Bad press following a security breach hits companies hard. In fact, it can be so damaging that “two-thirds of companies would pay an average of $124k to avoid public shaming scandals,” according to a recent Bitdefender survey of 250 IT security professionals. What’s more, “some 14 percent would pay more than $500k.”
If you think that’s a high price to pay, consider this: 34 percent of companies were breached in the past 12 months, according to the report, and “74 percent of IT decision makers don’t know how the company was breached.”
Among the survey’s other notable findings is that while 64 percent of respondents said they think their current security budget is sufficient, they also admitted that “only 64 percent of cyberattacks can be stopped, detected or prevented with the current resources.”To read this article in full or to leave a comment, please click here(Insider Story)
SAN FRANCISCO – Alphabet chairman Eric Schmidt says artificial intelligence is key to advances in diverse areas such as healthcare and datacenter design and that security concerns related to it are somewhat misguided. (Alphabet is the parent company of Google).In a wide-ranging on-stage conversation here at the RSA Security conference with Gideon Lewis-Kraus, author of The Great A.I. Awakening, Schmidt shared his insights from decades of work related to AI (he studied AI as a PhD student 40 years ago) and why the technology seems to finally be hitting its stride.In fact, last year Google CEO Sundar Pichai said AI is what helps the search giant build better products over time. "We will move from a mobile-first to an AI-first world,” he said.To read this article in full or to leave a comment, please click here
Come to the RSA show, and you’ll find plenty of cybersecurity technology. The top vendors from across the industry are here, showing products for fighting ransomware, preventing data breaches and more.But even the best security software is useless if users and businesses aren’t taking the right steps to protect themselves. So we asked experts at the show for their best cybersecurity tips.Joe Stewart, director of malware research at Dell SecureWorks He advises everyone to set up two-factor authentication to protect their internet accounts, especially email. It can be particularly useful when stopping hackers who are trying to steal login passwords from users, whether through malware or email phishing schemes.To read this article in full or to leave a comment, please click here
At RSA 2017, CSO’s Steve Ragan chats with security expert Ira Winkler about where many security programs are failing within companies, as well as his concept of “advanced persistent security.”
More than 100 members of the Israel Defense Forces (IDF), the majority of them stationed around the Gaza strip, fell victim to a cyberespionage attack that used malicious Android applications to steal information from their mobile devices.The attack campaign started in July and continues to date, according to researchers from antivirus firm Kaspersky Lab, who cooperated in the investigation with the IDF Information Security Department.The Israeli soldiers were lured via Facebook Messenger and other social networks by hackers who posed as attractive women from various countries like Canada, Germany, and Switzerland. The victims were tricked into installing a malicious Android application, which then scanned the phone and downloaded another malicious app that masqueraded as an update for one of the already installed applications.To read this article in full or to leave a comment, please click here
Software Defined Networking vendor Versa this week added support for IPv6 to its SD-WAN and security packages.According to Kumar Mehta, founder and CDO of Versa Networks by supporting IPv4 and IPv6 for SD-WAN and SD-Security, customers will have the flexibility to design their WAN under IPv4 today and protect it from obsolescence as they switch over to IPv6 in the future.To read this article in full or to leave a comment, please click here
At RSA 2017, Derek Manky, Global Security Strategist at Fortinet, talks about the mission and goals of the Cyber Threat Alliance, which shares malware information between members to improve defenses in the cybersecurity space.
At RSA 2017, security expert Konstantin Karagiannis (CTO at BT North America) gives Network World an overview of blockchain security and how it could help shape the future of cybersecurity.
Microsoft has decided to bundle its February patches together with those scheduled for March, a move that at least some security experts disagree with."I was surprised to learn that Microsoft wants to postpone by a full month," said Carsten Eiram, the chief research officer at vulnerability intelligence firm Risk Based Security, via email. "Even without knowing all the details, I find such a decision very hard to justify. They are aware of vulnerabilities in their products and have developed fixes; those should always be made available to customers in a timely fashion."Microsoft took everyone by surprise on Tuesday when it announced that this month's patches had to be delayed because of a "last minute issue" that could have had an impact on customers. The company did not initially specify for how long the patches will be postponed, which likely threw a wrench in some systems administrators' patch deployment plans.To read this article in full or to leave a comment, please click here
A controversial provision in U.S. law that gives the National Security Agency broad authority to spy on people overseas expires at the end of the year, and six major tech trade groups are gearing up for a fight over an extension.Section 702 of the Foreign Intelligence Surveillance Act expires on Dec. 31, and Congress almost certain to extend it in some form. The tech trade groups, including BSA, the Consumer Technology Association, and the Computer and Communications Industry Association, are asking lawmakers to build in new privacy protections for internet users. "It is critical that Congress takes a balanced yet focused approach with respect to Section 702," the groups said in a letter sent to top lawmakers Wednesday. "We urge your committees to ensure that any reauthorization includes meaningful safeguards for internet users' privacy and civil liberties."To read this article in full or to leave a comment, please click here
IT managers are finding it difficult to keep their applications and data safe in the cloud, and many are slowing cloud adoption because of it.That was one of the findings of an Intel cloud security report that surveyed 2,000 IT professionals in different countries and industries last fall.The issue isn't with the cloud itself, since trust outnumbers distrust for public clouds by more than two to one, according to Intel's survey.IT professionals told Intel that shadow IT and a shortage of cybersecurity skills are causing the most problems.To read this article in full or to leave a comment, please click here
What happens if a bad actor turns off your heat in the middle of winter, then demands $1,000 to turn it back on? Or even holds a small city’s power for ransom? Those kinds of attacks to personal, corporate, and infrastructure technology were among the top concerns for security experts from the SANS Institute, who spoke Wednesday during the RSA conference in San Francisco.+ MORE FROM RSA: Hot products at RSA 2017 +Some of these threats target consumers directly, but even the ones that target corporations could eventually “filter down” to consumers, though the effects might not be felt for some time.To read this article in full or to leave a comment, please click here
New U.S. Attorney General Jeff Sessions may disagree about whether there is a shortage of skilled IT workers in America, as he has asserted at hearings over the past two years, but talk to most CISOs and they will confirm that when it comes to cybersecurity talent in particular, the skills shortage is very real.“There’s no doubt about it,” says John Masserini, CISO at equity derivatives marketMIAX Options in Princeton, N.J. “We’ve had two positions open for three months now,” a security operations center analyst and a security engineer position. The company’s location between two major metro areas – New York City and Philadelphia – makes the competition for cybersecurity talent especially tough, he says. Meanwhile, the firm’s security workload keeps growing. “I already know that by the end of this year I’m going to have a couple more openings,” he says.To read this article in full or to leave a comment, please click here(Insider Story)
Controlling BYODImage by PexelsFor years, organizations have turned to Mobile Device Management (MDM) solutions with the hope of wrapping their arms around BYOD. MDM is a technology that enables organizations to control every aspect of a mobile device, from permitted apps to outbound communications. But with that complete control comes the potential for abuse.To read this article in full or to leave a comment, please click here
Paying ransom to a cyber extortionist holding enterprise data hostage might seem like a poor idea in principle but sometimes it might the best, or even only, option for extricating your organization from a crisis.Seventy percent of businesses hit in ransomware attacks have paid to resolve the problem, half of them over $10,000 and 20 percent over $40,000, a recent IBM survey of 600 corporate executives showed. Nearly six in 10 indicated they would be willing to pay a ransom to recover data.If your organization happens to be among those willing to consider a ransom payment, it is a good idea to devise a strategy for negotiating with the attackers before the need for it actually arises.To read this article in full or to leave a comment, please click here(Insider Story)
Cymmetria founder and CEO Gadi Evron explains the complex world of cyber deception, and how the principles of information control are helping to secure our systems.
U.S. legislators have reintroduced bills that would place curbs on warrantless access by the government to electronically generated geolocation information of Americans, including on the use of cell-site simulators that can capture cellphone data.Bicameral legislation introduced Wednesday, called the Geolocation Privacy and Surveillance Act, aims to create clear rules for when law enforcement agencies can acquire an individual’s geolocation information, generated from electronic devices like smartphones, GPS units and Wi-Fi equipped laptops.To read this article in full or to leave a comment, please click here
Vendors at this week's RSA cybersecurity show in San Francisco are pushing artificial intelligence and machine learning as the new way to detect the latest threats, but RSA CTO Zulfikar Ramzan is giving visitors a reality check."I think it (the technology) moves the needle," he said on Wednesday. "The real open question to me is how much has that needle actually moved in practice?"It's not as much as vendors claim, Ramzan warned, but for customers it won't be easy cutting through the hype and marketing. The reality is that a lot of the technology now being pushed isn’t necessarily new.In particular, he was talking about machine learning, a subfield in A.I. that’s become a popular marketing term in cybersecurity. In practice, it essentially involves building algorithms to spot bad computer behavior from good.To read this article in full or to leave a comment, please click here
The internet of things needs to be regulated and soon before it becomes even more of a tool to facilitate cyberattacks, and that means coming up with civic-minded technologists to help formulate government policies, security expert Bruce Schneier told an RSA Conference 2017 audience.+More on Network World: RSA: Watch out for a new weapon - your own data | Hot products at RSA 2017 +The problem is governments lack the technological expertise to understand the mindset of the makers of IoT devices and the markets in which they are sold.To read this article in full or to leave a comment, please click here