Cyber ranges helping businesses to prepare for attack
An increasing number of so-called cyber ranges are being established across the U.S. that are intended to train cybersecurity professionals to deal with an attack. The simulators allow participants to experience a real-world cyberattack in a controlled environment, an exercise that helps tech workers spot holes in their firewalls, identify warning signs and strengthen data-security practices. Dr. Joe Adams, vice president of research and cybersecurity at Merit Networks and director of the Michigan Cyber Range, said: “The emphasis on these exercises is that they are a training event. You learn what you need to improve.” The most effective facilities create a simulation that participants forget is fake, said Caleb Barlow, the vice president of threat intelligence at IBM Security and the visionary behind X-Force Command, IBM’s Cyber Range. Every company is going to be hacked eventually, “it’s just a matter of when,” he added. “How you fare that day is going to be a derivative result of the practice and planning you put in place ahead of time.”
Less than two thirds of businesses have a cybersecurity expert
A survey of over 3,000 CIOs has revealed that 95% of technology leaders expect cybersecurity threats to grow, however just 65% have a cybersecurity expert on staff. Furthermore, the report states that skills shortages and the growing cyber talent gap are set to continue to inhibit global progress in digitalisation and innovation. As a result, Gartner recommends that Chief Information Security Officers (CISOs) take it upon themselves to diversify the skill sets of their security teams, enhancing their individual capabilities in order to reduce this growing skills gap. According to Gartner, 60% of security budgets will be in support of detection and response capabilities by 2020 as businesses learn to recognise the need to combat the rising levels and complexity of cybercrime.
Dark Reading IT Pro Portal
Large businesses at biggest risk from cyberattacks
New research from Coalfire has revealed that midsized businesses are outperforming their larger competitors as a result of a security 'sweet spot'. The firm’s annual Coalfire Penetration Risk Report found that although larger enterprises have bigger budgets and resources, they are not the best prepared to protect against cybercrime. While large organizations are still the best at protecting themselves against phishing and other social engineering attacks, the report found a cybersecurity sweet spot among midsized businesses which performed best at protecting their assets and mitigating their security risks in tests. To compile its report, Coalfire performed 300 penetration tests on 148 companies worldwide to discover that despite having the largest cybersecurity budgets, large enterprises are not the most secure overall. Across both large and small enterprises however, employees remain companies' biggest weakness either through human error or in creating opportunities for social engineering hacks.
Regulators study lenders exposure to crypto-assets
The Basel Committee on Banking Supervision is considering capital safeguards and examining banks' exposure to "crypto-assets" such as bitcoin, which may put banks off investing in the growing sector. Meanwhile, Global regulators have published a framework for "vigilantly" monitoring risks from crypto assets such as bitcoin and ether. The Financial Stability Board said the framework focuses on how risks from crypto asset markets could spread to other parts of the financial system.
Financial Times News BTC City AM
PRIVACY AND DATA PROTECTION
Improving digital identity
A report by the Better Identity Coalition has outlined a new agenda for improving the privacy and security of digital identity solutions. The report highlights five key initiatives: Prioritize the development of next-generation remote identity proofing and verification systems; Change the way Americans use the Social Security Number; Promote and prioritize the use of strong authentication; Pursue international coordination and harmonization of identity standards; Educate consumers and businesses about better digital identity solutions. Nico Popp, senior vice president of Symantec, said: “This white paper establishes a road map for policymakers on the critical issue of consumer identity and authentication. Improving customer experience, ensuring privacy and reducing the fraud that affects businesses and consumers are critical issues that Symantec addresses every day. We're very pleased to be a member of the Better Identity Coalition and are excited about the recommendations made in this report”
Cybersecurity office to protect against election hacking
Alex Padilla, California’s Secretary of State, is to open a cybersecurity office to help protect voter registration information and election systems from the threat of hackers. The move comes as federal prosecutors indicted 12 Russians for infiltrating voter databases in other states and campaign computer systems in the 2016 presidential election.
Privacy pioneers plan ‘zero tracking’ rival to Facebook
Privacy campaigners are launching a crowdfunding campaign this week to build Openbook, an alternative to Facebook which plans to have “zero tracking”. Meanwhile, the CEOs of Facebook and Google have been urged by seventeen U.S. lawmakers to resist changes stipulated by a new cybersecurity law in Vietnam, which critics say gives the Communist-ruled state more power to crackdown on dissent.
Mimecast acquires cybersecurity training provider
Mimecast has bought cybersecurity training provider Ataata, saying that the acquisition will allow customers to measure cyber risk training effectiveness by converting behaviour statistics into actionable risk metrics for security professionals. Ataata's security awareness training and cyber risk management platform will be integrated with Mimecast’s cyber resilience for email capabilities. Mimecast CEO and co-founder, Peter Bauer, commented: “Cybersecurity awareness training has traditionally been viewed as a check the box action for compliance purposes, boring videos with PhDs rambling about security or even less than effective gamification which just doesn’t work. As cyberattacks continue to find new ways to bypass traditional threat detection methods, it’s essential to educate your employees in a way that changes behaviour.” Research conducted by Mimecast found that 90% of businesses have experienced an increase in phishing attacks in the last 12 months, but only 11% train employees on how to spot attacks.
PE Hub Network Asia
Verodin closes $21m funding round
Cybersecurity firm Verodin has closed a $21m round of financing from 14 investors. The Series B funding was led by TenEleven Ventures and Bessemer Venture Partners (BVP). Capital One Growth Ventures and Citi Venture. All existing investors participated in the round. The investment brings Verodin’s total funding to $34m. The firm, which evaluates the effectiveness of companies’ cybersecurity controls, said it will use the funds to continue development of its Security Instrumentation Platform (SIP), increase hiring across all functional areas and expand its global sales reach.
IRS exploring potential of AI platform
The IRS is exploring the potential of an artificial intelligence and machine learning-based analytical platform to “proactively detect and respond to cyber- and insider-related threats.” The IRS will gather information from industry and academia, and it will use the results to assess ongoing industry efforts within the identified focus areas. The agency is seeking information on a wide range of technologies as part of the proposed platform, according to a request for information. Those include artificial intelligence, machine learning, cognitive computing, and data analytics techniques and algorithms.
Hackers selling access to law firm secrets
High profile law firms are being targeted by hackers seeking to steal confidential information and sell it on the dark web. Cybersecurity firm Q6 Cyber has highlighted a forum post in Russian where the cybercriminal was offering access to a New York City law firm’s network and files for $3,500. There has been a 135% year-over-year increase in financial data, such as bank account logins and financial records, being sold on dark web, according to cyber-intelligence company IntSights.
Concerns Russian hackers targeted Novichok inquiry
Police investigating the Novichok poisoning in Salisbury which targeted former Russian spy Sergei Skripal are understood to believe that hackers form Russia have attempted to hack into Scotland Yard's files on the case. Officers believe that Russians had tried to compromise cybersecurity systems at the Metropolitan Police about a fortnight ago.
The Daily Telegraph
Revolut reveals money laundering concerns
Fintech Revolut has revealed that it has called in both the National Crime Agency and the Financial Conduct Authority over the last few months over suspected money laundering on its system. A spokesperson for Revolut, which has almost 80 full-time staff working on compliance issues, said: "We're really proud that, through a combination of humans and machine-learning technology, we are able to swiftly detect any suspicious behaviour, take the appropriate action and keep Revolut free of financial crime."