cybersecurity

now browsing by tag

 
 

SEC #Issues New #Guidelines for #Disclosing #Cybersecurity #Risks

Source: National Cyber Security News

The U.S. Securities and Exchange Commission issued new guidance calling on public companies to be more forthcoming when disclosing cyber security risks within their organization, even before a breach or cyber-attack occurs.

The commission’s five members voted unanimously to approve the guidance, however, both democratic commissioners feel there needs to be more action taken by companies. These two members hope that this is just the first step towards defeating actors who use technology to threaten the United States.

In the guidance, the commission urged companies to create policies that allow them to quickly assess cyber security risks and decide when to tell the public, and also prevent executives, board members, and other corporate insiders from trading shares when they having important information that hasn’t been released to the public yet.

“Given the frequency, magnitude and cost of cybersecurity incidents, the commission believes that it is critical that public companies take all required actions to inform investors about material cybersecurity risks and incidents in a timely fashion, including those companies that are subject to material cyber security risks but may not yet have been the target of a cyber-attack,” the SEC said.

The SEC added that while companies are not required to disclose sensitive information that could compromise the company’s’ cyber security measures, they absolutely cannot use internal or law enforcement investigations as an excuse for not informing the public of the security incident, something that’s been done all the often in the past.

Read More….

advertisement:

View full post on National Cyber Security Ventures

Microsoft #adds #voice to #calls for #federal #cybersecurity #agency

Source: National Cyber Security News

Software giant Microsoft has added its voice to a growing chorus calling for the creation of a federal cybersecurity agency to coordinate the U.S. government’s response to nation-state and cyber criminal threats.

In a blog post on Monday, Microsoft’s Senior Director of Trustworthy Computing, Paul Nicholas, called on the U.S. and other nations to replace ad-hoc efforts to address cyber threats by creating a “single national cybersecurity agency” that will pull together key government functions related to information security and “ensure policies are prioritized across the nation.”

The recommendation, which Microsoft described in a whitepaper (PDF), comes amid increasing concern that events are overtaking governments, leaving the world vulnerable to catastrophes that may have their origins in activities that take place on the Internet. Speaking in Lisbon, Portugal on Monday, U.N. Secretary Antonio Guterres called for the creation of global rules that minimize the impact of electronic warfare on civilian populations.

“Episodes of cyber warfare between states already exist. What is worse is that there is no regulatory scheme for that type of warfare, it is not clear how the Geneva Convention or international humanitarian law applies to it,” Guterres said in the speech, which was given at the University of Lisbon, Reuters reported.

Read More….

advertisement:

View full post on National Cyber Security Ventures

Government #Cybersecurity Through #Obscurity And #Paying Attention To #Data #Lifecycles

Source: National Cyber Security News

While perhaps best known for funding academic research, the US National Science Foundation (NSF) conducts many other activities, including an annual survey of doctoral graduates called the Survey of Earned Doctorates (SED). While an important data source for understanding the societal impact of doctoral education, the way in which the NSF conducts its survey offers a case study in cybersecurity through obscurity, the importance of paying attention to the entire lifecycle of data and several useful lessons to other organizations managing sensitive data in 2018.

My own experience with the SED began last month when I received four phone calls in one month from an unknown phone number late at night claiming to be a survey company working for NSF and wanting to ask me a series of questions. In this era of constant phishing attempts and scam calls, I initially assumed the calls were phishing efforts, since any NSF survey would surely be conducted from a listed phone number (though such numbers can be easily spoofed) and that the caller would have sufficient identifying information to authenticate themselves and that they actually were working on behalf of NSF.

Instead, the caller said they had no information about me other than my name, phone number and the university I graduated from and wished me to provide them a cornucopia of sensitive information of the exact kind coveted by identity thieves.

Read More….

advertisement:

View full post on National Cyber Security Ventures

The #four myths #hampering #cybersecurity #maturity

Source: National Cyber Security News

We’ve seen tremendous advances in technology over the last 15 years or so, but security continues to struggle as much today as it did a decade ago.

A large part of the problem is that security professionals and their leaders have bought into myths that hamper their ability to move their organizations forward and achieve maturity – the kind of maturity that’s necessary to be able to survive and recover from a cyber attack.

In no particular order, here are the four myths that security organizations need to stop believing and how they should move forward.

Myth #1: Cybersecurity risk can be eliminated

As a security professional, you know this isn’t true, right? Cybersecurity risk cannot be eliminated. It can only be managed. However, judging by the enormous sums of money companies waste attempting to achieve impenetrability, it seems this myth has life in it yet.

The problem is at the top: Senior executives and Board of Directors don’t understand the nature of cyber security. They think if they throw enough money at the problem, it will go away. But we know that’s not the case. Senior executives and Board of Directors must be educated on the inevitable nature of a cyberattack and how that risk is managed.

Read More….

advertisement:

View full post on National Cyber Security Ventures

QuBit 2018 Cybersecurity Conference

Source: National Cyber Security News

General Cybersecurity Conference

 April 18 – 19, 2018 | Prague, Czech Republic

Cybersecurity Conference Description

QuBit Cybersecurity Conference strives to bring the latest information to the cyber community of Central Europe from the western world closer and to help spread the word that security matters as Internet and IT tools are now accessible to more than 2 billion people worldwide. QuBit creates a unique way to meet the best and the brightest minds in the information security fields across multiple industries, and all carrier levels.

Read More….

advertisement:

View full post on National Cyber Security Ventures

Cybersecurity #Hype: Is the #Industry #Delivering on its #Promise?

Source: National Cyber Security News

Every week we see more headlines in the press about new cyber-attacks and security vulnerabilities affecting millions of consumers and businesses around the world.

Massive data protection scandals such as Equifax – where 143 million individuals’ personal data were exposed in a hack that could have been prevented by a simple patch – now seem to happen on a worryingly regular basis.

Meanwhile, the cybersecurity industry seems to be sitting pretty, with business revenues in the sector growing by an estimated 11% every year. A recent report from Cybersecurity Ventures forecast that global spending on cybersecurity is expected to exceed $1 trillion between 2017 and 2021. Given the ongoing list of high-profile security breaches, is the cybersecurity industry really offering its customers value for money?

The statistics would suggest that it is not. The number of businesses falling victim to attacks rose by 21% in the US last year, and doubled in the UK in the past two years. Figures show that there were 918 data breaches compromising 1.9 billion data records in the first six months of 2017, up 164% compared to 2016.

A primary cause is the rise in mobile and smart device usage within companies, with network perimeters becoming edgeless.

Read More….

advertisement:

View full post on National Cyber Security Ventures

Cybersecurity #Plagued by #Insufficient Data: White #House

Source: National Cyber Security News

Cyberattacks cost the United States between $57 billion and $109 billion in 2016, a White House report said Friday, warning of a “spillover” effect for the broader economy if the situation worsens.

A report by the White House Council of Economic Advisers sought to quantify what it called “malicious cyber activity directed at private and public entities” including denial of service attacks, data breaches and theft of intellectual property, and sensitive financial and strategic information.

It warned of malicious activity by “nation-states” and specifically cited Russia, China, Iran, and North Korea.

The report noted particular concern over attacks on so-called critical infrastructure, such as highways, power grids, communications systems, dams, and food production facilities which could lead to important spillover impacts beyond the target victims.

“If a firm owns a critical infrastructure asset, an attack against this firm could cause major disruption throughout the economy,” the report said.

It added that concerns were high around cyberattacks against the financial and energy sectors.

“These sectors are internally interconnected and interdependent with other sectors as well as robustly connected to the internet, and are thus at a highest risk for a devastating cyberattack that would ripple through the entire economy,” it said.

Read More….

advertisement:

View full post on National Cyber Security Ventures

Democrats #Seek $1 #Billion To #Boost #Cybersecurity For U.S. #Elections

Source: National Cyber Security News

Congressional Democrats introduced legislation on Wednesday that would provide more than $1 billion to boost cybersecurity of U.S. voting systems, and Vice President Mike Pence defended the administration’s efforts to protect polls from hackers.

The measure followed warnings on Tuesday from U.S. intelligence officials that midterm races in November are likely to see renewed meddling from Russia and possibly other foreign adversaries.

“We cannot let the Russians laugh about and take joy in the success they had in the last election,” Nancy Pelosi, the Democratic leader in the House of Representatives, told a news conference. “Their goal is to undermine democracy.”

Lawmakers have introduced several bills, some with bipartisan support, to bolster election security since the 2016 polls in which Republican Donald Trump was elected president. None have become law.

The new bill is the most comprehensive to date and is aimed at bolstering protection for the midterms and subsequent elections. It has no Republican co-sponsors in the House, which the party controls, and is therefore unlikely to succeed.

Pence, speaking at an event hosted by the online news site Axios, said Americans could trust the 2016 election results and that it was an “ongoing effort” of Trump’s administration to protect election infrastructure.

Read More….

advertisement:

View full post on National Cyber Security Ventures

NATO #Vows to #Develop #Cybersecurity #Infrastructure

Source: National Cyber Security News

NATO Secretary General Jens Stoltenberg said Wednesday at a news conference in Brussels that NATO member states expressed their readiness to modernize the Alliance’s command structure.

“We will establish a new joint force command for the Atlantic, to help protect sea lines of communication between North America and Europe,” Stoltenberg told reporters following the first ministerial session of the current North Atlantic Council. “We will establish a new support command for logistics, reinforcement and military mobility — improving the movement of troops and equipment is essential to our collective deterrence and defense.”

However, NATO Secretary General did not specify the particular timeline of the pending modernization.

advertisement:

“We have not made any final decisions on where to locate new land component commands … but we have decided that we need some more new land component commands. I know that several nations have put forward proposals that they are ready to host new land component commands,” Stoltenberg said.
The Secretary General pointed out that the decision on the location of the new commands would be made during the defense ministers’ meeting in June.

“What we decide today is the structure, then we will as we move toward the meeting of defense ministers in June to decide the geographical footprint, where to locate the new commands and also the exact manning level in the new command,” Stoltenberg added.

Read More….

View full post on National Cyber Security Ventures

Four #Proactive #Tips to Improve #Cybersecurity for Small #Businesses

Source: National Cyber Security News

Although the media headlines often highlight major data breaches of large corporations and government agencies, the majority of businesses being hacked are small businesses. Why is this the case? Most small businesses do not have layers of security in place to protect them so attackers consider them low-hanging fruit. According to Verizon’s 2017 Data Breach Investigations Report, 61 percent of data breaches in 2016 affected small businesses. As many of you are aware, the title industry is in the attackers’ direct line of fire. The good news is that effective IT security is not beyond reach. Here are a few cybersecurity tips that can benefit your business.

Network Security

Implementing a network firewall with intrusion detection and prevention capabilities (IDS/IPS) is crucial. A firewall protects your network from malicious traffic and an IDS/IPS system properly monitored can stop a attackers in their tracks. Unmanaged systems do not provide adequate security.

Attackers are working around the clock and so should your security. Performing regular network vulnerability testing, internally and externally, can identify risks and give you the opportunity to remediate before being hacked. Many of the common vulnerabilities that this process could identify include legacy or otherwise unsupported operating systems, poor patch management and exposed systems.

Read More….

advertisement:

View full post on National Cyber Security Ventures