Cyber Warnings E-Magazine – August 2015 Edition Copyright © Cyber Defense Magazine, All Rights Reserved Worldwide

Cyber Warnings E-Magazine – August 2015 Edition Copyright © Cyber Defense Magazine, All Rights Reserved Worldwide

1 Cyber Warnings E-Magazine – August 2015 Edition Copyright © Cyber Defense Magazine, All rights reserved worldwide CONTENTS CYBER WARNINGS Published monthly by Cyber Defense Magazine and distributed electronically via opt-in Email, HTML, PDF and RSA Conference is Right Around The Corner – Don’t Miss Out . 3 Online Flipbook formats. WHAT IS NEXT FOR U. S. NATIONAL CYBERSECURITY? ..... 5 PRESIDENT 2016 Predictions: The Evolving State of Cyber Security .......... 10 Stevin Victor Are Firewalls Still Relevant to Security? ................................... 12 [email protected] Building a Quality Workplace within the IT Industry .................. 15 EDITOR Can’t INFOSEC Actually Work to Thwart Threats and Protect Pierluigi Paganini, CEH Information? ............................................................................ 17 [email protected] Cross-site scripting remains a widespread retail vulnerability ... 21 ADVERTISING PROTECTING AMERICA’S NATIONAL TREASURE: THE Jessica Quinn INTERNET .............................................................................. 23 [email protected] The role of new technologies within the terrorist attacks .......... 28 KEY WRITERS AND CONTRIBUTORS Cybersecurity: Best Practices for Virtualization ........................ 31 Robert B. Dix, Jr. How to Protect Your Mobile Devices While You Travel ............ 35 Andrzej Kawalec Nimmy Reichenberg ABI Research Predicts 2016 to Mark Government ID Market’s Larry Letow Paul (Kip) James First Year of Double-Digit Growth Since 2013 .......................... 38 Alex Lating Gary Miliefsky MSPs Can Leverage Security Training to Stay Ahead of the Milica Djekic Symon Perriman Curve ....................................................................................... 40 Varun Kohli Christopher D. Porter North America's cybercrime marketplace hides in plain sight on Brian Winkler Surface Web ............................................................................ 43 Interested in writing for us: ShmooCon 2016 – Insights from the Trenches ........................ 46 [email protected] 2015 Year in Review Auto Cyber Security Top News Stories ... 48 CONTACT US: What we have learned from 2015 – malware, hacks, state Cyber Defense Magazine sponsored attacks, shaming and black mail ............................. 53 Toll Free: +1-800-518-5248 Fax: +1-702-703-5505 NSA Spying Concerns? Learn Counterveillance ...................... 55 SKYPE: cyber.defense Magazine: http://www.cyberdefensemagazine.com Top Twenty INFOSEC Open Sources ...................................... 58 Copyright (C) 2016, Cyber Defense Magazine, a division of National Information Security Group Offers FREE Techtips ..... 59 STEVEN G. SAMUELS LLC One Tara Boulevard, Suite 201, Nashua NH 03062. EIN: 454-18- 8465, DUNS# 078358935. Job Opportunities .................................................................... 60 All rights reserved worldwide. [email protected] Free Monthly Cyber Warnings Via Email.................................. 60 Executive Producer: Cyber Warnings Newsflash for January 2016 .......................... 63 Gary S. Miliefsky, CISSP® 2 Cyber Warnings E-Magazine – January 2016 Edition Copyright © Cyber Defense Magazine, All rights reserved worldwide RSA Conference is Right Around The Corner – Don’t Miss Out Friends, Every year, for the past 4 years, and we hope to continue this tradition for a very long time, Cyber Defense Magazine produces our annual Print Edition exclusively for the RSA Conference in the United States. This year, the conference takes place a bit earlier than last year, however, the weather will be warm and sunny in one of the nicest cities you could ever visit on earth – San Francisco, CA. From the Pacific Ocean to the Golden Gate Bridge, the views are stupendous. The food is great. The people are great. It’s just a great place. It’s so scenic, one must see it and experience it for themselves to believe it. Add the RSA Conference to the mix, and we bring to the Silicon Valley area, the best and brightest INFOSEC professionals on earth. So, we turn a corner entering 2016 with a well timed event – the Biggest INFOSEC show on earth, starting February 28th, through March 3, 2016. Meanwhile, we see, as I predicted, more breaches, more Remote Access Trojan (RAT) attacks, more sophisticated spear phishing and too many Cryptolocker victims to list. Isn’t it time we get our “C” level execs to take INFOSEC more seriously? Do we have to try to prove to them that just a firewall and antivirus alone is not enough? Do we have to explain why full disk encryption and frequent backups are so important? Or how about why we want to test the BCP/DRP plan and make sure there’s still fuel in the diesel backup generator and it actually still works? Let’s make our voices heard and convince the “C” levels that if they don’t start taking INFOSEC seriously, then if and when we fall victim, the possibility of NO RECOVERY from a breach – that is – going out of business – is a real threat to consider. Take time to come to RSA, gather new ideas and innovative tools, techniques and products to help us in our battle against spear phishing, RATs, denial of service, malicious insiders, rogue devices and the plethora of the barrage of new attack methodologies used by cyber criminals who understand the value of personally identifiable information (PII). Let’s learn more on how to stop them and get one step ahead of them this year. Then, let’s share our findings with our “C” level execs so they can make more intelligent buying decisions and understand why training employees is so important. If you are joining us at RSA, you’ll find us in our press room interviewing cyber luminaries or on the Expo floor at our kiosk – handing out free copies of the print edition and helping folks subscribe to our free monthly cyber warnings. If you have the time, please come see us at RSA. To our faithful readers, Enjoy Pierluigi Paganini Pierluigi Paganini, Editor-in-Chief, [email protected] 3 Cyber Warnings E-Magazine – January 2016 Edition Copyright © Cyber Defense Magazine, All rights reserved worldwide 4 Cyber Warnings E-Magazine – January 2016 Edition Copyright © Cyber Defense Magazine, All rights reserved worldwide WHAT IS NEXT FOR U. S. NATIONAL CYBERSECURITY? Robert B. Dix, Jr. Vice President, Global Government Affairs & Public Policy Juniper Networks Now that legislation intended to improve bi-directional cybersecurity information sharing between government and industry has been passed by the Congress and signed by the President as part of the Consolidated Appropriations Act, 2016, what are the next steps that should be addressed to improve overall national cybersecurity? While improving the exchange of cybersecurity related information between industry and government is important, it must be understood that sharing alone is not the end game. The real objective must be establishing a national capability that can generate timely, reliable, and actionable situational awareness to help inform the cyber risk management decision making effort across the stakeholder community. Much work lies ahead to address cyber and physical security necessary to achieve and maintain secure and resilient critical infrastructure. The proliferation and reliance on mobile devices and the explosion of the Internet of Things (IoT) provides clear and compelling evidence about how this issue will continue to present an enormous challenge to national and economic security. A concern by some is that some legislators and even some in the Administration may conclude that the cybersecurity protection job is done. Those that engage these issues every day know much different. There are a number of basic, common sense measures that are long overdue and should be prioritized immediately if we are truly serious about meeting the cybersecurity challenge and helping make our nation safer and more secure. Actionable cyber situational awareness can only be accomplished through information sharing, analysis, and collaboration necessary to improve the detection, prevention, mitigation, and response to cyber events that may become incidents of national or even global consequence. Simply pushing large volumes of threat indicators without context or analysis necessary to identify patterns and trends of abnormal, anomalous, or even malicious behavior, is simply driving numbers, not results. While numbers might be impressive to the uninformed or under-informed, just pushing numbers from the government absent that analysis necessary to identify the most frequent attack vectors and separate noise from impact, will just continue the huge gap that exists today in the ability to meet the growing and increasingly dangerous cybersecurity challenge. In addition, as a nation we must move beyond the over-classification of information and threat intelligence that could assist industry and other stakeholders in making informed cyber risk management decisions. The government owns and has access to the majority of cyber threat intelligence; however, very little is shared in a timely manner with industry partners. Identifying and understanding the tactics, techniques, and procedures being utilized by the adversaries… not the 5 Cyber Warnings E-Magazine – January 2016 Edition Copyright © Cyber Defense Magazine, All rights reserved worldwide sources and methods that typically cause material information to be classified and largely outside of

View Full Text

Details

  • File Type
    pdf
  • Upload Time
    -
  • Content Languages
    English
  • Upload User
    Anonymous/Not logged-in
  • File Pages
    68 Page
  • File Size
    -

Download

Channel Download Status
Express Download Enable

Copyright

We respect the copyrights and intellectual property rights of all users. All uploaded documents are either original works of the uploader or authorized works of the rightful owners.

  • Not to be reproduced or distributed without explicit permission.
  • Not used for commercial purposes outside of approved use cases.
  • Not used to infringe on the rights of the original creators.
  • If you believe any content infringes your copyright, please contact us immediately.

Support

For help with questions, suggestions, or problems, please contact us