What Should You do in the Event of a Cybersecurity Incident in an Industrial Environment?

read more

Go to Source
Author: Jalal Bouhdada

Before the wrapping paper starts flying, here’s some welcome cybersecurity advice to share with friends and family.

Go to Source
Author: Steve Zurier Freelance Writer

Phil Dunkelberger, CEO at Nok Nok Labs
Get ready for global tug-of-war on data privacy regulations. The global regulatory environment will become more challenging as regulators and global governments continue to strive to implement better data privacy protection – as was done with GDPR. While this is a great progress, we’re going to see these governments counter to gain more access to information. So essentially the message will be to not lose citizen data, but that you need to share with the government.

BeyondTrust’s Morey Haber, Chief Technology Officer, and Brian Chappell, Senior Director, Enterprise & Solutions Architecture
Evolving Definitions of Privacy – The millennial generation will share almost anything on the Internet. Social media has proven that almost anything goes regardless of its perceived sensitivity. This implies that nearly an entire generation has a lower sensitivity to private data and that a “who cares” attitude for sensitive information is beginning its own movement. In addition, as we become numb to data exposure, the public dumping of health records and voter registration information, expect some push back from the youngest voting group regarding the data being exposed due to a hack. If most sensitive personal data is public (like name, email, address, birthday, etc.) and only the most important information protected (social security number, bank records, credit cards), the value is diminished for anything already being exposed today and the “who cares” movement has begun. Expect data classification to evolve based on the youngest users, and what we consider private today will not be private, or of a concern, tomorrow.

Nina Bryant, director, FTI Technology
Regulators will cooperate for GDPR enforcement. “It’s very likely that this will happen more in future actions, particularly in industries like healthcare, pharma and financial services where regulators are already extremely active. We expect to see increasing cooperation between multiple regulators, federal agencies and EU data protection authorities to investigate and enforce data privacy principles.”

Roger Grimes, Data Driven Defense Evangelist, KnowBe4
National Privacy Law Is Created And We Will Hate It. With the EU’s GDPR passed and California creating a US-like-version of GDPR that applies to any company doing business in their state or with their citizens; and on top of the recent debacles by multiple big US firms that haven’t done such a great job at protecting consumers’ private information, expect a national privacy law to be created and passed by Congress. And if history is any guide (see the CAN-SPAM act, etc.) the law will be mostly crafted by the very entities that it’s supposed to protect us against. It will contain multiple clauses which essentially make it easier for corporations to take and use private information, with even fewer penalties and consistency than what California is trying to build.

Jackson Shaw, VP of Product Management at One Identity
GDPR-like regulation will catch like wildfire across the globe — but the U.S. will continue to hold out…for now. In 2019, GDPR will pass its first anniversary, which in the mind of the EU will have been plenty of time for organizations to protect citizen data. A breach will occur to a global brand and the EU will make an example of that company. Following by example, governmental legislators from around the globe will take notice of the new privacy “gold standard” that is GDPR and enact laws similar in nature. In fact, we’re already starting to see this happen in countries like China, Singapore and Australia. Despite the recent rally cry for federal data privacy from Apple’s Tim Cook, the one exception will be the pro-business, anti-regulation United States — at least, for now. What businesses need to start to think about in the meantime are three main pillars of GDPR: defining what is personal data, identifying what must be done to protect that data, and outlining what should organizations do in the event of a breach of that data.

Jake Olcott, VP of Government Affairs at BitSight
Cybersecurity performance becomes central to the discussion around security and data privacy regulation in the U.S. In the wake of the implementation of the GDPR in Europe, similar legislation will be considered by the U.S. Congress and other government bodies across the globe. As part of the process, the policymaking community will begin exploring cybersecurity performance data to determine how to track and measure the success of such a regulatory initiative.

Julian Dunn, director of product marketing, Chef Software
2019 will be the year of increased regulation and government scrutiny around security and data privacy. The ongoing drumbeat of ever-more serious security breaches, coupled both Facebook and Google making the news for willful disregard of consumers’ private data, will collide in  2019. Politically, we can expect a Democratic-controlled House to attempt to pass one or more legislative bills to address these concerns, particularly as we can (unfortunately) expect at least several extremely serious security breaches in 2019. While this legislation may not actually clear a Republican-controlled Senate, data privacy and security will be a political issue through 2019 and even be a major issue in the 2020 election — potentially even becoming a substantial plank in a broader “anti-tech” platform by US presidential candidates.

The post 2019 Cybersecurity Predictions: Privacy appeared first on SC Media.

Go to Source
Author: Doug Olenick

By Brian NeSmith, CEO and co-founder of Arctic Wolf Networks

Over half of the population claims to regularly see fake news on sites such as Facebook or Twitter. Yet, despite fake news being more commonplace than one would think, social media companies have been highly ineffective in doing anything — except around the most egregious events. Next year, this trend will increase substantially, especially as our nation gears up for the 2020 elections.

Brian NeSmith, CEO and co-founder of Arctic Wolf Networks

The most notable example of hackers leveraging fake news was when Russian agents used misinformation campaigns, including 3,500 divisive Facebook ads, to allegedly influence the 2016 U.S. elections (CNBC). Such instances have made it clear to malicious actors that it is just as impactful to influence an election by stirring the pot as it is to directly attack voting machines. As we continue to see more instances in which false campaigns on social media impact our nation, we will begin to see more regulation of social media, especially around key, controversial topics.

The Ugly Truth About A Past Presidential Election Will Emerge

In 2019, it’s likely that evidence will emerge of tampering in a past presidential election, confirming the impact that foreign nationals have had on the U.S.’s democratic process. As such, we can expect to see the federal government, as well as state and local governments, in the “hot seat,” as citizens look to officials to take action and ensure the 2020 elections are secure. Making the real question: how will they respond? In the private sector, we are starting to see the C-Suite held responsible for their organization being attacked. Will the same stand true for government entities that aren’t taking proper steps to fix the security vulnerabilities within the voting process? These are questions we will see answered leading up to the 2020 elections.

False Attribution Leads to a Low Level Cyber War

The potential that cyber attacks provide for state-sponsored groups to attack through covert operations, potentially to even mislead and cause false attribution of an attack, lends itself to a whole new kind of warfare. This is multi-dimensional chess. In 2019, we will begin to see a transition to combat leveraging cyber tactics to take out pieces of a country’s infrastructure, instead of dropping bombs. We saw this in 2016 when Russia turned off the electricity to hundreds of thousands in Ukraine, but this was merely a test run. Next year, we will see an increase in these types of attacks between major nations, and we will see a falsely attributed attack cause extreme disruption in our ecosystem.

Small Organizations Will Finally Take an Enterprise Approach to Cybersecurity

Small organizations are finally realizing that they need to be as prepared as large organizations when it comes to cybersecurity, making it no longer an IT problem but a larger business challenge within every organization. Additionally, we will see small businesses’ approach to cybersecurity impacting larger organizations through the supply chain vector. Hackers will take advantage of smaller organizations, which often fuel larger business’ supply chains, because they typically have security vulnerabilities that can be more readily exploited than larger “targeted” companies. With this in mind, in 2019 we will see the C-Suite become more involved in cybersecurity, not only when it comes to making decisions about tools to leverage, but also taking the brunt of repercussions.

The post Management of “Fake News” on Social Media Will Continue On Its Downward Spiral appeared first on SC Media.

Go to Source
Author: Doug Olenick

URSNIF, EMOTET, DRIDEX and BitPaymer Gangs Linked by a Similar Loader

As ransomware and banking trojans captured the interest – and profits – of the world with…

Peter Swire proposes a a pedagogic framework for teaching cybersecurity policy. Specifically, he makes real the old joke about adding levels to the OSI networking stack: an organizational layer, a government layer, and an international layer.

Go to Source
Author: Bruce Schneier

Teaching Cybersecurity Policy

Peter Swire proposes a a pedagogic framework for teaching cybersecurity policy. Specifically, he makes real the…

WordPress Appliance - Powered by TurnKey Linux