Guest column by Citadel Information Group
Cyber Privacy
Apple releases its first transparency report: (CNN) – Apple is opening up about how many government requests it gets for customer information. CNN, November 6, 2013
States Take on Privacy: Tired of waiting for Congress to pass comprehensive privacy legislation, state lawmakers are taking matters into their own hands, and not a moment too soon. Legislatures across the country have enacted laws to regulate the kinds of information that companies and law enforcement agencies can collect about individuals and how it can be done. The New York Times, November 2, 2013
Financial Fraud
Overlooked Anti-Fraud Investments: Despite upticks in account takeover fraud, small business owners still aren’t doing enough to enhance their ACH fraud defenses, say Michelle Di Gangi and David Pollino of Bank of the West. BankInfoSecurity, November 1, 2013
Reasonable Security: Changing the Rules: Article 4A of the Uniform Commercial Code, which deals with reasonable security measures for banks, needs a major update, says attorney Dan Mitchell, who represented PATCO Construction in a high-profile account takeover dispute. BankInfoSecurity, October 28, 2013
Cyber Security Management
Phishing Messages Trick One in Five Employees Into Clicking: Survey: In a study of employee susceptibility to phishing attacks, security-awareness training firm ThreatSim finds that an average of 18 percent open phishing messages and click on the malicious link inside. eWeek, November 7, 2013
Gender gap: Why information security needs more women: A new report on infosec spotted significant differences in how men and women prioritize needed skills. Here’s why greater diversity in the field matters. TechRepublic, November 4, 2013
Enterprise defenses lag despite rising cybersecurity awareness: Organizations are showing more interest in cybersecurity through executive involvement and higher spending. Nevertheless, the added attention is new and more resources need to be directed at defending against cyberattacks, a study shows. CSO, November 2, 2013
Cyber Security Management – Cyber Update
Microsoft: XP End of Life an Important Security Milestone: Forget for a moment the impending cryptoapocalypse because of aging and/or subverted encryption standards and algorithms. Microsoft this week put out the word on the scourge that is Windows XP. ThreatPost, November 1, 2013
Cyber Security Management – Cyber Defense
Monitoring Where Search Engines Fear To Tread: The deepweb – anonymized networks that are not indexed by search engines – are hard to monitor, yet companies should seek out signs in their networks. DarkReading, November 1, 2013
How To Avoid CryptoLocker Ransomware: Over the past several weeks, a handful of frantic Microsoft Windows users have written in to ask what they might do to recover from PC infections from “CryptoLocker,” the generic name for an increasingly prevalent and nasty strain of malicious software that encrypts your files until you pay a ransom. Unfortunately, the answer for these folks is usually either to pay up or suck it up. This post offers a few pointers to help readers avoid becoming the next victim. KrebsOnSecurity, November 1, 2013
Google Updates ReCAPTCHA Technology, Moves Away From Distorted Text: Google announced a change to its reCAPTCHA authentication system late Friday wherein the company will begin creating different types of puzzles for different users, use numeric CAPTCHAs and move away from more obscure, hard-to-read distorted letters. ThreatPost, October 28, 2013
Cyber Security Management – HIPAA
Google agrees to sign BAA as means to HIPAA compliance: In September 2013, Google offered for the first time to sign a HIPAA Business Associate Agreement (BAA) available for Google Apps. That’s good news for organizations unwilling to deploy Google Apps without such an agreement. It is also a smart competitive move, as it matches Microsoft, which offers to sign a BAA for Office365. TechRepublic, October 2, 2013
Securing the Village
World Cybersecurity Leaders Call for Cooperation: Governments and businesses spend $1 trillion a year for global cybersecurity, but unlike wartime casualties or oil spills, there’s no clear idea what the total losses are because few will admit they’ve been compromised. Cybersecurity leaders from more than 40 countries are gathering at Stanford University this week to consider tackling that information gap by creating a single, trusted entity that would keep track of how much hackers steal. Time, November 5, 2013
New command center will protect L.A. infrastructure from cyberattacks: Los Angeles Mayor Eric Garcetti has set up a new command center to minimize the threat that hackers, terrorists or foreign enemies will disrupt water, power, transportation and public safety systems. LA Times, November 2, 2013
OWASP-LA wins 2013 Global People of the Year Awards: The WASPY Award election has completed. Congratulations to the winners! WASPY Awards, 2013
National Cyber Security
NSA’s Top Lawyer Says Debate Started By Edward Snowden Could Be ‘Good Thing’: The National Security Agency’s general counsel, Rajesh De, defended his agency’s massive phone and Internet surveillance programs during a Monday hearing of the Privacy and Civil Liberties Oversight Board, but also said public debate about the programs could be a good thing. US News and World Report, November 4, 2013
No Morsel Too Minuscule for All-Consuming N.S.A.: When Ban Ki-moon, the United Nations secretary general, sat down with President Obama at the White House in April to discuss Syrian chemical weapons, Israeli-Palestinian peace talks and climate change, it was a cordial, routine exchange. The New York Times, November 2, 2013
Cyber Law
Adobe cyber attack to trigger flood of legal action, forecast lawyers: A welter of legal action could tumble out of Adobe’s admission yesterday that it had suffered a far greater breach of data security in a cyber attack earlier this month, leading technology lawyers warn. The Lawyer, October 31, 2013
Cyber Misc
3D-Printing ‘Encryption’ App Hides Contraband Objects In Plain Sight: If 3D printing companies and government agencies hope to police the spread of dangerous or pirated digital shapes, their task is about to get much more complicated. Forbes, November 4, 2013
Clutter in the airwaves: Mobile payment security: While already ubiquitous in much of the world, mobile payment options are gaining traction in the United States, reports Stephen Lawton. Dr. Stahl Quoted, SC Magazine, November 1, 2013
Cyber Calendar
ISSA-LA November Lunch Meeting – Beating Hacker’s With Their Own Tools: In today’s world of advanced cyber threats, security professionals need to implement new methods and strategies to gain the upper hand in protecting their business. Thinking like an attacker isn’t really good enough. However, incorporating hacker methodologies & tools will give security teams the situational awareness and intelligence needed to respond quickly to new & previously unknown threats. The security industry is changing. For some, it’s a good thing, and for others, they’re watching their antiquated ways of failing to prevent exploits become irrelevant for smart security teams. ISSA-LA, Event Date: November 20, 2013
The IT Summit would like to thank Citadel Information Group for allowing us to provide this information to you.