Cybersecurity News of the Week of, October 1, 2017

Cyber Security News


from our friends at Citadel Information Group


Individuals at Risk

Identity Theft

Here’s What to Ask the Former Equifax CEO: Richard Smith — who resigned as chief executive of big-three credit bureau Equifax this week in the wake of a data breach that exposed 143 million Social Security numbers — is slated to testify in front of no fewer than four committees on Capitol Hill next week. If I were a lawmaker, here are some of the questions I’d ask when Mr. Smith goes to Washington. KrebsOnSecurity, September 29, 2017

Equifax or Equiphish?: More than a week after it said most people would be eligible to enroll in a free year of its TrustedID identity theft monitoring service, big three consumer credit bureau Equifax has begun sending out email notifications to people who were able to take the company up on its offer. But in yet another security stumble, the company appears to be training recipients to fall for phishing scams. KrebsOnSecurity, September 24, 2017

Identity Theft – How to Protect Yourself: List of Resources: As you might have heard by now, Equifax was hacked and it’s up to you to take steps to protect yourself against identity theft. However, we’re here to help! We’ve collated some information from SANS Security Awareness here to help you get answers quickly. The Economist recently wrote an article on identity theft, utilizing SANS Security Awareness Director, Lance Spitzner to weigh in on credit monitoring and how much work is involved in undoing the damage of identity theft. He says, “The best step is to establish a credit freeze at all of the Credit Bureaus…”. Of course, there are other actions you can be taking to protect yourself, your family and your organization. We’ve identified ways you can protect yourself and your company through this blog post. SANS, September 20, 2017

How to “Freeze” Your Credit Files: If you live in California, you have the right to put a “security freeze” on your credit file. A security freeze means that your file cannot be shared with potential creditors. A security freeze can help prevent identity theft. Most businesses will not open credit accounts without first checking a consumer’s credit history. If your credit files are frozen, even someone who has your name and Social Security number would probably not be able to get credit in your name.

Stan Stahl discusses the Equifax mess with Larry Marino: Stan Stahl, President CEO of Citadel Information Group and Non Profit Secure the Village – Updates the Equifax hack that involves the stealing of approximately 143 Million American’s personal information records.. Sunday Morning Newsmakers, October 1, 2017

Cyber Privacy

What If We Told You About Your Digital Copies: This ‘digital copy’ is a very real and expanding entity that is both representing you and as a proxy and revealing more and more detailed aspects about your personal and private life. Shocking as that may sound, you are the very one who is feeding that copy by providing information freely in large proportions. Every day, we trade our personal information (and our privacy) for things like ‘free’ email, faster product shipping, and social news feeds that connect us with friends and family. This very public copy is not going away anytime soon, so the question is “Is that something that is helping or hindering you?” ITSP, September 2017

Cyber Defense

Tips for protecting your #CryptoCurrency: Intrigued by the many possibilities of cryptocurrencies – not least by the prospect to “earn” serious money while doing nothing – you’ve decided to take the plunge and invest in some. HelpNetSecurity, September 29, 2017

How Credit Card Companies Spot Fraud … And Advice for Consumers: Credit card companies and banks, to protect your account and themselves, have gotten good at detecting credit fraud, such as when a purchase is made in an unlikely location or for an unusual amount, or when transactions occur at odd times. The Motley Fool, September 29, 2017

Answers to 5 Computer Security Questions Readers Keep Asking: After my contemporary thriller Kill Big Brother came out readers started asking how they can protect themselves online. Many more also called into radio shows I was a guest on. As I began answering, radio show hosts would often ask me to stay on for another segment because the phone lines were lighting up. Over time I found people were mostly asking the same five questions—and they are important and topical questions. Forbes, September 28, 2017

Email Do’s and Don’ts – SANS Awareness Newsletter: Email is still one of the primary ways we communicate, both in our personal and professional lives. However, we can quite often be our own worst enemy when using email. In this newsletter, we will explain the most common mistakes people make with email and how you can avoid them in your day-to-day lives. Sans, September 2016

Cyber Warning

Chaos and hackers stalk investors on cryptocurrency exchanges: LONDON, SHANGHAI, NEW YORK (Reuters) – Dan Wasyluk discovered the hard way that trading cryptocurrencies such as bitcoin happens in an online Wild West where sheriffs are largely absent. Reuters, September 29, 2017

Many Macs vulnerable to firmware attacks, despite OS and security updates http://: Several updated Mac models don’t receive EFI security fixes, putting machines at risk for targeted cyberattacks. DarkReading, September 29, 2017

Information Security Management in the Organization

Information Security Management and Governance

Cisco Chief Information Security Officer Shares Strategy for Fighting Cybercrime: Steve Martino, chief information security officer at Cisco, shares his advice for assisting a worried Board of Directors. Business Insider, Sep 30, 2017

Company directors are increasingly involved with cybersecurity: According to a new survey by BDO USA, 79% of public company directors report that their board is more involved with cybersecurity than it was 12 months ago and 78% say they have increased company investments during the past year to defend against cyber-attacks, with an average budget expansion of 19 percent. HelpNetSecurity, September 29, 2017

Six Key Traits of an Effective Cyber Risk Advisor: What makes a good cyber risk advisor? What skills do they need to help board directors address cybersecurity? According to a report by BayDynamics, board directors “may not be experts in security, but they do know how to steer a business away from risk and toward profit by listening to subject matter experts. However, they expect those experts to frame that advice around relevant business concerns.” SecurityIntelligence, September 28, 2017

Cyber Awareness

Getting an Earful: Convincing Employees to Care About Network Security: Employees remain the biggest source of corporate cyber risk. According to the “IBM X-Force 2016 Cyber Security Intelligence Index,” staff members are responsible for 60 percent of all digital attacks endured by enterprises. In most cases, there’s no malicious intent. Employees may subvert network security by opening infected email attachments, falling for well-crafted phishing attacks, accessing compromised third-party apps or accidentally posting confidential information on social media sites. SecurityIntelligence, September 29, 2017

What’s Your Tech-to-Human Security Ratio?: Ever wonder why some security awareness programs successfully change and secure human behavior while others fail? One of the most common reasons for failure is minimal investment. Many organizations are heavily investing in their cyber security programs. The problem is they are stuck in the 1990s focusing only on bits-n-bytes. While technology is where every organization should start, we have hit the point of diminishing returns. In today’s world organizations need to start investing in their human security also. To see where your organization stands, determine your Tech-to-Human security ratio. There are two ways to do this. SANS, September 25, 2017

Cyber Defense

Oregon Medicaid System Shut Down Allegedly by Ex-Staffer After Inadequate Adverse Termination: A federal criminal case alleges that a former Hewlett-Packard Enterprise Corp. employee shut down Oregon’s Medicaid information systems for several hours after the vendor laid him off. Security experts caution organizations to take steps to minimize risks from workers who are laid off or fired. “When an employee is suddenly fired, a few minutes of unfettered access to information systems can lead to a lot of damage,” says privacy attorney Adam Greene of the law firm Davis Wright Tremaine. BankInfoSecurity, September 29, 2017

Cyber Insurance

Cyberinsurance is gaining steam for smaller businesses: Cyberinsurance used to be only for large corporations, but policies are becoming available for small and medium-sized businesses. Read advice about what to consider before purchasing a cyber policy. TechRepublic, September 18, 2017

Cybersecurity in Society

Cyber Crime

Malware attacks San Ysidro School District, demands $19K ransom: Malware infected computers at a local school district this month, deleting emails and forcing the district to temporarily shut down part of its systems., September 29, 2017

Whole Foods taprooms and restaurants hit by hack, credit card information stolen: If you ate or drank at Whole Foods recently, you might want to keep a close eye on your credit card transactions. CNet, September 29, 2017

Source: Deloitte Breach Affected All Company Email, Admin Accounts: Deloitte, one of the world’s “big four” accounting firms, has acknowledged a breach of its internal email systems, British news outlet The Guardian revealed today. Deloitte has sought to downplay the incident, saying it impacted “very few” clients. But according to a source close to the investigation, the breach dates back to at least the fall of 2016, and involves the compromise of all administrator accounts at the company as well as Deloitte’s entire internal email system. KrebsOnSecurity, September 25, 2017

Cyber Privacy

DOJ demands Facebook information from ‘anti-administration activists’: Washington (CNN)Trump administration lawyers are demanding the private account information of potentially thousands of Facebook users in three separate search warrants served on the social media giant, according to court documents obtained by CNN. CNN, September 30, 2017

Cyber Defense

Google plans to stop trusting current Symantec certificates: Here’s what tech pros need to know: Validity concerns with existing Symantec SSL certificates are provoking some changes in upcoming Google Chrome releases. Learn the details involved. TechRepublic, September 29, 2017

Know Your Enemy

Cybercriminals increasingly focusing on credential theft: Criminal tactics used to access user credentials are growing in prevelance, and that a record 47 percent of all malware is new or zero day, and thus able to evade signature-based antivirus solutions, according to WatchGuard. HelpNetSecurity, September 29, 2017

Cyber Freedom

Securing Our Village & Our Country’s Election Process. Stan Stahl to Speak at Impact Roundtable: Our freedoms and democratic way of life are under attack — and we must act now to create a cybersecurity-sensitive culture. Event Date: Friday October 13, 2017

Cyber Culture

Cybersecurity CEO Emphasizes Sharing & Collaboration as Critical Defense against Cybercrime: Want to protect what you’ve built? Then you’ll need to work differently, according to Melanie Rieback. Entrepeneur, September 29, 2017

Cyber Gov

Many federal agencies still weak on information security, GAO report finds: In a time of rampant cybersecurity concerns, a recently released Government Accountability Office report expresses frustration with the information security at federal agencies. fedscoop, September 29, 2017

Cyber Research

Scientists hold world’s first intercontinental video conference using quantum encryption: Two scientists in Austria and China have held the first intercontinental video conference to have been encrypted using quantum technology. Independent, September 29, 2017

SecureTheVillage Calendar

Glendale Tech Week: SecureTheVillage and Citadel President Stan Stahl will join Louie Sadd, Datastream Managing Partner and SecureTheVillage Leadership Council member, and other cybersecurity panelists. October 12, 10:00 – 11:00, Glendale Central Library.

Securing Our Village & Our Country’s Election Process. Stan Stahl to Speak at Impact Roundtable: Our freedoms and democratic way of life are under attack — and we must act now to create a cybersecurity-sensitive culture. Event Date: Friday October 13, 2017

SecureTheVillage: Cybersecure Los Angeles 2017 — Get Cyber Prepared: SecureTheVillage joins UCLA Extension for its first cybersecurity conference. Learn from leading information security professionals and law enforcement, including: information security providers, cyber-insurance, financial services, law, the FBI, LA County District Attorney’s Office, and more. Leave with SecureTheVillage’s Information Security Management and Leadership ResourceKit: A practical guide for implementing an information security management and leadership program in your organization. October 19, 9:00 – 2:00, UCLA Extension, Figueroa Courtyard

The post Cybersecurity News of the Week, October 1, 2017 appeared first on Citadel Information Group.

Jeff Snyder's, SecuirtyRecruiter.comSecurity Recruiter Blog, 719.686.8810