heart and mean it, too. When security becomes part of your culture, the whole organization becomes safer for the long term no matter what the future brings.

Make it seamless—and automatic
The less you have to rely on human intervention, the more reliable security becomes. This can include everything from conditional access controls that show employees only the apps they’re authorized to use in a given scenario, to business data encryption by default on mobile devices. Open-in controls can prevent email attachments from opening in non-corporate apps. Micro-VPN can ensure security over public wifi. Automated logging and reporting can facilitate compliance and audit readiness. There are many opportunities to make security more seamless and transparent for users, and simpler and more efficient for IT to maintain. As the scale and complexity of the enterprise environment continues to grow, steps like these will be critical to stay one step ahead.

The future of work gets a lot of buzz these days, and rightly so—it gets more exciting by the day. With these best practices, you can make sure it’s also growing more secure by the day.

The post The #Future of #Work Hinges on Making #Cybersecurity Everyone’s #Business appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

State of Small Business Cybersecurity in North America

Source: National Cyber Security – Produced By Gregory Evans

State of Small Business Cybersecurity in North America

Small business owners know they are at risk for cyberattacks, but they are somewhat at a loss as to what to do. That’s one of the findings of a new report from the Better Business Bureau, The State of Small Business Cybersecurity in North America, released today as part of National Cybersecurity Awareness Month. One of the more troubling findings is that half of small businesses reported they could remain profitable for only one month if they lost essential data.

“Profitability is the ultimate test of risk,” said Bill Fanelli, CISSP, chief security officer for the Council of Better Business Bureaus and one of the authors of the report. “It’s alarming to think that half of small businesses could be at that much risk just a short time after a cybersecurity incident.”

“Small business owners get it,” Fanelli continued. “When we asked them about the most common cybersecurity threats – ransomware, phishing, malware – they know what’s out there, and most of them have basic protections in place. For instance, 81% use antivirus software and 76% have firewalls. But one of the most cost-effective prevention tools, employee education, is used by fewer than half of the companies we surveyed. Other prevention measures scored even lower.”

BBB surveyed approximately 1,100 businesses in North America (71.4% of the sample came from the United States, 28.5% from Canada and 0.1% from Mexico). Two-thirds of the participants were BBB Accredited Businesses, and they apparently fared marginally better in most measures, such as awareness of specific threats and adoption of cybersecurity measures. The data was collected in an online survey with a margin of error of approximately +/- 3% for a 95% confidence interval.

The report focuses on cybersecurity effectiveness from three perspectives: a) cybersecurity standards/frameworks; b) best practices; and c) cost-benefit analysis. One of the key findings is that the NIST Cybersecurity Framework, technically a voluntary standard from the National Institute for Standards and Technology, is becoming mandatory in some markets. Not only are many companies requiring it of their vendors for procurement, but many businesses are adopting it because it helps them run a better business. The NIST framework is the basis for BBB’s training program, “5 Steps to Better Business Cybersecurity”

The State of Small Business Cybersecurity emphasizes the need not only for education and training, but for cost-benefit analysis of cybersecurity measures. The report suggests a formula created by two professors at the University of Maryland, Martin P. Loeb, PhD and Lawrence A. Gordon, PhD, to help small business owners estimate their risk from cybersecurity attacks and calculate an appropriate investment in prevention.

“It doesn’t do any good for a small business to adopt a $10,000 solution if the potential risk reduction is only worth $5,000,” said Fanelli. “We hope this report will give small business owners greater awareness of the real and the perceived risks of cyberattacks, as well as best practices for protecting against these types of security threats. We hope it serves as a step forward in advancing cybersecurity in the marketplace.”

Source:

The post State of Small Business Cybersecurity in North America appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Cybercrime is costing each business a whopping $11.7M a year, report says

Source: National Cyber Security – Produced By Gregory Evans

The cost of cybercrime has risen 62% over the past five years, costing each organization some $11.7 million per year, according to a joint report from Accenture and the Ponemon Institute report released Tuesday. The Cost of Cyber Crime Study, announced in a joint press release, was built on the survey…

The post Cybercrime is costing each business a whopping $11.7M a year, report says appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

As business and CISOs struggle to unite, hackers scoring big hits

Source: National Cyber Security – Produced By Gregory Evans

CISOs feel devalued by business leaders that are failing to come to the table to develop far-reaching IT-security strategies, according to a new survey that raises concerns about the ability of CISOs to effect the kind of change that is needed in formalising the business-IT relationship. This sort of divided…

The post As business and CISOs struggle to unite, hackers scoring big hits appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Cybersecurity Enables New Business Opportunities

In a study on the link between how cybersecurity is used and business success, a full 86% of respondents from high-growth companies said that they see information security as an enabler of new business opportunities, rather than simply a means of defense. Vodafone’s Cyber Security: The Innovation Accelerator report, which… View full post on National Cyber Security Ventures

Toledo business owner says former employee hacked computers, bank accounts

Source: National Cyber Security – Produced By Gregory Evans

TOLEDO, OH (WTOL) – A Toledo business owner says a disgruntled worker brought his business to a halt following a cyber attack on the company’s computers, phones and bank accounts. “Its just not fair for somebody to be that malicious. And for what?” Jacob Lewandowski, owner Jacob’s Ladder Handyman Service…

The post Toledo business owner says former employee hacked computers, bank accounts appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures