-
Banks collaborate to thwart cybercrime
The Financial Services Information Sharing and Analysis Center (FS-ISAC), a cybersecurity information sharing group, has teamed up with the Depository Trust & Clearing Corporation to form Soltra. Named after a series of fire signals that were used in Europe hundreds of years ago to warn against invaders, the organization alerts member banks of incoming or potential cyber threats.
-
-
Security contractor USIS failed to notice months-long hacking of its computer systems
A new report reveals that the cyberattack on security contractor USIS, similar to previous attacks by Chinese government hackers on U.S. firms, was infiltrating USIS computer systems for months before the company noticed. The breach, first revealed publicly by the company and the Office of Personnel Management(OPM) in August, compromised the records of at least 25,000 DHS employees.
-
-
Contactless cards fail to recognize foreign currency
New research has highlighted a “glitch” in the Visa system which means their contactless cards will approve foreign currency transactions of up to 999,999.99 in any foreign currency. Side-stepping the £20 contactless limit, transactions can be carried out while the card is still in the victim’s pocket or bag. Transactions are carried out offline, avoiding any additional security checks by the bank, and although the current system requires the credit card to authenticate itself, there is currently no requirement for the POS (point of sale) terminal to do the same.
-
-
Georgia Tech releases 2015 Emerging Cyber Threats Report
In its latest Emerging Cyber Threats Report, Georgia Tech warns about loss of privacy; abuse of trust between users and machines; attacks against the mobile ecosystem; rogue insiders; and the increasing involvement of cyberspace in nation-state conflicts.
-
-
Surge in cyberattacks drives growth in cybersecurity insurance
More than 3,000 American businesses were hacked in 2013, many of them small and mid-size firms without cybersecurity insurance. That surge in cyberattacks has led to a growing cybersecurity industry, with firms offering products and solutions to secure network systems. Insurance companies are also claiming their stake in the booming industry. Today, roughly fifty U.S. companies offer cybersecurity insurance. American businesses will spend up to $2 billion on cyber-insurance premiums this year, a 67 percent increase from the $1.2 billion spent in 2013.
-
-
New cyber initiative to put Israel’s Beer-Sheva region on the world’s cyber map
Ben-Gurion University of the Negev is a central component of the new CyberSpark initiative, an ecosystem with all the components which will allow it to attain a position of global leadership in the cyber field. The CyberSpark initiative is the only complex of its type in the world – a government-academic-industry partnership which includes Fortune 500 companies and cyber-incubators, academic researchers and educational facilities, as well as national government and security agencies. The CyberSpark Industry Initiative will serve as a coordinating body for joint cyber industry activities with government agencies, the Israel Defense Force (IDF), and academia.
-
-
New approach to computer security: Wrist-bracelet
In a big step for securing critical information systems, such as medical records in clinical settings, researchers have created a new approach to computer security that authenticates users continuously while they are using a terminal and automatically logs them out when they leave or when someone else steps in to use their terminal. The approach, called Zero-Effort Bilateral Recurring Authentication, or ZEBRA, requires the user to wear a bracelet with a built-in accelerometer, gyroscope, and radio on his or her dominant wrist; such bracelets are commonly sold as fitness devices. When the user interacts with a computer terminal, the bracelet records the wrist movement, processes it, and sends it to the terminal.
-
-
A tool helps malware identification in smartphones
With the massive sales of smartphones in recent years (more than personal computers in all of their history), malware developers have focused their interest on these platforms. The amount of malware is constantly increasing and it is becoming more intelligent. Researchers have developed a tool to help security analysts protect markets and users from malware. This system allows a large number of apps to be analyzed in order to determine the malware’s origins and family.
-
-
Energy companies slow to buy cyberdamage insurance
The U.S. oil industry will spend $1.87 billion on cybersecurity defense systems by 2018, but less than 20 percent of U.S. companies overall are covered for cyberdamages. “Imagine what could happen if a large refinery or petrochemical facility’s safety monitoring systems were hijacked near an urban area, or a subsea control module was no longer able to be controlled by the people who should be controlling it,” says one expert. “As we’ve all seen from Deepwater Horizon [the 2010 BP Gulf oil spill] those risks and damages can be astronomical. It requires an immediate response.”
-
-
Financial firms go beyond NIST's cybersecurity framework
The National Institute of Standards and Technology(NIST) released its Framework for Improving Critical Infrastructure Cybersecurityin February 2014. Utilities, banks, and other critical industries welcomed the guidelines, but many considered the framework to be a baseline for what was needed to continuously protect their networks from cyberattacks. Some financial firms have developed industry-based cyber policies through association such as the Financial Services Information Sharing and Analysis Center’s (FS-ISAC) Third Party Software Security Working Group. The group has been reviewing cyber policies since 2012, before the NIST guidelines were finalized.
-
-
All-industry cybersecurity association needed: Experts
A new report is calling for a professional association committed to serving the cybersecurity industry. Theacknowledged the shortage of qualified cybersecurity professionals, as well as the difficulty of recruiting, training, and hiring potential candidates.Experts say that a cybersecurity association could help assess the needs of employers seeking cybersecurity professionals, establish ongoing training and development programs, and also help develop cybersecurity standards across all industries.
-
-
Program aiming to facilitate cyberthreat information sharing is slow to take off
President Barack Obama’s 2013 executive orderto improve critical infrastructure cybersecurity allows DHS to expand an information-sharing program, once restricted to Pentagoncontractors, to sixteencritical infrastructure industries. The Enhanced Cybersecurity Servicesprogram transmits cyber threat indicators to selected companies so they may prepare their network protection systems to scan for those indicators. A DHS inspector general (IG) reportreleased on Monday has found that just about forty companies from three of the sixteen industries — energy, communications services, and defense — are part of the program. Moreover, only two ISPs are authorized to receive the indicators.
-
-
Keith Alexander turns government experience into lucrative private sector career
Cybersecurity industry insiders are questioning the ethics behind recently retired NSA chief Keith Alexander’s decision to launch IronNet Cybersecurity, a private consultancy, equipped with patents for what he refers to as a game-changing cybersecurity model. Alexander says there is nothing out of the ordinary here. “If I retired from the Army as a brain surgeon, wouldn’t it be OK for me to go into private practice and make money doing brain surgery? I’m a cyber guy. Can’t I go to work and do cyber stuff?”
-
-
Utilities increasingly aware of grid vulnerability
An analysis by the federal government shows that if only nine of the country’s 55,000 electrical substations were shut down due to mechanical failure or malicious attack, the nation would experience coast-to-coast blackout. Another report finds cybersecurity as one of the top five concerns for U.S. electric utilities in 2014. The report also found that 32 percent of the surveyed electric utilities had deployed security systems with the “proper segmentation, monitoring and redundancies” needed for adequate cyber protection.
-
-
Demand for cyberattack insurance grows, but challenges remain
The surge in cyberattacks against the private sector and critical infrastructure has led to a growth in demand for cyber insurance; yet most insurers are unable properly to assess their clients’ cyber risk, let alone issue the appropriate pricing for their cyber coverage.Insurers which traditionally handle risks like weather disasters and fires, are now rushing to gain expertise in cyber technology.On average, a $1 million cyber coverage could cost $20,000 to $25,000.
-
More headlines
Who's online
The long view
U.S. contemplates responses to a cyber-Pearl Harbor attack on critical infrastructure
Cybersecurity experts often contemplate how U.S. security agencies would react to a cyber-9/11 or a digital Pearl Harbor, in which a computer attack would unplug the power grid, disable communications lines, empty bank accounts, and result in loss of life. “Ultimately, it absolutely could happen,” says one expert. “Yeah, that thought keeps me up at night, in terms of what portion of our critical infrastructure could be really brought to its knees.”
To bolster the world’s inadequate cyber governance framework, a “Cyber WHO” is needed
A new report on cyber governance commissioned by Zurich Insurance Group highlights challenges to digital security and identifies new opportunities for business. It calls for the establishment of guiding principles to build resilience and the establishment of supranational governance bodies such as a Cyber Stability Board and a “Cyber WHO.”
U.S. adopts a more assertive cyber defense posture
Recent cyberattacks and intrusions by hackers, operating alone or backed by nation-states, have prompted the Pentagon and DHS to reaffirm their commitment to upholding the reliability and integrity of America’s cyber network and the systems connected to it. Americans rely on the connected Web to deliver critical services such as water and electricity, and should the Web be breached by bad actors, the consequences could threaten national security. “If we look at cyberspace as a hostile environment and there are bad people out there who want to do bad things to us, it may cause a wholesale re-examination of the way we build our systems in the first place,” noted one expert.