Tag Archives: budgets

[ISN] J.P. Morgan, BOA, Citi, And Wells Spending $1.5 Billion To Battle Cyber Crime

www.forbes.com/sites/stevemorgan/2015/12/13/j-p-morgan-boa-citi-and-wells-spending-1-5-billion-to-battle-cyber-crime/ By Steve Morgan Contributor Forbes / Tech Dec 13, 2015 There’s a showdown between the world’s largest corporations, governments, and cybersecurity companies who are going up against a global network of cyber criminals. The British insurance company Lloyd’s estimates that cyber attacks cost businesses as much as $400 billion a year, which includes direct damage plus post-attack disruption to the normal course of business. Some vendor and media forecasts put the cybercrime figure as high as $500 billion and more. The banking and financial services sector has been the prime target of cyber criminals over the last five years, followed by IT & telecom, defense, and the oil and gas sector, according to TechSci Research, an IT market intelligence firm. Infosecurity Magazine stated in an article earlier this year that financial services firms are hit by security incidents a staggering 300 times more frequently than businesses in other industries. Deloitte states that the financial services sector faces the greatest economic risk related to cybersecurity. The biggest U.S. banks are responding to the cyber crime epidemic with some of the biggest security budgets. […]




Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Secrecy on the Set: Hollywood Embraces Digital Security

http://www.nytimes.com/2015/03/30/technology/secrecy-on-the-set-hollywood-embraces-digital-security.html By NICOLE PERLROTH The New York Times MARCH 29, 2015 SAN FRANCISCO — For years, Lulu Zezza has played one of the toughest roles in Hollywood. Ms. Zezza, who has managed physical production on movies like “The Reader” and “Nine,” also oversees the digital security of everything that goes into the making of a film on set, including budgets, casting, shooting schedules and scripts. Not all that long ago, keeping tabs on Hollywood secrets was pretty simple. Executives like Ms. Zezza could confiscate a crew member’s company-issued computer or cellphone once shooting ended. But personal smartphones that receive company emails, and apps that store data on cloud computers? That is not so easy to manage if your co-workers aren’t willing to play along. F.B.I. Says Little Doubt North Korea Hit Sony JAN. 7, 2015 News Companies See Movies as Opportunity for GrowthMARCH 29, 2015 Enter North Korea, stage left. After hackers believed to be from North Korea revealed embarrassing emails and other personal details at Sony Pictures late last year, Hollywood studios — like so many businesses in other industries before them — realized they had better find a better way to protect their most sensitive files. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Australian infosec budgets are probably wrong: Deloitte

http://www.zdnet.com/article/australian-infosec-budgets-are-probably-wrong-deloitte/ By Stilgherrian ZDNet News February 4, 2015 Australian organisations are lagging when it comes to shifting the focus of their information security efforts from merely securing their networks to detecting intrusions, responding to them, and building resilience, according to senior security and risk executives from Deloitte, the international consulting firm. Deloitte divides an organisation’s infosec spend into three areas, each labelled with an adjective. “Secure” is the technology that protects critical assets against known and emerging threats across the ecosystem. This includes traditional network protection capabilities such as firewalls, anti-malware and anti-spam systems, and intrusion detection and prevention systems (IDS/IPS). “Vigilant” is about having the intelligence and monitoring capabilities to detect both known and unknown bad-guy activities, and understanding the extent to which they’re a risk to the business. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] USB has a huge security problem that could take years to fix

http://www.theverge.com/2014/10/2/6896095/this-published-hack-could-be-the-beginning-of-the-end-for-usb By Russell Brandom The Verge October 2, 2014 In July, researchers Karsten Nohl and Jakob Lell announced that they’d found a critical security flaw they called BadUSB, allowing attackers to smuggle malware on the devices effectively undetected. Even worse, there didn’t seem to be a clear fix for the attack. Anyone who plugged in a USB stick was opening themselves up to the attack, and because the bad code was residing in USB firmware, it was hard to protect against it without completely redesigning the system. The only good news was that Nohl and Lell didn’t publish the code, so the industry had some time to prepare for a world without USB. As of this week, that’s no longer true. In a joint talk at DerbyCon, Adam Caudill and Brandon Wilson announced they had successfully reverse-engineered BadUSB, and they didn’t share Nohl and Lell’s concerns about publishing the code. The pair has published the code on GitHub, and demonstrated various uses for it, including an attack that takes over a user’s keyboard input and turns control over to the attacker. According to Caudill, the motive for the release was to put pressure on manufacturers. “If the only people who can do this are those with significant budgets, the manufacturers will never do anything about it,” he told Wired’s Andy Greenberg. “You have to prove to the world that it’s practical, that anyone can do it.” […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] How to optimize your security budget

http://www.csoonline.com/article/2153713/security-leadership/how-to-optimize-your-security-budget.html By George V. Hulme CSO Online May 12, 2014 The good news is that security budgets are rising broadly. The bad news? So are successful attacks. Perhaps that’s why security budgets averaging $4.3 million this year represent a gain of 51% over the previous year – and that figure is nearly double the $2.2 million spent in 2010 – all according to our most recent Global Information Security Survey, conducted by PricewaterhouseCoopers. The question is, why? Why are security budgets rising but enterprises still are not getting the results hoped? “Many organizations are infatuated with buying the latest trendy thing, whether or not it makes the most sense for their specific security posture,” says Jay Leek, chief information security officer at The Blackstone Group. The 11th annual Global Information Security Survey of 9,600 executives also found that the number of organizations reporting losses of greater than $10 million per incident is up 75 percent from just two years ago. The costs of these breaches also are rising, with data breaches up 9 percent in 2013 from 2012. One thing is certain – the organizations are not spending on the technologies and capabilities best suited to help spot advanced attackers, such as malware analysis with only 51% doing so, inspection of traffic leaving the network (41%), rogue device scaling (34%), deep packet inspection (27%), or threat modeling (21%). […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Thoughts on USG Candor to China on Cyber

http://www.lawfareblog.com/2014/04/thoughts-on-usg-candor-to-china-on-cyber/ By Jack Goldsmith lawfareblog.com April 8, 2014 Paul is skeptical about the USG’s unilateral briefing to Chinese officials on some of its cyber operations and doctrines that David Sanger discloses in the NYT. He argues that China is unlikely to reciprocate, he doubts the usefulness of the unilateral disclosure, and he wonders why the USG does not share the information with the American public. I think the matter is more complex. First, it may be (as I have long argued) that greater candor by the USG vis a vis China is a necessary precondition to genuine progress on the development of norms for cyberoperations – both exploitation and attack. Unless we can credibly convey what we are doing and what we might do (and not do) in certain cyber situations, our adversaries will assume the worst and (a) invest in their own cyber programs to keep up – a classic arms race situation, and/or (b) interpret particular cyberoperations in a risk-averse fashion, in their least charitable light, which might induce unwarranted escalation in those contexts. Our adversaries will rationally assume the worst because, despite USG claims about its responsible use of cyber exploitations and attacks, the news is filled with reports about prodigious USG cyber-operations and aggressive plans in this realm. Indeed, as Sanger notes: “The Pentagon plans to spend $26 billion on cybertechnology over the next five years — much of it for defense of the military’s networks, but billions for developing offensive weapons — and that sum does not include budgets for the intelligence community’s efforts in more covert operations. It is one of the few areas, along with drones and Special Operations forces, that are getting more investment at a time of overall Pentagon cutbacks.” Second, Paul is right to be skeptical about reciprocity by China. But it sounds like the United States didn’t give up much new information on U.S. doctrine for the use of cyberweapons. (Sanger states that “elements of the doctrine can be pieced together from statements by senior officials and a dense “Presidential Decision Directive” on such activities signed by Mr. Obama in 2012.”) More importantly, the United States can in theory benefit from unilateral disclosure of doctrine and weapons capabilities even if China doesn’t reciprocate, for the unilateral disclosure might assist China in interpreting, and not misinterpreting, USG actions in the cyber realm – all to the USG’s advantage. As Sanger says, “American officials say their latest initiatives were inspired by Cold-War-era exchanges held with the Soviets so that each side understood the “red lines” for employing nuclear weapons against each other.” In theory, unilateral information disclosure to China about the nature of USG cyberoperations can help China interpret USG actions properly, and can thereby help tamp down on the possibility of mistaken escalation by China; and the USG might also in this manner help China to see the benefits to itself in disclosure to the USG. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Qatar to establish cyber security committee

http://www.arabianbusiness.com/qatar-establish-cyber-security-committee-537614.html By Courtney Trenwith arabianbusiness.com 6 February 2014 Qatar has announced it will establish a national cyber security committee to oversee the country’s fight against cyber crime and prevention strategies. The committee, which has been approved by the Cabinet, also would be involved in the protection of vital infrastructure and information, communication services and associated database technology. It will be responsible for safeguarding the nation’s security, financial and economic interests and improve Qatar’s competitiveness capabilities, as well as advise companies, institutions and individuals. The draft law also requires institutions to establish individual frameworks for dealing with cyber security and to allocate funding within their budgets. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Time for a U.S. Cyber Force

http://www.usni.org/magazines/proceedings/2014-01/time-us-cyber-force Proceedings Magaizine – January 2014 Vol. 140/1/1,331 By Admiral James Stavridis, U.S. Navy (Retired) and David Weinstein Instead of each armed service having its own version of a cyber command, why not create a separate entity altogether that would serve all branches? In November 1918, U.S. Army Brigadier General Billy Mitchell made the following observation: “The day has passed when armies of the ground or navies of the sea can be the arbiter of a nation’s destiny in war.” General Mitchell’s comments came in the context of a vigorous debate involving a then-new domain of warfare: the skies. Nearly a century later, we are confronted with yet another contested domain. Cyberspace, like airspace, constitutes a vital operational venue for the U.S. military. Accordingly, it warrants what the sea, air, and land each have—an independent branch of the armed services. Eight months before Mitchell’s clairvoyant statement, President Woodrow Wilson had signed two executive orders to establish the U.S. Army Air Service, replacing the Aviation Section of the U.S. Signal Corps as the military’s aerial warfare unit. This small force served as a temporary branch of the War Department during World War I and looked much like the Pentagon’s joint task forces of today. It was relatively small and consisted of personnel on assignment from the different services. In 1920, the Air Service’s personnel were recommissioned into the Army. The decision was backed by the popular belief that aviation existed exclusively to support ground troops. A significant debate was under way within the armed services. The minority camp, led by Mitchell, advocated on behalf of establishing an independent service for aerial warfare. He contended that air power would serve a purpose beyond supporting the Army’s ground movements, and that gaining and maintaining preeminence of the skies required an entirely autonomous branch with indigenous manning, personnel, logistics, and acquisition duties. His opponents, on the other hand, favored integrating aviation into the existing services. Budgets were tight, and Army brass were eager to garner additional funding streams. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail