Balancing the Sharing of Information

CyberSecurity Journal

Subscribe to CyberSecurity Journal: eMailAlertsEmail Alerts newslettersWeekly Newsletters
Get CyberSecurity Journal: homepageHomepage mobileMobile rssRSS facebookFacebook twitterTwitter linkedinLinkedIn


Top Stories

Every time there’s a notable cybersecurity breach, someone (even me) writes a comprehensive primer on the proper way to create “secure” passwords. Lather, rinse, repeat. Until a few years ago, everyone (including me) based their password advice on a 2003 paper from the National Institute of Standards and Technology (NIST), with the catchy title “NIST Special Publication 800-63.” The paper recommended that passwords be cryptic, contain special characters, and be as close to nonsense as possible. I was in a camp I called “How to Make a Cryptic Password You Can Easily Remember.” The short version was this: take a phrase you know, such as a favorite quote from a movie, and use the first letter of each word. For example, Sheriff Brody’s famous line from Jaws, “I think we’re gonna need a bigger boat,” becomes 1twgn@bb. The trick was using Leet (a technique where letters ... (more)

Equifax Is an Enron Moment | @CloudExpo #AI #DX #SDN #Cybersecurity

Equifax Is an Enron Moment, But Not the Way You May Think Enron changed how U.S. public companies audit and report their financial data. There is also an opportunity to use the Equifax data breach to create a framework for better protection of our data in future. The credit reporting agency reported one of the largest data breaches in the history. Hackers were able to steal sensitive information from its internal servers. The stolen data include name, Social Security Number (SSN), date of birth, and also credit card numbers and driver license numbers in some cases. A massive breach like this can haunt the victims for years to come. What makes this specific breach even more damaging is the type of the stolen data. If someone steals your credit card number, you call your bank and get a new card hopefully before the hacker is able to make use of the stolen card. But, if... (more)

Keeping Digital Health Organizations Safe from Cyber Attack | @CloudExpo #DX #Cloud #Security

For health organizations, breaches are a constant threat, due to the high value of healthcare data - Social Security Numbers, treatment records, credit information, and other sensitive personally identifiable information (PII). And the cost of a breach to a health system or hospital can be devastating. And the health care industry has seen its share of breaches in the past quarter alone. For example, the National Health Service in England and Scotland was hit by a Wanna Decryptor ransomware attack affecting at least 16 of its organizations. Within two days 150 countries were affected. Also last quarter, up to millions of patient records at Bronx-Lebanon Hospital Center in New York stored on a backup system managed by iHealth Innovations were exposed to a data breach. Despite all the focus on preventing protected health information (PHI) theft and thwarting the next ... (more)

[video] #IoT Security with @SecureChannels | @ThingsExpo #BigData #AI #M2M

"We're a cybersecurity firm that specializes in engineering security solutions both at the software and hardware level. Security cannot be an after-the-fact afterthought, which is what it's become," stated Richard Blech, Chief Executive Officer at Secure Channels, in this SYS-CON.tv interview at @ThingsExpo, held November 1-3, 2016, at the Santa Clara Convention Center in Santa Clara, CA. Internet of @ThingsExpo, taking place October 31 - November 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA, is co-located with 21st Cloud Expo and will feature technical sessions from a rock star conference faculty and the leading industry players in the world. Download Show Prospectus ▸ Here The Internet of Things (IoT) is the most profound change in personal and enterprise IT since the creation of the Worldwide Web more than 20 years ago. All major researcher... (more)

Thwarting Ransomware Attacks | @CloudExpo #BigData #ML #Cybersecurity

Having an Actionable Disaster Recovery Plan Is Crucial in Thwarting Ransomware Attacks As we have seen over and over again, a new wave of ransomware attacks has been plaguing large parts of Europe over the last couple of weeks. While the affected individuals and organizations are struggling with the very tangible business impact of the loss of revenue and operations, it's critical to step back and review what else one could do to mitigate and minimize the damage from such attacks in the future. Not everyone seems to be agreeing on the exact name of the attack - however this particular strain is apparently from a family of attacks that uses EternalBlue, an exploit developed by NSA, along with an MS Office / WordPad vulnerability discovered earlier this year. While the previous ransomware attack was known as WannaCry, this latest attack goes by several names - Petya... (more)

Announcing @SecureChannels to Exhibit at @CloudExpo | #DevOps #IoT #AI #DX #SmartCities

SYS-CON Events announced today that Secure Channels, a cybersecurity firm, will exhibit at SYS-CON's 21st International Cloud Expo®, which will take place on Oct 31 - Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. Secure Channels, Inc. offers several products and solutions to its many clients, helping them protect critical data from being compromised and access to computer networks from the unauthorized. The company develops comprehensive data encryption security strategies that are tailored for the unique needs of each client; the team builds in an intuitive user experience to boost efficiency and effectiveness of its cyber security solutions. For more information, please visit http://www.securechannels.com/. 21st International Cloud Expo, taking place October 31 - November 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA, wil... (more)

[session] A Live Hack Simulation | @CloudExpo @VinnyTroia #AI #DX #Security

Know Your Adversary: A Live Hack Simulation Using NSA's Stolen Digital Weapons When NSA's digital armory was leaked, it was only a matter of time before the code was morphed into a ransom seeking worm. This talk, designed for C-level attendees, demonstrates a Live Hack of a virtual environment to show the ease in which any average user can leverage these tools and infiltrate their network environment. This session will include: An overview of the Shadbrokers NSA leak situation A review of the first iteration of the malware - lifecycle, how it was stopped, etc. A review of iterations of the malware Some states on machines still accessible (via Shodan stats) In his session at 20th Cloud Expo, Vinny Troia, CEO of NightLion Security, will also include a live hack simulation. This will be pre-recorded but he will walk the audience through what is happening. He will cov... (more)

Staying Compliant in the Cloud Without a Cybersecurity Attorney By @BThies | @CloudExpo #Cloud

Cybersecurity is a complex field, and with laws varying across states and countries, keeping cloud usage compliant can become a real headache for enterprise security decision-makers. As regulations continue to lag behind the rapid pace of technological advancements, many IT security professionals turn to the expertise of cybersecurity lawyers, who not only understand the ambiguities of the law, but are also able to secure and protect their employers' interests in the case of a breach. When Is a Cybersecurity Attorney Needed? There are times when cybersecurity lawyers are essential. Given recent developments such as Edward Snowden's National Security Agency leaks, the exponential growth of the Internet of Things, and the throwing out of Safe Harbor Rules, privacy is an ever-evolving concern for businesses. Every company must ensure the safety of its users' data, and ... (more)

[video] @PentaSecSystems Data Security | @CloudExpo #AI #Cybersecurity

"There's a clear point of entry for web attacks. Everyone knows where it is. If we could get smart about inspecting what's coming in through that 'door,' we could not only get a lot of security benefits, it's also a better way to do business," explained Jaeson Yoo, Senior Vice President of Business Development at Penta Security Systems Inc., in this SYS-CON.tv interview at 19th Cloud Expo, held November 1-3, 2016, at the Santa Clara Convention Center in Santa Clara, CA. The World's Largest "Cloud Digital Transformation" Event @CloudExpo / @ThingsExpo 2017 New York (June 6-8, 2017, Javits Center, Manhattan) @CloudExpo / @ThingsExpo 2017 Silicon Valley (Oct. 31 - Nov. 2, 2017, Santa Clara Convention Center, CA) Full Conference Registration Gold Pass and Exhibit Hall ▸ Here Register For @CloudExpo ▸ Here via EventBrite Register For @ThingsExpo ▸ Here via EventBrite Regi... (more)

Insource or Outsource the SOC | @CloudExpo #AI #SOC #Security #Analytics

These days attacks are becoming more sophisticated and more common. Mobile devices, cloud computing and the Internet of Things have increased the number of access points that must be secured. To complicate matters, CISOs are been directed to secure system without compromising the seamless experience that customers expect across channels, and if the organization is in a regulated industry, compliance issues likely increase the team's workload. To best detect threats and respond to incidents quickly, many organizations decide they need a security operations center to provide proper protection and continuous prevention. Then they must decide whether to build an internal Security Operations Center (SOC) or outsource. Advantages and Disadvantages of an Internal SOC The advantages of building an internal SOC include: A dedicated staff that knows the particular environment a... (more)

Mistakes Retailers Make in Digital Transformation | @ThingsExpo #IoT #M2M #DigitalTransformation

A key challenge that retailers face today is the difficulty of accurately judging where they are on the digital maturity curve relative to their competitors. There appears to be little expertise in making this assessment; for example, 79% of digital leaders don't know they are ranked as leaders, and only 56% of retailers ranked as average in our study believe they are at this level. The other 44% in the average category mistakenly believe they are either leaders or laggards. The lack of competitive clarity makes it even more difficult to develop an effective competitive strategy. Our research suggests that retailers' plans reflect neither self-awareness nor a realistic idea of what it will take to catch up or leapfrog their competitors in this highly competitive space. Namely, factors such as online sales penetration, business performance, attitudes about digital, pl... (more)