Every two weeks we release a curated digest of the most interesting, time-sensitive, and informative articles covering IAM, Cybersecurity, ICS/SCADA, Infosec, compliance and privacy topics across a range of industries. Due to the popularity of our biweekly newsletter, we have expanded the digest on our blog to include a broader selection of articles to provide additional content that may be of interest to our subscribers. If you would prefer to receive a short digest, please subscribe to the Idenhaus Identity Management & Cybersecurity biweekly here.
Here are the top 15 Identity Management and Cybersecurity articles for mid-July 2016.
Leading U.S. banks, and other publicly traded companies, should expect increased cybersecurity scrutiny from the Securities and Exchange Commission. “Cybersecurity threats are the No. 1 threats against the stability of the U.S. financial system.” Read more >>
A recent study of around 6,000 consumers across 20 countries has revealed that payment card fraud is on the rise worldwide — with 2,260 data breaches reported in 2015 alone. Read more >>
Identity and Access Management
Security concerns come up as the number one barrier to Internet of Things adoption. Compromised data security always has devastating consequences, such as monetary loss, confidentiality leaks, health record tampering and many other scenarios. In the IoT world, a breach has the potential to be life threatening. Read more >>
Threat Intel vs Whack-a-mole Intel
After we’ve honed our skills at quickly finding and annihilating the immediate threat, let’s start adding a new function to our INFOSEC portfolios: teams to do strategic analysis, enemy profiling, and developing threat intelligence that allows us to take proactive measures to prevent attacks or at the very least identify behaviors that indicate a larger (measured by impact not volume) threat on the battlefield. Read more >>
CThink of adding threat intelligence to the security operation as a commitment: “You need to take it on as a project and it’s a commitment to looking at what you [really] need. You can’t just go buy it. You have to look at the data and what you have internally and how you apply it,” says David Dufour, senior security architect at Webroot. Read more >>
A sophisticated piece of government-made malware, designed to do reconnaissance on energy grid’s system ahead of an eventual cyberattack on critical infrastructure, was found on a dark web hacking forum. Read more >>
Hackers are targeting energy companies in Western Europe with sophisticated form of malware. Cybersecurity researchers from SentinelOne Labs say that the malware, which has infected at least one power company in Europe, takes “extreme measures” to avoid detection before it drops its payload, used to report information about the infected network back to a command-and-control centre. Read more >>
“We had this rush to automation over the last 15 years or so, on some level almost blind to security risks we are creating,” said Scott Aaronson, executive director for security and business continuity at the Edison Electric Institute, which represents large, investor-owned utilities. “It is good we have automation, which gives us better situational awareness. But it also increases the attack surfaces,” he added. Read more >>
Defending against cyber attacks is a mission with new urgency following the Internet-based disruption of Ukraine’s power grid in December 2015—a sophisticated hack planned and executed over more than six months by what is widely thought to be a well-financed team within Russia. Read more >>
Privacy and Data Compliance
Organisations will need to start preparing now to be compliant from day one, and many organisations, particularly larger ones, are expected to appoint data protection officers. The regulation will, among other things, require organisations to inform data protection authorities and the public about personal data breaches, which means having the appropriate reporting procedures in place and training staff accordingly. Read more >>
ICIT Analysis: FDA Guidance on Medical Device Cyber Security
The guidance advises medical device manufacturers to address cybersecurity “throughout a product’s lifecycle” and is the latest action by the FDA which underscores its position that medical device cyber security is a priority for the health sector.
Cybersecurity and Risk
Of the 276 flaws, 159 can apparently be exploited remotely without authentication, increasing the pressure on the disparate teams which will need to leap into action to patch the databases, networking components, applications servers, OSes and ERP systems mentioned by Oracle.Read more >>
Attacks that cause major loss of life, destruction or incapacitation of significant portions of key infrastructure, or even attacks that cause “massive economic damage” fall within the parameters of what the U.S. should be prepared to call acts of war. Read more >>
“Insider threat,” the phenomenon of employees going bad, has become a key focus of corporate security departments, as companies become increasingly aware of how much damage an angry staffer or contractor can do by stealing or leaking intellectual property or other confidential data. Here are four categories of protection. Read more >>
Risk Acceptance at the Executive Level
Many organizations have a process in place whereby executives are authorized to accept risk (i.e., make decisions that expose the organization to unusual amounts of risk). The truth of the matter, though, is that virtually every business decision has some effect on the organization’s cyberrisk posture. Read more >>
If you enjoyed these articles, signup below to get the Idenhaus Identity Management & Cybersecurity News delivered to your inbox.
Photo Credit: Flickr