CyberheistNews Vol 3, #7
Editor's Corner
]
New CyberSec Executive Order: Impact On IT?
Last Tuesday, the White House issued the long awaited CyberSec Executive Order, which makes an attempt to outline policies that will protect US organizations against cyber-attacks and espionage. The EO stays away from even hinting at
changes to privacy laws and regulations, which makes the anti-CISPA people happy. The Cyber Intelligence Sharing and Protection Act died in the Senate in any case.
So in short, what's in it?
The National Institute of Standards and Technology (NIST) will offer to work with a mix of industry and other parties to establish guidance on how to secure critical infrastructure components. Note that there are already many security frameworks that government agencies have to comply with, like FISMA, NIST 800-53, FERC, NERC, etc. The main thrust of the EO is that nobody is -required- to do anything. In the case NIST creates any useful guidance, it's up to you if you want to follow it or not. It will take an act of Congress to give this EO actual teeth in the form of compliance demands.
The upshot at the moment? Critical infrastructure companies are allowed business as usual, hence zero impact. It's positive though that the White House puts cybersecurity front and center, and raises awareness for this issue. That just might make it easier for you to get more budget and give IT security high priority within your own organization. And remember that your employees are the weak link in IT Security, so today mandatory security awareness training for everyone is a must: http://www.knowbe4.com/products/kevin-mitnick-security-awareness-training/
Quote of the Week
"In the business world an executive knows something about everything, a technician knows everything about something and the switchboard operator knows everything." - Harold Coffin
Arm Your Users Against Social Engineering
Your end-users are the weak link in your network security. Traditional once-a-year Security Awareness Training doesn't hack it anymore. Today, your employees are frequently exposed to advanced social engineeringattacks. Your users need to be trained by an expert like Kevin Mitnick, and after the training stay on their toes with you sending them 'set-it-and-forget-it' simulated phishing attacks. Both the attackerand the user are human. You need a 'human firewall'
Find out how affordable this is for your organization now! Click on the orange "Get A Quote" button on this page:
http://www.knowbe4.com/products/kevin-mitnick-security-awareness-training/
5 Myths About Awareness
Lance Spitzner of SANS Securing the Human program outlines five common misconceptions about security awareness programs, this is an interestingand quite instructive read:
http://www.csoonline.com/article/2132998/compliance/5-myths-about-awareness.html
Four CIA Secrets That Can Boost Your Career
J.C. Carleson is a former undercover CIA officer. She spent nine years conducting clandestine operations around the globe before trading the real world of espionage for writing about espionage."If only Hollywood’s depiction of life as a CIA officer were true, I’d have a faster car, a better wardrobe, and a tool shed full of state-of-the-art gadgets left over from my years working for the clandestine service. There is nary a biometric device in my garage, however, and my career keepsakes are far more bureaucrat than they are Bond.
"The truth is, spies rely on psychology far more than they do on technology. Instead of gizmos or gadgets, CIA officers use behavioral techniques to elicit secrets from people and organizations — techniques that are broadly applicable enough to be used in even the least cloak-and-dagger of settings. I wrote my book, “Work Like a Spy: Business Tips from a Former CIA Officer,” with the intention of identifying and explaining spy tradecraft in such a way that it can be used in any workplace. Here are four examples of lessons from the clandestine world that corporate America can use". Here they are:
http://blogs.wsj.com/speakeasy/2013/02/04/what-the-cia-can-teach-businesses/
Serious Data Breaches Take Months To Spot, Analysis Finds
John Dunn at TechWorld reported: "More than six out of ten organizations hit by data breaches take longer than three months to notice what has happened with a few not uncovering attacks for years, a comprehensive analysis of global incidents by security firm Trustwave has found.
During 2012, this meant that the average time to discover a data breach for the 450 attacks looked at was 210 days, 35 more than for 2011, the company reported in its 2013 Global Security Report (publicly released on 20 February). Incredibly, 14 percent of attacks aren't detected for up to two years, with one in twenty taking even longer than that. Almost half - 45 percent - of breaches happened in retailers with cardholder data the main target. The food and beverage sector accounted for another 24 percent, hospitality 9 percent, and financial services 7 percent.
Questions arise from this; how are attackers getting into organizations so easily and why do IT staff not notice until long after the event?"This is a good article to check out:
Cyberheist 'FAVE' LINKS:
* This Week's Links We Like. Tips, Hints And Fun Stuff.
Motorcycle Ridge Riding. This video will give you a physical reaction!:
http://screen.yahoo.com/motorcycle-ridge-riding-084000429.html
Master speed-painter D. Westry shows off his creative skills during the "Anderson's Viewers Got Talent" competition. Surprising End!:
http://www.flixxy.com/speed-painter-has-talent.htm
A scary demo of software capable of tracking people's movements and predicting future behavior by mining data from social networking websites:
http://www.flixxy.com/be-aware-of-what-you-share-online.htm
Kaiser the Bengal cat performs amazing tricks:
http://www.flixxy.com/amazing-cat-tricks-by-kaiser-the-bengal.htm
A Detroit musician living in poverty didn't know that in South Africa, he was more popular than the Beatles:
http://www.flixxy.com/the-rock-star-who-didnt-know-he-was-one.htm
Girl meets boy in the office and they find a new way of expressing their affection in this endearing short film. CUTE:
http://www.flixxy.com/post-it-love-short-film.htm?utm_source=4
The million dollar 650 horsepower Ferrari Enzo is not usually driven as a rally car ...
http://www.flixxy.com/ferrari-enzo-rally-car.htm
A 9-ton meteorite streaked across the sky over the Ural mountains in Russia and exploded at 25 miles above the ground:
http://www.flixxy.com/meteorite-over-russia.htm
