In that event, I had several conversations with different professionals from different company. The most impressive conversation for me is about the differences between IT auditing and cyber security auditing. For IT auditing, IT auditors need to repeat the audit process again and again with different clients to review everything related to technology and business. However, for cyber security auditing, they can meet a lot of different technologies to make sure the controls are available to deal with the risks. It needs them to keep learning the development of the new technologies. No matter which position you do, they are important to every organization.
The Pros and Cons of Identity Monitoring Services
The article lists the advantages and disadvantages of identify monitoring services.
Pro: You’ll have peace of mind if you’re at a high risk of identity theft. Having an identity monitoring service may offer an extra layer of security and put your mind at ease.
Cons: The cost may be a problem. The more you pay, you more protection received. However, it can be expensive based on which plan you need.
Con: The services don’t necessarily prevent fraudulent activity. While these services will alert you that fraud has occurred, they won’t necessarily keep it from happening.
Con: You can get similar protection without paying an ID monitoring company. American Automobile Association offers its members free identity theft protection,
https://money.usnews.com/money/personal-finance/family-finance/articles/2018-09-25/the-pros-and-cons-of-identity-monitoring-services
Is Your Data Breach Response Plan Ready?
According to the survey, there were more than 5,000 reported data breaches worldwide, and there were more than 1,500 in the U.S. alone. There for data breach response plan is important for every organization. The article lists several questions on an interview of Michael Bruemmer for organizations to help them prepare for the data breach response plan.
- How have typical responses to data breaches changed over the past five years?
- What still needs to occur to improve enterprises’ data breach response protocols and practices?
- When auditing their data breach response plan, what in particular should security leaders be looking for?
- What are the top three issues business security leaders should plan for next year?
- Are there any key tools or strategies security leaders can use to better engage with the C-Suite?
- The cybersecurity talent gap continues to be a real struggle for many security leaders. How can security professionals recruit the appropriate stakeholders and staff?
- Regarding response exercises and drills, what suggestions do you have for security leaders looking to involve multiple departments? What after-action steps are necessary to get the most out of these exercises?
https://www.securitymagazine.com/articles/89607-is-your-data-breach-response-plan-ready
The Biggest Cyber Threats to Watch Out for in 2019
The article introduces about the biggest cyber threats to watch out for in 2019. Chertoff Group estimate the biggest risks and make advise for the risks in 2019, which include security risk, technology and policy. The threats include following:
1,Cryptojacking, 2, Software subversion, 3, Rise in attacks to 4, the cryptocurrency ecosystem 5, (Slow) Domestic Movement on Data Privacy and Security Legislation 6, Cyber threats and influence operations 7, Heightened incident disclosure expectations (SEC, etc.) 8, Vulnerability equities process 9, CISA and lingering private sector resistance 10,Ambiguity remains for the Lines of Defense 11, Threat emulation to measure effectiveness (ATT@CK) 12, Identity solutions moving to the cloud 13, Authentication through mobile devices will explode 14, Customers will increasingly focus on effective risk management as a differentiator.
https://www.securitymagazine.com/articles/89581-the-biggest-cyber-threats-to-watch-out-for-in-2019
U.S. Consumers’ Security Habits Make Them Vulnerable to Fraud
U.S customers have bad habits in digital security. 51 percent admit to reusing passwords/PINs across multiple accounts such as email, computer log in, phone passcode, and bank accounts. 17 percent customers are concerned that they could fall victim to a physical security breach. 27 percent customers do not shred paper or physical documents containing sensitive information before throwing them away. There are additional information that consumers are unsure how to determine if they were victims of fraud and do not understand how to report and remediate fraud and theft. In addition, 72 percent customers believe that they can identify fraudulent emails or calls. Furthermore, consumers store paper documents containing sensitive information in risky ways. around 30 percent customers store the paper documents contain personal information in a box or desk.drawer. Finally, baby boomers have some of the safest information security habits, despite stereotypes suggesting otherwise.
https://www.securitymagazine.com/articles/89564-us-consumers-security-habits-make-them-vulnerable-to-fraud
5 Emerging Risk Management and Security Trends in Banking
The article introduces about five risk management and security trends in banking. The first one is security breaches. Security breaches make organizations spend a lot of money on it. There were security breaches which cause $1 billion data lose in the world in 2017. The number will keep increasing in the future. The second one is new regulation. The new regulations keep coming out. Organizations should make sure the compliance of the regulation when a new one is published. Next one is cloud-based solution. Many organizations start to se cloud-based computing. They spend over $1 trillion to purchase dedicated cloud computing. The following one is remote monitoring capacities. It provides flexible and efficient method in working. The last one is fraud mitigation. it brings video surveillance and data management solutions to integrate with access control and intrusion. To mitigate the risks, organizations should provide security service in line to deal with problems in time.
https://www.securitymagazine.com/articles/89528-emerging-risk-management-and-security-trends-in-banking
Why It’s So Hard to Punish Companies for Data Breaches
In the article, the author introduces about the reason why it is hard to punish the companies for data breaches. Sometimes the companies did everything right. Data breaches are because of unlucky, so it is unfair and unproductive to punish them. The hardest part is to determine where the line is between companies that do their due diligence and those that are negligent. Companies do not spend much money on protecting their data. For the companies have data breaches, they should face a combination of consequences that included both fines and corrective security measures. The fines would need to be hefty enough to motivate greater investment in data security and cover their customers’ losses. That makes them understand it is time-consuming and money-consuming if they do not protect data well.
https://www.nytimes.com/2018/10/16/opinion/facebook-data-breach-regulation.html?rref=collection%2Ftimestopic%2FComputer%20Security%20(Cybersecurity)&action=click&contentCollection=timestopics®ion=stream&module=stream_unit&version=latest&contentPlacement=3&pgtype=collection
Internet Hacking Is About to Get Much Worse
The article introduces about the Internet hacking become worse now, because computers are being embedded into physical devices and will affect lives, not just our data. The first reason internet is insecure is the buyers are not willing to pay money, time, or markets for security of their devices. Buyers do not have enough security awareness for that, because sometimes accepting the bad things are cheaper than fixing them. Users should be aware with that the computer is everywhere currently, such as cars and refrigerator. Attackers may attack the devices with computers. In order to deal with the problem, there should be a standard to make sure insecure products will not harm users. The minimum acceptable security should be included in the standard.
https://www.nytimes.com/2018/10/11/opinion/internet-hacking-cybersecurity-iot.html?rref=collection%2Ftimestopic%2FComputer%20Security%20(Cybersecurity)&action=click&contentCollection=timestopics®ion=stream&module=stream_unit&version=latest&contentPlacement=4&pgtype=collection
How to Work with Hackers to Make Your Company More Secure
The article introduces about how a company can work with hackers to make sure security. The article includes two examples. The first one is about Facebook. Facebook provided data abuse bounty to reward reports of misuse of data by app developers. The rewards encourage hackers to attack the system for security. The second example is Google. Google provided rewards to the hackers who have techniques that target its abuse and spam programs. Companies need to work with hackers because there are different hackers in the world. They focus on different vulnerabilities. If companies work with them. The vulnerabilities will be discovered. In addition, hackers can also help companies re-test the patched vulnerabilities. After a vulnerability is reported, the company should take actions to fix it and test it again. It is a good way to communicate with hackers when they attack the patched vulnerabilities.
https://www.securitymagazine.com/articles/89469-how-to-work-with-hackers-to-make-your-company-more-secure
Facebook Was Hacked. 3 Things You Should Do After the Breach.
Facebook was attacked by hackers. Nearly 50 million user accounts were affected in this incident. Hackers let people see their profile which looks like their friends’ profile. Hackers exploited a weakness in the tool to gain access to digital keys that let people access Facebook from a personal device without having to re-enter a password. The keys can be used by hackers to tack over the accounts. After the incident, there are three thins we need to do. First is to audit your devices. If you see you account login on a unfamiliar device or location, click “Remove” to remove the devices out of the account. Second is to change your password. Hackers may gain the passwords to access the accounts, so changing password is needed. Last is to turn on the two-factor authentication Using the codes sent by text message to logon the accounts. That makes others hard to logon your account even though they have the password.
https://www.techvows.com/facebook-was-hacked-3-things-you-should-do-after-the-breach/