Shaun Waterman – Page 17 – WindowsTechs.com

Insurance industry increasingly anxious about its own cyber risks

Posted on June 5, 2017 by Shaun Waterman

Insurance companies are worried more than ever about cybersecurity, which is rated one of the top three risks the global industry faces for the first time in a recent survey. Insurance Banana Skins 2017, published last week by London-based think tank the Centre for the Study of Financial Innovation, is the sixth biennial survey of its kind, conducted with support from professional services firm PwC. The survey, of 836 insurance practitioners and observers in 52 countries, found growing levels of anxiety in the industry. Globally, the top 10 risks were rated as follows (with the rating from the last survey in 2015 in brackets): Change management (6) Cyber risk (4) Technology (-) Interest rates (3) Investment performance (5) Regulation (1) Macro-economy (2) Competition (-) Human talent (15) Guaranteed products (7) “The three highest risks form a cluster around the theme of technological change and industry response,” reads the survey report. “The top […]

The post Insurance industry increasingly anxious about its own cyber risks appeared first on Cyberscoop.

Continue reading Insurance industry increasingly anxious about its own cyber risks→

Trump budget would decimate DHS’s scientific research arm

Posted on June 2, 2017 by Shaun Waterman

The Trump administration’s budget plan calls for large, painful cuts to the Department of Homeland Security’s scientific research and development programs, $144 million in all, which critics charge will decimate DHS efforts to develop tomorrow’s cybersecurity technologies. Although the fiscal 2018 plans have yet to be approved by Congress, DHS is moving ahead, making preparations to close three of its national laboratories and defund half-a-dozen centers of excellence it has supported at universities around the country. Officials are also moving to shutter a number of other cybersecurity programs including the much-touted Transition To Practice, or TTP, program — which helps get cybersecurity technology developed in the national labs or at universities out into the commercial marketplace through training, partnership and funding. DHS’s Science and Technology Directorate would be allocated $627 million in the budget for fiscal 2018, which starts Oct. 1, compared to the $771 million it actually got this year — a proposed cut of more than 18 […]

The post Trump budget would decimate DHS’s scientific research arm appeared first on Cyberscoop.

Continue reading Trump budget would decimate DHS’s scientific research arm→

Only half of U.S. firms have cyber insurance, fewer than in U.K., Canada

Posted on June 1, 2017 by Shaun Waterman

About half of U.S. businesses say they don’t have cyber risk insurance, compared to fewer than a third in the U.K. and Canada, and the health care sector is lagging the worst, according to a recent survey. The data, released by credit-scoring and data analytics giant FICO and market researchers Ovum, comes from a telephone survey of IT and security executives from a broad range of companies in the financial services, media, e-commerce and retail, telecommunications and health care sectors in North America and northwestern Europe. The 350 companies ranged in size from fewer than 1,000 employees (30 percent) to over 10,000 (25 percent) with nearly half of them (45 percent) somewhere in between. Half of U.S. businesses report having cyber insurance, although only about a third of those (16 percent of the whole sample) are confident that it covers all their risks. Just under a quarter more (23 percent) reported plans to buy insurance […]

The post Only half of U.S. firms have cyber insurance, fewer than in U.K., Canada appeared first on Cyberscoop.

Continue reading Only half of U.S. firms have cyber insurance, fewer than in U.K., Canada→

Google turns to machine learning for additional email security

Posted on May 31, 2017 by Shaun Waterman

Suspicious Gmail messages to corporate users of the cloud email system will be delayed for up to four minutes while the message content is scanned and links in it are checked for malware by new machine learning software, Google said Wednesday. In a blog post, Andy Wen, the company’s senior product manager for counter-abuse technology, unveiled several new security features for G Suite, Google’s collection of email and other cloud tools for enterprises. The features are designed to protect users from unwanted commercial spam and phishing emails designed to trick users into entering passwords, clicking malicious links or downloading booby-trapped attachments. Early phishing detection, Wen wrote, is “a dedicated machine learning model that selectively delays messages (less than 0.05 percent of messages on average) to perform rigorous phishing analysis and further protect user data from compromise.” “Gmail’s security experts have developed a new algorithm that flags and delays potentially suspicious messages,” explains a more technical […]

The post Google turns to machine learning for additional email security appeared first on Cyberscoop.

Continue reading Google turns to machine learning for additional email security→

Cybercrooks tried to steal these identities in just nine minutes

Posted on May 31, 2017 by Shaun Waterman

Cybercriminals took just nine minutes to start trying to rob a set of 100 synthetic “victims” whose fake personal information was posted online in an experiment by Federal Trade Commission officials over the past few weeks. The speed of exploitation efforts might be linked to the fact that this posting — one of two dumps of the same fake data officials made in an effort to better understand how the exploitation of online accounts happens in real life — was noticed by a Twitter bot geared toward tracking any new data possibly useful for identity theft. At the agency’s workshop on identity theft last week, officials unveiled their bold experiment: In late April and early May they posted online a database of 100 fake but believable identities and watched what cybercriminals tried to do with them. “This wasn’t a typical data dump of sensitive information,” announced Dan Salsburg of the FTC’s Office of Technology Research […]

The post Cybercrooks tried to steal these identities in just nine minutes appeared first on Cyberscoop.

Continue reading Cybercrooks tried to steal these identities in just nine minutes→

DHS wants help to identify, attribute major web outages

Posted on May 30, 2017 by Shaun Waterman

The Department of Homeland Security wants help identifying, attributing and combatting major internet outages and disruptions — and it will pay. Last week, at an industry day and in solicitation documents posted online, the department’s Science and Technology Directorate invited research proposals under its “Predict, Assess Risk, Identify (and Mitigate) Disruptive Internet-scale Network Events,” or PARIDINE. These large-scale internet outages or slowdowns can have many causes, explained PARIDINE program manager Ann Cox — from natural disasters like hurricanes or tsunamis, to accidents that can knock out physical infrastructure, through geo-political events like a country trying to cut itself off from the internet, to the mass-scale re-routing of internet traffic. Large-scale re-routing incidents can happen by accident; but they can also be caused by malicious actors using a technique called border gateway protocol, or BGP, hijacking. On Twitter, security analyst Richard Bejtlich called BGP hijacking, “Probably[the] biggest Internet weakness hardly any[one] knows/cares about.” […]

The post DHS wants help to identify, attribute major web outages appeared first on Cyberscoop.

Continue reading DHS wants help to identify, attribute major web outages→

Whoops! Iger says Disney wasn’t hacked after all

Posted on May 26, 2017 by Shaun Waterman

Contrary to multiple news reports last week, Disney wasn’t hacked, but was the victim of a simple extortion attempt by con artists, company President Bob Iger said. “To our knowledge we were not hacked,” Iger told Yahoo Finance in a TV interview, saying he wanted to correct a story that had been “reported erroneously by many entities.” After Iger mentioned the extortion attempt — from people claiming to have a hacked copy of a unreleased Disney blockbuster — at a May 22 town hall in New York for staff from Disney subsidiary ABC, the Hollywood Reporter ran a story under the headline: “Disney Chief Bob Iger Says Hackers Claim to Have Stolen Upcoming Movie.” Multiple news outlets, including CyberScoop, picked up the story, some identifying the movie as the latest installment of the “Pirates of the Caribbean” franchise, due out on May 26. But in reality, insisted Iger, “We had a threat of a […]

The post Whoops! Iger says Disney wasn’t hacked after all appeared first on Cyberscoop.

Continue reading Whoops! Iger says Disney wasn’t hacked after all→

Sizing up risk management: Accountants issue guide for cyber audits

Posted on May 26, 2017 by Shaun Waterman

The largest professional organizations for qualified accountants issued guidance to its members this week about how to audit management claims about a company’s cybersecurity. The new guide, Reporting on an Entity’s Cybersecurity Risk Management Program and Controls, is part of the voluntary cybersecurity risk management reporting framework the American Institute of Certified Professional Accountants is producing this year. “Our intent is to establish a common, underlying language for cybersecurity risk management reporting — almost akin to U.S. [Generally Accepted Accounting Principles or] GAAP … for financial reporting,” AICPA says in a factsheet about its framework. Two other elements were published last month: Description criteria – A list of categories of information that management have to provide about their cybersecurity risk management program, in a consistent manner. Control criteria – The measures a CPA should use “to evaluate and report on the effectiveness of the controls within a client’s [cybersecurity] program.” Alongside the two sets of criteria, the […]

The post Sizing up risk management: Accountants issue guide for cyber audits appeared first on Cyberscoop.

Continue reading Sizing up risk management: Accountants issue guide for cyber audits→

New report warns of connected-car security dangers

Posted on May 25, 2017 by Shaun Waterman

Securing the connected, smart and increasingly autonomous cars of tomorrow against hackers and criminals will only get harder as the computerized and constantly communicating ecosystem for connected vehicles expands to take in smart road infrastructure, smart homes and smart cities. That’s the warning in “Observations and Recommendations on Connected Vehicle Security,” a new paper from the Cloud Security Alliance, a tech-focused industry group that studies security issues and promulgates best practices. The authors were lead by Brian Russell, who is the chairman of CSA’s Internet of Things Working Group and the chief engineer for cybersecurity solutions at Leidos. They note that a connected vehicle’s attack surface only gets larger as automakers add more navigation, engine-control and entertainment systems inside the car, and society adds more smart devices and connected infrastructure outside of it. “Within a system-of-systems such as the CV ecosystem, there are many points of interconnectedness. A compromise of any one of these points potentially offers attackers the […]

The post New report warns of connected-car security dangers appeared first on Cyberscoop.

Continue reading New report warns of connected-car security dangers→

Bill reforming NSA hacking policy has skeptics in White House

Posted on May 24, 2017 by Shaun Waterman

The Trump administration has concerns about a proposed reform of the policy process the U.S. government uses when deciding how to handle newly discovered software vulnerabilities known as zero days, White House Cybersecurity Coordinator Rob Joyce told a meeting of tech leaders in Boston this week. The vulnerability equities process, or VEP, is how government officials decide whether to disclose such flaws to the software manufacturer, so they can be patched and all users made safe; or to secretly keep it and use it to spy on U.S. adversaries. Former officials said the process needs overhauling and lawmakers dropped a bill to codify it — the Protecting our Ability To Counter Hacking, or PATCH, Act. The bill would codify the VEP into law, establishing a review board that would publish guidelines explaining the basis for its decisions. Joyce, addressing the launch of CyberMA, a Massachusetts affiliate of the national CyberUSA initiative on Monday, said Trump administration officials were engaging with […]

The post Bill reforming NSA hacking policy has skeptics in White House appeared first on Cyberscoop.

Continue reading Bill reforming NSA hacking policy has skeptics in White House→