ICD Brief 12.
03.10.2016. – 09.10.2016.
“The U.S. government for the first time on Friday formally accused Russia of a campaign of cyber attacks against Democratic Party organizations ahead of the Nov. 8 presidential election. “We believe, based on the scope and sensitivity of these efforts, that only Russia’s senior-most officials could have authorized these activities,” a U.S. government statement said on Friday about hacking of political groups.”
“The Homeland Security Department is pushing hard toward its legislative mandate to install the EINSTEIN 3A cyber tools in every major agency by mid-December. [ICD emphasis]At the same time, DHS also is thinking about the future of the cybersecurity tool by developing a new cyber risk scoring system. Phyllis Schneck, the deputy undersecretary for cybersecurity and communications in the National Protection and Programs Directorate, said DHS is piloting analytics as part of a cyber immune system.”
“Using data that we can purchase from the private sector, and we do, and also using data that we uniquely see across the federal government with help of our privacy and civil liberty experts only the data that is needed for this, only the data the that we are lawfully allowed to have and only data that’s across the federal civilian government—plus data the private sector sees protecting their hundreds of millions of customers every day, we’re able to come up with a crowdsourced cyber risk score of, for example, different machine addresses or, in the future, different domains, and assess the severity.”
“The FBI has arrested a National Security Agency contractor on charges of stealing highly classified information and is investigating possible links to a recent leak of secret hacking tools used to break into the computers of adversaries such as Russia and China, U.S. officials said on Wednesday. Harold Thomas Martin, 51, was taken into custody in Maryland in August, according to a criminal complaint.”
October is National Cyber Security Awareness Month which is an annual campaign to raise awareness about cybersecurity. NCSAM 2016 Weekly Themes
- Week 1: October 3-7, 2016 – Every Day Steps Towards Online Safety with Stop.Think.Connect.™
- Week 2: October 10-14, 2016 – Cyber from the Break Room to the Board Room
- Week 3: October 17-21, 2016 – Recognizing and Combating Cybercrime
- Week 4: October 24-28, 2016 – Our Continuously Connected Lives: What’s Your ‘App’-titude?
- Week 5: October 31, 2016 –Building Resilience in Critical Infrastructure
Please visit the NCSAM Resources page to find the 2016 NCSAM One Pager with information about the weekly themes.
“A government directive ordering Yahoo to scan customer emails was issued by the Foreign Intelligence Surveillance Court, requesting the company essentially sift through incoming email streams for a digital signature associated with a known terror organization, a federal law enforcement official said Wednesday.”
“The UK’s new National Cyber Security Centre (NCSC) officially opens for business today as a public-facing part of GCHQ that acts as a focal point for the government to deliver authoritative advice on tackling cyber-security issues.
“Its remit is to ensure the online safety of the general public, both public and private sector organisations as well as the UK’s critical national infrastructure. Objectives include raising awareness of government intent; undertake genuine dialogue that shapes service delivery; demonstrate serious commitment to listen; and develop sustainable engagement channels to provide structured consultation with the private sector.”
“One of its first tasks is to work with the Bank of England to produce advice for the financial sector to manage cyber-security effectively.”
“U.K. consumers put their money where the security is as a recent study found 36 percent of them are more reluctant to use apps out of security concerns and their actions have cost the U.K. economy nearly $2.8 billion this year alone. A recent study conducted by Rackspace found that 33 percent stated that privacy concerns were a huge issue and 26 percent said a failure in the app prevented them from doing something important, according to ITProPortal.”
“Research by Alert Online goes to show the majority of Dutch Internet users are not prepared for future cyber attacks. In fact, the community knows far too little about the dangers lurking around every corner. Nor do they know how to sufficiently protect their devices and systems against ransomware, malware, and phishing attempts.”
“The challenges facing central and eastern Europe (CEE) in securing cyberspace will be familiar to cyber-security specialists from around the world, but because of its unique history and proximity to Russia, it faces a number of individual challenges as well, challenges that leaders are addressing through the creation of regional cooperation groups.
“International cooperation, even within the context of the European Union, is never easy but is vital in the fight against cyber-crime, CYBERSEC 2016 heard’
“What are the [two key] ingredients for successful cooperation between public and private entities in cyber capacity building? That was the main question posed to a panel of GFCE [Global Forum on Cyber Expertise] members, the GFCE Secretariat and other participants during the CyberSec 2016 Conference in Krakow..”
“Germans are really confident they can handle negligent employees, malicious insiders and malicious outsiders – much more than their counterparts in the UK, US, France. This is according to a new report by Varonis Systems. The report, entitled “Differences in Security Practices and Vigilance Across UK, France, Germany and US, polled a total of 3,027 IT professionals and end-user employees from these countries about cybersecurity, and here’s what says:…”
“India and Russia will likely sign a cyber-security pact during Russian President Vladimir Putin’s trip to Goa next week, cementing joint efforts to curb terror-related activities in the region. Officials of both countries said a pact in this regard is expected to be announced at the Indo-Russian annual summit in Goa on October 15. India had entered into a comprehensive cyber security relationship with the US, another permanent member of the UN Security Council, during the Commercial.”
“For the fourth year, the European Union (EU) declared October to be European Cyber Security Month (ECSM). ECSM is an EU advocacy campaign with events and activities in all member states designed to promote cybersecurity among citizens and generate specific awareness about information security.”
366 Activities across 29 Countries
United against Cyber Security Threats
“The EU is now in talks among its member states to adapt new rules on cyber security and surveillance exports to the Wassenaar Arrangement, a multilateral export system that governs “dual use” technologies whose sale abroad can have national security and human rights implications.”
“Insurance is ripe for disruption with investors rushing to fund insurtech ideas.
That is the verdict of a new Financial Times report, which points out that a host of backing is coming from traditional venture capitalists who view insurance as fertile territory.”
“There have been more investors in the past year than there have in previous years,” Matthew Wong of CB Insights, told the publication. “You are seeing investors that have entered the VC ecosystem that weren’t around a few years ago. There are also fintech-focused investors such as Nyca Partners.”
Organizations plan for success. They should also plan for worst case scenarios – especially in the case of a cyber attack or breach. For many organizations, preparedness means developing plans for disaster recovery and continuity of operations.
As the cyber threat landscape has evolved, incident response no longer is the sole responsibility of IT. Every organization is targeted by adversaries, and some compromise is inevitable. Data breaches or other incidents have an impact on more than just the information or technology infrastructure — they can impact the ability for a business to operate.
“Relentless cybersecurity warnings have given people “security fatigue” that stops them keeping themselves safe, suggests a study. Many ignored warnings they received, found the US National Institute of Standards and Technology (NIST). Others were worn out by software updates and by the number of passwords they had to remember, NIST found. This “risky behaviour” might make people more susceptible to attack, it warned.”