15 Trending ICS, IAM, and Cybersecurity Articles, July 2016

6228420376_e44db1da35_z

Every two weeks we release a curated digest of the most interesting, time-sensitive, and informative articles covering IAM, Cybersecurity, ICS/SCADA, Infosec, compliance and privacy topics across a range of industries. Due to the popularity of our biweekly newsletter, we have expanded the digest on our blog to include a broader selection of articles to provide additional content that may be of interest to our subscribers. If you would prefer to receive a short digest, please subscribe to the Idenhaus Identity Management & Cybersecurity biweekly here.

Here are the top 15 Identity Management and Cybersecurity articles for mid-July 2016.

Financial Services

SEC Prepares for More Cybersecurity Oversight

Leading U.S. banks, and other publicly traded companies, should expect increased cybersecurity scrutiny from the Securities and Exchange Commission. “Cybersecurity threats are the No. 1 threats against the stability of the U.S. financial system.” Read more >>

 

1 In 3 Consumers Worldwide Hit By Payment Card Fraud

A recent study of around 6,000 consumers across 20 countries has revealed that payment card fraud is on the rise worldwide — with 2,260 data breaches reported in 2015 alone. Read more >>

 

Identity and Access Management

The Internet of Things Demands a New Identity Management Approach

Security concerns come up as the number one barrier to Internet of Things adoption. Compromised data security always has devastating consequences, such as monetary loss, confidentiality leaks, health record tampering and many other scenarios. In the IoT world, a breach has the potential to be life threatening. Read more >>

 

Threat Intelligence

Threat Intel vs Whack-a-mole Intel

After we’ve honed our skills at quickly finding and annihilating the immediate threat, let’s start adding a new function to our INFOSEC portfolios: teams to do strategic analysis, enemy profiling, and developing threat intelligence that allows us to take proactive measures to prevent attacks or at the very least identify behaviors that indicate a larger (measured by impact not volume) threat on the battlefield. Read more >>

 

How To Use Threat Intelligence Intelligently

CThink of adding threat intelligence to the security operation as a commitment: “You need to take it on as a project and it’s a commitment to looking at what you [really] need. You can’t just go buy it. You have to look at the data and what you have internally and how you apply it,” says David Dufour, senior security architect at Webroot. Read more >>

 

ICS/SCADA

Researchers Found a Hacking Tool that Targets Energy Grids on the Dark Web

A sophisticated piece of government-made malware, designed to do reconnaissance on energy grid’s system ahead of an eventual cyberattack on critical infrastructure, was found on a dark web hacking forum. Read more >>

 

State-backed hackers blamed for malware targeting power company networks

Hackers are targeting energy companies in Western Europe with sophisticated form of malware. Cybersecurity researchers from SentinelOne Labs say that the malware, which has infected at least one power company in Europe, takes “extreme measures” to avoid detection before it drops its payload, used to report information about the infected network back to a command-and-control centre. Read more >>

 

Utilities look back to the future for hands-on cyberdefense

“We had this rush to automation over the last 15 years or so, on some level almost blind to security risks we are creating,” said Scott Aaronson, executive director for security and business continuity at the Edison Electric Institute, which represents large, investor-owned utilities. “It is good we have automation, which gives us better situational awareness. But it also increases the attack surfaces,” he added. Read more >>

 

Detecting Cybersecurity Threats by Taking the Grid’s Pulse

Defending against cyber attacks is a mission with new urgency following the Internet-based disruption of Ukraine’s power grid in December 2015—a sophisticated hack planned and executed over more than six months by what is widely thought to be a well-financed team within Russia. Read more >>

 

Privacy and Data Compliance

ICO advises organisations to establish internal breach reporting procedures to prepare for GDPR

Organisations will need to start preparing now to be compliant from day one, and many organisations, particularly larger ones, are expected to appoint data protection officers. The regulation will, among other things, require organisations to inform data protection authorities and the public about personal data breaches, which means having the appropriate reporting procedures in place and training staff accordingly. Read more >>

 

ICIT Analysis: FDA Guidance on Medical Device Cyber Security

The guidance advises medical device manufacturers to address cybersecurity “throughout a product’s lifecycle” and is the latest action by the FDA which underscores its position that medical device cyber security is a priority for the health sector.  Read more >>

 

Cybersecurity and Risk


Oracle Unleashes Biggest Patch Update Ever

Of the 276 flaws, 159 can apparently be exploited remotely without authentication, increasing the pressure on the disparate teams which will need to leap into action to patch the databases, networking components, applications servers, OSes and ERP systems mentioned by Oracle.Read more >>

 

Ex-NSA chief: Responding to cyberattacks is a government responsibility

Attacks that cause major loss of life, destruction or incapacitation of significant portions of key infrastructure, or even attacks that cause “massive economic damage” fall within the parameters of what the U.S. should be prepared to call acts of war. Read more >>

 

4 Ways Companies Protect Their Data From Their Own Employees

“Insider threat,” the phenomenon of employees going bad, has become a key focus of corporate security departments, as companies become increasingly aware of how much damage an angry staffer or contractor can do by stealing or leaking intellectual property or other confidential data. Here are four categories of protection. Read more >>

 

Risk Acceptance at the Executive Level

Many organizations have a process in place whereby executives are authorized to accept risk (i.e., make decisions that expose the organization to unusual amounts of risk). The truth of the matter, though, is that virtually every business decision has some effect on the organization’s cyberrisk posture. Read more >>

 

If you enjoyed these articles, signup below to get the Idenhaus Identity Management & Cybersecurity News delivered to your inbox.

Sign up to get your News delivered:

* indicates required


 

Photo Credit: Flickr

Share

Leave a Reply

Your email address will not be published. Required fields are marked *