ICD Brief 9.
12.09.2016. – 18.09.2016.
USA
Microsoft, Huawei Join in Cybersecurity Message
“Microsoft Corp. and Chinese technology giant Huawei Technologies Co. are feeling the heat from each other’s government. Chinese antitrust regulators are investigating Microsoft, and Huawei has been shut out of the U.S. telecommunications-equipment market over concerns it might be a front for cyberspying. Now the two have joined forces in a “buyers guide,” meant to allay fears that each new information-technology contract poses a cybersecurity threat.”
New York unveils sweeping cybersecurity regulations
Banks, insurance companies and other financial services companies that operate within the state of New York will soon be required to significantly increase their cybersecurity programs in an effort to further protect consumers’ personal and financial information. The new regulations, proposed this week by the office of New York Gov. Andrew Cuomo and the New York Department of Financial Services, would require companies that are regulated by the NYDFS to establish a cybersecurity program, adopt a cybersecurity policy, add a chief information security officer, and would require companies to additional levels of security when working with third-party service providers.
Feds Press Local Election Officials to Accept Cyber Help, But Decline to Identify Hackers
“The Obama administration isn’t ready to publicly attribute recent hacks against state election systems and the Democratic National Committee to Russia — nor to any particular group or country for that matter. But its top homeland security adviser said Wednesday that an official U.S. response may still be coming, and in the meantime, federal officials are keen to bolster public confidence in the U.S. election system, including through new efforts to help state and local election officials improve their cybersecurity posture.”
Enhanced Cyber Security for DoD Acquisition Projects
“The US Defense Department is doubling down on its effort to build cybersecurity into the acquisition cycle as a means of better protecting defense programs of the future. DoD is preparing guidance to be released in the next two months that will give program managers more detailed direction on systems security engineering.”
Cybersecurity Predictions for 2016: How Are They Doing?
“At the beginning of 2016, ZDNet’s sister site Tech Pro Research examined 244 cybersecurity predictions for 2016 from 38 organisations, and assigned them among 22 emergent categories (occasionally splitting a prediction among two or three categories). The results were as follows:”
Cyber-Attacks Now Costs Enterprises US $861K Per Security Incident
“On average, a single cyber-security incident now costs large businesses US $861,000 (£652,000). Meanwhile, small and medium businesses (SMBs) pay $86,500 (£65,500). A new study from Kaspersky Lab asked over 4000 representatives of small, medium and large businesses from 25 countries on their views on IT security and real incidents they dealt with.”
CIC Receives Grant to Expand Nation-Wide Cybersecurity Education and Training Efforts
“The Cyber Innovation Center (CIC), headquartered in Bossier City, Louisiana, received a $4 million continuation grant from the U.S. Department of Homeland Security (DHS) on September 1, 2016.” The fiscal year 2016 grant supports the continued, nation-wide expansion of the CIC’s cybersecurity education and training model, which was designed to empower K-12 educators across the country through a robust library of STEM (science, technology, engineering, and mathematics), cyber, and computer science curricula and classroom resources as well as dynamic professional development.
Israel
Israel Cyber Head: US-backed Cyber Norms Too Broad
“The head of the of the Israeli National Cyber Directorate on Tuesday criticized the State Department’s strategy for developing international cybersecurity norms, calling the plans overly broad. Secretary of State John Kerry last year listed a number of cybersecurity norms the department has pursued. They were meant to differentiate acceptable espionage from malicious actions.”
Israeli Cyber-Security Fir Claroty Exits ‘Stealth Mode’, Raises $32 Million
“Israeli cyber security start-up Claroty said on Tuesday it raised $32 million in funding and is exiting so-called stealth mode after operating in secret for the past two years. Claroty’s financial backers include Bessemer Venture Partners, Innovation Endeavors – run by Google chairman Eric Schmidt – Marker, ICV, Red Dot Capital Partners and Mitsui & Co.”
UK
U.K. Cybersecurity Chief Wants National Filter to Block “Bad Addresses”
“The head of Britain’s newly formed cybersecurity agency says authorities are exploring the creation of a national Internet filter to block malicious software and rogue websites, a proposal that has raised eyebrows among Internet freedom advocates. Ciaran Martin, the chief executive of Britain’s new National Cyber Security Center, told a conference in Washington that his agency was working on a flagship project which would block Britons from coming into contact with “known malware and bad addresses.”
Half of UK Students Want Data Security Training
“Half of all students in the UK have no security software installed on any of their devices, even though a quarter of teenagers are ‘almost constantly’ connected. New research from Intel Security shows that students do want to keep themselves and their data safe. If offered, 48 percent of students would attend university seminars on data security and how to protect themselves online.”
Company bosses have been accused of complacency after it was revealed that nine in 10 big businesses have suffered a significant cyber attack in the past five years, but less than half are concerned about suffering a future breach. The worrying findings come in a survey of chief executives and senior bosses at 346 European companies with a turnover of €250m or more, by the Lloyd’s of London insurance market
Watchdog Slams UK Government Cybersecurity
“Government spending watchdog the National Audit Office (NAO) has slammed the government’s approach to cybersecurity, brading it confused and chaotic. In the report, the NAO claimed that departments are struggling to adequately balance the need to keep data secure with the need to make certain information available via new digital services.”
India
Cyber crime police station on anvil
“BHUBANESWAR: The capital city could soon have a cyber police station to deal exclusively with cases of harassment of women. The police have sent a proposal to the Centre via the state government to set up a cyber police station for women under Nirbhaya scheme.”
Malaysia
Cyber crooks using ‘try your luck’ modus operandi
PETALING JAYA: It’s not just e-mails and invoices. Cyber crooks have also altered bills of lading, return forms, claim forms and declaration forms, Universiti Sains Malaysia criminologist and psychologist Dr Geshina Ayu Mat Saat said.
China
Yet More Changes Proposed to China Cyber and Data Security Laws
“China’s cybersecurity and data privacy frameworks are facing yet more significant changes, as in recent weeks the Chinese Government has announced two further initiatives. These are in addition to the significant legal developments that we highlighted in July 2016.”
EU
EU Group Canvas Aims to Put Ethics Back in Security
“A new EU-backed consortium created to help align cybersecurity with European ethics and values held its first meeting in Zurich this week. Canvas will bring academics, technologists, right groups and others together to discuss ways in which security can be developed without compromising fundamental values like autonomy, privacy and equality.”
Features
Australia’s Cybersecurity Skills Make It a Destination for ‘Cyber Tourism’
“Regional countries are looking to Australia for cybersecurity education and services, and not just because we have the skills, according to Clive Lines, deputy director of the Australian Signals Directorate (ASD) and coordinator of the Australian Cyber Security Centre (ACSC).”
Do You Know What Your Company’s Data Is Worth?
Harvard Business Review
“Accurately measuring enterprise value (EV) has never been more important or challenging. Even more so because firms are confronted by growing volumes of data, and the stakes implied in misinterpreting the value of that data have risen to new heights. Data is no longer the domain of tech companies or IT departments — it is fast becoming a centerpiece of corporate value creation more generally. Today most organizations are data-driven to one degree or another. Data contributes not only to brand equity, but to what constitutes product and service delivery in globally connected and hyper-competitive markets. Failure to accurately quantify the enterprise value of data (EvD) may therefore woefully undervalue the importance of cyber-security investments, as well as the face values typically applied to cyber insurance policies.”
Cyber security is not a concern of IT department, it’s a board issue
“It is patent that security and privacy should be a concern of top level executives. As the leader of a company, one ought to be aware of the defence strategies that are in place, and ensure that holistic approaches are taken towards ensuring security and the protection of investments. This top-down approach is crucial for success. The nature of cybercrime calls for an “all hands on deck” approach. It can no longer be left to Information Technology administrators, but requires the adoption of an integrated approach that includes legal, audit and risk, and other players in the organisation.”