Tag Archives: industry

[ISN] Newly Fired CEO Of Norse Fires Back At Critics

www.darkreading.com/threat-intelligence/newly-fired-ceo-of-norse-fires-back-at-critics-/d/d-id/1324195 By Jai Vijayan DarkReading.com 2/4/2016 Critics maintain that Norse Corp. is peddling threat data as threat intelligence. A massive and potentially company-ending shakeup at security vendor Norse Corp. in recent weeks amid controversy over its practices may be a signal that the threat intelligence industry is finally maturing. KrebsonSecurity last week reported that Norse had fired its CEO Sam Glines after letting go some 30% of its staff less than a month earlier. The blog quoted unnamed sources as saying Norse’s board of directors had asked board member Howard Bain to take over as an interim CEO. The remaining employees at the Foster City, Calif.-based threat intelligence firm were apparently informed they could continue showing up for work, but there would be no guarantee they would be paid, KrebsonSecurity reported. Shortly thereafter, Norse’s website went dark and remained unavailable through the week




Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] IoT risks raise concerns among IT specialists in central and eastern Europe

www.computerweekly.com/news/4500272253/IoT-risks-raise-concerns-among-IT-specialists-in-CEE By Krzysztof Polak ComputerWeekly.com 04 Feb 2016 The internet of things (IoT) has gone from an industry buzzword to a highly promising phenomenon in central and eastern Europe – but IT specialists are concerned about how to protect networks from the extra strain of new connected devices. The driving force behind IoT is the desire to gain knowledge and insights about, for example, buildings, cars, industrial installations, healthcare, aviation and civil infrastructure, using smart and connected devices. But according to Sylwester Chojnacki, director, enterprise business group at Huawei CEE, the designers of IoT equipment have not learned the lessons from the early years of internet development. “They do not pay sufficient attention to the safety of devices and applications,” he said. IoT devices are often the first target in cyber attacks, leading to intrusions into computer systems and large databases. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Here’s what ‘Shmoocon 2016,’ the D.C. hackerfest, tells us about the cybersecurity industry

www.washingtonpost.com/news/capital-business/wp/2016/01/28/heres-whats-changing-in-d-c-s-hacker-community/ By Aaron Gregg The Washington Post January 28, 2016 Walking around Shmoocon, a D.C. cybersecurity conference in its 12th year, one gets the impression that the hacker community is growing out of a bit of its outrageousness. “There’s a chaotic element to it that has really fallen off,” said Shmoocon founder Bruce Potter. “All the shenanigans you used to see; dumping Jello in the fountain in Vegas…you don’t even see it anywhere anymore.” To be sure, the cultural quirks are still there. Grown men still call each other by over-the-top hacker aliases. A man walks around wearing a chicken mask with a fluorescent-green box strapped to this back blaring electronic music. With the exception of a group of West Point cadets, everyone is wearing T-shirts. But the crowd’s absurdities make it easy to forget that these are some of the most sought-after professionals in business, government and war. Over the past few years costly and highly-public instances of data theft have driven huge corporations to give cybersecurity professionals C-suite representation for the first time. And there’s a massive dearth of trained cybersecurity professionals, even in the Washington area: a 2015 report from market research firm Burning Glass found almost 50,000 open positions for cybersecurity professionals across the country with an advertised average salary of $83,934. As a result, conferences like Shmoocon have become central nodes where corporate and government recruiters find cyber talent. Local economic development boosters are targeting cybersecurity as a growth sector for the region, hoping they can capitalize on the steady stream of specialized talent that spills out the region’s military and intelligence agencies. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] What are Top HIPAA Compliance Concerns, Obstacles?

healthitsecurity.com/news/what-are-top-hipaa-compliance-concerns-obstacles By Elizabeth Snell Health IT Security January 25, 2016 Maintaining HIPAA compliance should always be a key area for leaders in the healthcare industry, but as technology continues to evolve, there are numerous factors coming into play that could affect how organizations keep patient data secure. But what type of obstacles are standing in provider’s’ way? Are there certain difficulties when it comes to HIPAA compliance? We’ve previously discussed the legal perspective on HIPAA regulations, and various experts in the field have claimed that “it’s not a matter of if, but a matter of when” a data breach will take place. Recent OCR HIPAA settlements not only show that size is not a factor when it comes to enforcement, but that organizations need to be mindful of everything from physical safeguards to conducting regular risk assessments. Technical advancements have also proven to be potentially beneficial to covered entities. Whether an organization is looking to implement secure messaging options or potentially invest in cloud storage, privacy and security issues cannot be overlooked. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Global Payments to Buy Heartland for $4.3 Billion

www.bankinfosecurity.com/global-payments-to-buy-heartland-for-43-billion-a-8753 By Tracy Kitten @FraudBlogger Bank Info Security December 16, 2015 Two leading payments processors that each suffered massive data breaches are consolidating. Atlanta-based Global Payments Inc. plans to buy its smaller rival, Princeton, N.J.-based Heartland Payment Systems Inc., for $4.3 billion. The deal that is expected to close during the fiscal fourth quarter ending May 31, 2016. Industry observers are weighing in on whether the merged companies will successfully build a strong culture of security. “Heartland really took its breach to heart and was one of the best examples of how to learn from such an event and turn it into a leadership opportunity,” says Al Pascual, director of fraud and security at Javelin Strategy & Research. “I give the CEO [Bob Carr] a lot of credit for that. Global Payments was quite the opposite, with one of the least transparent breach events in the payments industry. I’m hoping the security culture of Heartland becomes the dominant one.” But Tom Wills, managing director of payments security consultancy Secure Strategies, says it could be difficult for the new company created through the merger to improve security. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] A change in wording could attract more women to infosec

www.csoonline.com/article/3005406/it-careers/a-change-in-wording-could-attract-more-women-to-infosec.html By Lysa Myers CSO Nov 17, 2015 Information security is an endeavor that is frequently described in terms of war: Red team. Blue team. White hat. Black hat. Battle plan. Kill chain. Command and Control. Trojan horse. Payload. Demilitarized zone. Reconnaissance. Infiltration. Adversary. But what would the gender balance of this industry be like if we used more terms from other disciplines? At the recent National Initiative for Cybersecurity Education (NICE) conference, I found myself in several discussions about the possibility that battlefield verbiage caused girls to avoid pursuing InfoSec careers. Answering the question above is not a simple task, but we may take some clues from history, as well as other industries, to view the possibilities. The biggest reason we use so many battle-related security phrases is probably because the military has long been an incubator for new technology. Protecting that machinery and knowledge from prying eyes is no small feat; the military trains and employs a great number of people to secure its systems. As a result, many people involved in cybersecurity started their careers in military or government organizations. As far as gender imbalances go, the military is nearly as lopsided as the InfoSec industry: 14.5 percent of the active duty force as of 2013 was comprised of women, with only 7.1 percent of the top ranks being held by women. In cybersecurity specialties 14 percent of personnel are female. Though, as is described in the previous link, many of those women have gone on to high-ranking positions in government and private sector organizations. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Report: Healthcare Security Incidents 3 Times More Likely

http://healthitsecurity.com/news/report-healthcare-security-incidents-3-times-more-likely By Elizabeth Snell Health IT Security September 24, 2015 It should come as no surprise that healthcare security incidents are becoming an increasingly common occurrence in the industry, especially with more providers connecting to HIEs and implementing EMRs. However, a recent survey shows that the healthcare industry sees 340 percent more security incidents and attacks than the average sector. According to the Websense Security Labs™ 2015 Healthcare Drill-Down Report, the healthcare industry is also 200 percent more likely to see data theft and 74 percent more likely to be impacted by phishing schemes. The move to electronic health records is part of the reason why healthcare is seemingly so vulnerable to extra attacks, according to Raytheon|Websense Principal Security Analyst Carl Leonard. “This is a new environment and [healthcare organizations] are trying to make sure the data is secure but also available,” Leonard told HealthITSecurity.com. “Because when the physicians need access to this data, it has to be accurate and they have to access it in a very time critical manner so they can deliver that very timely and important patient care.” Leonard added that healthcare security must be considered as a business enabler in the industry because there is a chance for that sensitive data (PHI and PII) to be lost. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Compassion Fatigue in an industry largely devoid of compassion.

https://jerichoattrition.wordpress.com/2015/09/26/compassion-fatigue-in-an-industry-largely-devoid-of-compassion/ By jerichoattrition Curmudgeonly Ways September 26, 2015 A few days ago, Bruce Schneier actually wrote a slightly interesting piece for Fusion. I say that with surprise because most of his articles are engaging and well-written, but he rarely shares new ideas or concepts. Most of my professional circle is already very familiar with a given topic, and Schneier largely enjoys a reputation for his insight because he has a considerable following and they read about it there first. In this case, it wasn’t so much that Schneier’s piece was new information (he did quote and cite a 1989 reference on the topic that was new to me), it was that he flirted with a much more interesting topic that is somewhat aligned with his point. In ‘Living in Code Yellow’, Schneier quotes a handgun expert who described a specific mind-set. From his article: In 1989, handgun expert Jeff Cooper invented something called the Color Code to describe what he called the “combat mind-set.” Here is his summary: [..] In Yellow you bring yourself to the understanding that your life may be in danger and that you may have to do something about it. Reading on, Schneier brings up the psychological toll that such a mindset can have, and that concept should not be new to anyone that has been in InfoSec for a few years. Cooper talked about remaining in Code Yellow over time, but he didn’t write about its psychological toll. It’s significant. Our brains can’t be on that alert level constantly. We need downtime. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail