Don’t

now browsing by tag

 
 

THE #CEO AND #CTO DON’T SEE #EYE TO #EYE ON #CYBERSECURITY

A new report from the tech firm Centrify makes the case that there’s a bit of a tug of war going on in the C-suite about who has the most say over cybersecurity issues. That, and the differences between the two executives, could create security issues down the road.
Cybersecurity is a tough issue to get right in any organization—and it can be tougher when the CEO isn’t on the same page with the technical staff.

That’s the key point of a recent report by the online security firm Centrify and WSJ Custom Studios, a noneditorial arm of the Wall Street Journal. The report, titled CEO Disconnect is Weakening Cybersecurity, breaks down the issues on the communication front between technical execs and the person at the top of the C-suite.

Case in point: Per the report [PDF], nearly two-thirds of CEOs (62 percent) see malware as the biggest cybersecurity threat facing the organization. However, technical officers (TOs) are more likely to see identity breaches as an issue (42 percent), compared with 35 percent citing malware as a problem.

And the disconnect also comes down to accountability—81 percent of CEOs say they’re the ones responsible for security strategies, while 78 percent of technical officers say they are.

Read More….

advertisement:

The post THE #CEO AND #CTO DON’T SEE #EYE TO #EYE ON #CYBERSECURITY appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Cybersecurity #pros don’t feel #equipped to stop #insider #attacks

Source: National Cyber Security News

Based on interviews with nearly 1,500 cybersecurity professionals over three years, Haystax Technology released a study that makes it clear that organizations are feeling the pressure from insider threats and are ramping up detection, prevention and remediation.

“One consistent message we heard in all of these interviews was that cybersecurity professionals don’t feel equipped to stop insider attacks, despite an increase in funding for things like better controls and training,” said Haystax CEO Bryan Ware. “I’m not surprised that so many are now using analytics, as they need actionable intelligence to proactively identify and defend against threats from both malicious insiders and negligent users.”

Key findings
In 2017, 90 percent of organizations reported feeling vulnerable to insider attacks, up from 64 percent in 2015. Haystax predicts 99 percent of organizations will feel vulnerable this year as they struggle with excessive access privileges and an increasing number of devices with access to sensitive data.
Privileged users were cited as the biggest insider threat concern for 55 percent of organizations in 2017. Haystax predicts that 2018 will be the year when regular employees surpass trusted insiders as the greater risk.
Just 19 percent of organizations deployed user behavior analytics (UBA) solutions in 2016 to proactively monitor employee populations, a figure that jumped to nearly 30 percent last year.

Read More….

advertisement:

View full post on National Cyber Security Ventures

Cybersecurity Attacks Don’t Go Away, They Morph

Source: National Cyber Security News

The second day of Mobile World Congress kicked off with talks on three emerging technology areas: 5G, next-gen cybersecurity, and what it means to stay agile and innovative in a rapidly changing world

On stage here, McAfee CEO Christopher Young walked up to an Amazon Echo speaker to debut the McAfee Secure Home Platform Skill with a simple command: “Alexa, launch McAfee.”

The connected device ecosystem has surpassed the world’s population as hard-to-secure devices like smart refrigerators, televisions, and lightbulbs proliferate within the home, Young said. He ran down a greatest hits of recent exploits—from WannaCry and the Mirai botnet to Meltdown and Spectre—and argued that these threats will never truly go away.

“Attacks are increasing in complexity and scale. No attack ever goes away, instead it morphs and evolves over time. WannaCry looked like a ransomware attack, but it was also a worm taking advantage of a specific exploit that drove chaos across the public and private sectors and was eventually attributed to a nation-state,” said Young. “We’ve also already started to see connected devices weaponized out in the ecosystem. 2016 saw Mirai, the largest DDoS attack ever levied against [DNS provider] Dyn. That same botnet is alive and well today, and attacking a new device right now every six minutes, adding to its botnet armies.

Read More….

advertisement:

View full post on National Cyber Security Ventures

Don’t #extend the #SAFETY Act to #cyber #incidents

Source: National Cyber Security News

Hardly a week goes by without a new revelation about some insidious hacking attempt or other cybersecurity incident. This drumbeat of frightful headlines, along with pressure from companies and constituents, rightfully has lawmakers rattled and looking for new ways to address our burgeoning cybersecurity crisis.

Last week, Sen. Steve Daines, R-Mont., became the latest to suggest that “cyber incidents” should qualify for coverage under the Support Anti-Terrorism by Fostering Effective Technologies (SAFETY) Act, a series of liability protections used to spur the growth of anti-terrorism technologies. However, the market for cybersecurity technologies is already too robust for this kind of market intervention to do anything but stifle the very innovation that it seeks to accelerate.

The SAFETY Act passed in the wake of 9/11 to assuage the fear that companies would not invest in beneficial anti-terrorism products and services because of liability concerns. The law allows entities to have anti-terrorism related technologies and procedures sent to the Department of Homeland Security (DHS) for evaluation. Those meeting certain standards are either “designated” or “certified” under the SAFETY Act for five years and given special liability protections if the DHS secretary designates an otherwise liability inducing event as an “act of terrorism.

Read More….

advertisement:

View full post on National Cyber Security Ventures

Understand #cyber security, don’t fear it, says #NCSC head

Source: National Cyber Security – Produced By Gregory Evans

Understand #cyber security, don’t fear it, says #NCSC head

The head of the UK’s National Cyber Security Centre (NCSC) has urged organisations to ensure they understand cyber risks, as a survey reveals mid-sized firms have inadequate cyber protection

The head of the UK’s National Cyber Security Centre (NCSC) has urged organisations to ensure they understand cyber risks, as a survey reveals mid-sized firms have inadequate cyber protection

The most important thing leaders of organisations can do is to stop being afraid of the problem and try to understand it, according to Ciaran Martin, chief executive of the NCSC.

“For too long, cyber security has been shrouded in mystique and fear – that’s not helpful,” he said in the annual KPMG lecture, hosted by Queen’s Management School and the Chief Executives’ Club at Queen’s University Belfast.

“Attacks are about return on investment, and cyber defence is about risk management and harm reduction,” said Martin.

“When you put it like that, it doesn’t seem so completely daunting. There’s plenty we can do to manage the risk. So simplify, simplify, simplify. Understand the risks and take action that you understand to manage them,” he said.

Digital attacks are a real risk to economic wellbeing in Northern Ireland and its citizens, warned Martin, because they can cause widespread disruption to individuals, companies and public services.

“There’s some great work going on around Northern Ireland, for example at Queen’s, and we need strong partners across the whole of Northern Ireland society to combat the threat. That’s the way to make Northern Ireland one of the safest places to live and do business online,” he said.

Facing the challenge

Given that cyber attack is about return on investment (ROI) for the attacker and risk management for the defender, Martin said the NCSC’s job as the national authority for cyber security is to do what it can to help take away as much of the harm from as many of the people as often as possible.

“Doing that isn’t as glamorous as Hollywood makes out. Instead, it’s about a relentless focus on getting these basic defences right,” he said, adding that defences have to be useable by people.

“By focusing not just on technology, but also on behaviours and economic incentives, the government can help create the right framework where that improvement in basic cyber security can take place.

“Success is possible. We are not claiming that we’ve cracked the problem. I’ve already said that we expect serious attacks with significant public impact, but that doesn’t mean we can’t make progress.

“In the 12 months to September of this year, we saw a 47% increase globally in detected phishing attacks. But the UK’s share of those attacks fell from 5.1% to 3.3%,” he said.

By breaking the problem down into manageable chunks, and looking objectively at what is and is not working, Martin said some improvements can be achieved.

“Please don’t let anyone tell you that the problem is unfixable, or that the right skills can’t be developed. Skills are indeed a very significant challenge, but there is no reason at all we should see it as an insurmountable one,” he said.

“My final message to you as chief executives is that the most important thing you can do is not to be afraid of the problem. Work out what you care about protecting the most, treat it as you would any major corporate, and engage with us and with other partners to work out what the best protections are for you. Cyber security is a team sport and we should be optimistic about our ability to make a real difference.”

John Hansen, partner in charge, KPMG in Northern Ireland, said KPMG’s recent CEO outlook report revealed that cyber security is a key issue for business leaders in Northern Ireland.

“CEOs are moving beyond a generic view of cyber risk and are taking steps to become more cyber resilient by developing risk, resilience and mitigation plans in the parts of their business that could be most seriously affected,” he said.

Nola Hewitt-Dundas, head of Queen’s Management School, said: “Cyber security threats are fast becoming a major global and national issue for all organisations and businesses.

“This annual lecture series is one way that the Management School is working in partnership with KPMG to equip businesses to respond to serious technological challenges,” she said.

Seek out dedicated teams to fight cyber crime

According to a recent survey by UK-based IT managed services provider (MSP) CORETX, mid-sized companies in the UK are not adequately protecting themselves from cyber security threats.

The survey revealed this is not due to lack of investment in technology, but through a lack of the dedicated, skilled resource needed to make the most of those tools.

The survey of 100 IT decision makers shows that 72% have implemented a security and information event management (Siem) system, which combines data sources and presents security-related information in an accessible form. Organisations also regularly refresh other security systems, such as firewalls, which 83% of respondents had replaced with more modern technology in the past three years.

However, only 4% had staff dedicated to monitoring, analysing and reporting security information created by a Siem or other sources, and only 6% had staff dedicated to acting on security reports.

With day-to-day security management falling to multi-tasking, generalist IT resources, the survey report said it is not surprising that just 19% of organisations monitor all IT logs that might contain security information. When potential threats are identified, only 13% of organisations are communicating the intelligence to someone able to deal with it.

“Many organisations must be spending a lot of money on the latest technology and then failing to recruit the people they need to use it,” said Merlin Gillespie, group strategy director at CORETX.

“Analysing live data feeds to identify cyber attacks is something general IT staff are unlikely to be appropriately skilled for. It’s also a relentless task. There’s a lot of data to analyse and cyber criminals don’t respect nine-to-five working patterns. Non-specialists may struggle to be consistently effective at the level required, which seems to be born out in our survey results,” he said.

Three-quarters of survey respondents said their organisations had recently fallen victim to a cyber attack, with 40% occurring in the past year.

“It’s clear that many organisations’ security practices leave very large gaps in their protection,” said Gillespie.

“In our view, creating actionable intelligence on the threats organisations faces can only be handled by a dedicated team. A business can either recruit and support that function in house or outsource it, engaging a service provider that specialises in security. Whatever option is taken, the result can only be significantly more credible protection,” he said.

 

The post Understand #cyber security, don’t fear it, says #NCSC head appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

FIREWALLS DON’T STOP HACKERS. AI MIGHT.

Source: National Cyber Security – Produced By Gregory Evans

The cybersecurity industry has always had a fortress mentality: Firewall the perimeter! Harden the system! But that mindset has failed—miserably, as each new headline-generating hack reminds us. Even if you do patch all your software, the way Equifax didn’t, or you randomize all your passwords, the way most of us…

The post FIREWALLS DON’T STOP HACKERS. AI MIGHT. appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

The Racists of OkCupid Don’t Usually Carry Tiki Torches

To Purchase This Product/Services, Go To The Store Link Above Or Go To http://www.become007.com/store/ In the heat of the violence of this month’s white-supremacist gathering in Charlottesville, Virginia, neo-Nazi website the Daily Stormer published a promise to the men carrying tiki torches while chanting Nazi catchphrases. After the marches, the…

The post The Racists of OkCupid Don’t Usually Carry Tiki Torches appeared first on Become007.com.

View full post on Become007.com

Elaborate computer passwords don’t keep hackers away; Guideline creator says

Source: National Cyber Security – Produced By Gregory Evans

Think your password is safe with all those special characters and symbols? You might want to think again. The man responsible for creating password security guidelines has gone back on his word. We do it all day every day; logging onto our computers, emails, apps, racking our brains to remember…

The post Elaborate computer passwords don’t keep hackers away; Guideline creator says appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Parents just don’t understand: Why kids love LaVar Ball

To Purchase This Product/Services, Go To The Store Link Above Or Go To http://www.become007.com/store/ LAS VEGAS — After Big Baller Brand’s 111-102 win over Play Hard Play Smart on Thursday afternoon at the Adidas Uprising Summer Championships ended, a brood of teens and tykes flooded a back hallway and waited…

The post Parents just don’t understand: Why kids love LaVar Ball appeared first on Become007.com.

View full post on Become007.com

I don’t understand the whole dating thing. I know ……….

To Purchase This Product/Services, Go To The Store Link Above Or Go To http://www.become007.com/store/ I don’t understand the whole dating thing. I know right off the bat if I’m interested in someone, and I don’t want them to waste their money on me and take me out to eat if…

The post I don’t understand the whole dating thing. I know ………. appeared first on Become007.com.

View full post on Become007.com