Archive for April, 2013

Most UK SMEs ill-equipped to deal with cyber threats, study finds

From: ComputerWeekly.com

A minority of UK small and medium enterprises (SMEs) are giving high priority to cyber threats, research has revealed.

Although cyber threats are gaining recognition among SMEs, there is a clear need to raise awareness and protection, according to the Institution of Engineering and Technology (IET).

Threats to systems are increasing and new vulnerabilities are emerging daily, said Hugh Boyes, the IET’s cyber security expert.

“We are working to raise awareness among the UK engineering and technology community of the need to improve the cyber security of both our critical national infrastructure and all the technology we use,” he said.

Internet Regulatory Framework Debated by Tunisian Lawyers

From: TunisAlive

Roua Khlifi

The National Union of Tunisian Lawyers discussed the creation of a legal framework to address cyber-crimes such as defamation and online terrorism during a forum held Friday.

Chawki Tabib, head of the union, emphasized the pivotal role the Internet played during the revolution and stressed that online freedom will not be affected. Yet, he insisted, there must be regulation.

“We want the role of the internet in resisting corruption to continue after January 14,” he said. “Yet over the previous months, violations have grown and we have noticed many cases of defamation as well as economic and terrorist crimes.”

China’s Shifting Cyber Focus on Taiwan

From: The Diplomat

By J. Michael Cole

Hackers from the Chinese military appear to have shifted the focus of their attacks against Taiwan from government institutions to the civilian sector, including think tanks, telecommunications, Internet nodes, and traffic signal control systems, the island’s top civilian spy agency said in a new report.

The report, submitted by the National Security Bureau (NSB) to the Legislative Yuan prior to a briefing on countermeasures on April 29, did not venture reasons why the PLA’s General Staff Department was now turning its sights on civilian infrastructure, nor did it indicate whether this alleged shift was part of a larger trend or was specific to Taiwan.

Visiting U.S. Officials to Discuss Cybersecurity

From:  Moscow Times

Russia and the U.S. aim to reach an agreement on unified cybersafety rules during a visit to Moscow by Washington officials.

White House cybersecurity coordinator Michael Daniel and coordinator for cyber issues Christopher Painter were to discuss steps toward achieving mutual trust between Moscow and Washington in cyberspace on Monday, Kommersant reported.

A U.S. State Department official told the newspaper that the talks could lead to an intergovernmental agreement on cybersecurity and the establishment of a working group on information security in the U.S.-Russian Presidential Commission.

Russia has been actively trying to establish a code of conduct in cyberspace with international organizations, such as the Organization for Security and Cooperation in Europe and the United Nations, but its proposals are unlikely to be adopted because the U.S. and its allies consider the current legislation adequate for dealing with all possible situations, including cyberwars, the report said.

Key Senate Democrats Unsatisfied With House-Passed Cybersecurity Bill

From: Bloomberg

By Alexei Alexis

Following House passage of the Cyber Intelligence Sharing and Protection Act (CISPA) bill focused on information sharing, the attention now shifts to the Senate, where key Democrats are calling for a more comprehensive approach that is favored by the White House.

The House passed its bill (H.R. 624) April 18 on a 288-127 vote, leaving out key provisions urged by the White House, such as language to promote cybersecurity standards for critical parts of the private sector (12 PVLR 671, 4/22/13).

LivingSocial’s breach draws advice from security experts

From: TechHive

John P. Mello Jr.

The cyber attack Friday on the Internet deal site LivingSocial that forced it to reset the passwords of some 50 million users has elements of what’s becoming an all too familiar storyline.

Along with the names, birth dates, and email addresses of some of the site’s users, the intruders also accessed those users’ passwords.

The passwords could have been used to access user accounts on LivingSocial, but the online deals firm says it doesn’t believe any accounts have been compromised.

Security expert warns of ‘cyber murder’ threat

From: Lancaster Guardian

Heart and diabetes patients could be at risk of “cyber assassination” following attacks from internet hackers, a Galgate computer security expert has warned.

Implanted wireless-controlled medical devices like pacemakers and insulin pumps could be vulnerable to interference with fatal consequences, according to Mike Watkins.

Mike, 49, is one of three co-directors at Sanitas Data Security, a fledgling Penwortham firm which is studying the threat. Their interest was sparked while performing their own research as part of an MSc in cyber security at Lancaster University.

In Channel 4 series Homelandterrorists killed the US vice-president by hacking into his pacemaker and delivering an electric shock.

Google to Microsoft’s New Import May Be Cyber Standards

From: Bloomberg

By Chris Strohm

Efforts by Google Inc. (GOOG), Microsoft Corp. and Amazon.com Inc. (AMZN) to be excluded from U.S. cybersecurity rules may become moot under a European Commission proposal that could force them to report attacks and make their products more secure.

E-mail providers, search engines, social networking websites and companies specializing in electronic commerce would have to comply with cybersecurity requirements to sell products and services within the 27 countries of the European Union under a directive proposed Feb. 7.

Infosec 2013: External auditors attacked as threat to information security

From: SC Magazine

Asavin Wattanajantra

At Infosecurity 2013, external auditors were described as a threat to information security, ignorant of business strategies and only after the money.

Paul Simmonds, on the board of management at the Jericho Forum and formerly a CISO at Astra Zeneca, argued that external auditors caused problems to CISO’s when it came to delivering a good security strategy for their businesses.

Read Complete Article

 

Should You Consider Cyber-Liability Insurance?

From: CFO

Many small businesses are perfect targets for cyber attacks because they lack the sophisticated security practices larger companies use to protect trade secrets and customer data.

Taylor Provost

Telecommunications giant Verizon on Tuesday released its annual investigative report of data breaches, which found that small businesses are the number-one target of cyber-espionage attackers.

Almost half of the 621 confirmed data-breach incidents Verizon recorded in 2012 occurred at companies with fewer than 1,000 employees, including 193 incidents at those with fewer than 100 workers. Similarly, security company Symantec reported last week that cyber attacks on businesses with fewer than 250 employees leaped 31 percent in 2012, following an 18 percent climb in 2011. Both reports cited small businesses’ inadequate security infrastructure for protecting financial information, customer data and intellectual property.