Corporate IT security

  • CybersecurityOngoing attack against oil tankers aims to defraud oil brokers

    A new report details a malicious and largely unknown targeted attack on oil tankers. First discovered in January 2014, the ongoing attack on oil cargos began in August 2013, and is designed to steal information and credentials for defrauding oil brokers. Despite having been compromised by this cyber-attack, which has been dubbed the “Phantom Menace,” none of the dozens of affected companies have been willing to report the invasion and risk global attention for vulnerabilities in their IT security networks.

  • Cyber businessStates, cities vying to become U.S. “cyber hub”

    The global cybersecurity market reached $67 billion in 2011, and it is projected to grow as high as $156 billion by 2019. The need for cybersecurity solutions and experts is going to grow as more companies such as Sony Pictures, Target, Home Depot, and Chase are hacked, consumers demand better online security, and businesses become more aware of the potential cost to their sales and reputation if they do not provide cybersecurity. As private sector firms compete with government agencies for the best cyber professionals, cities and states are also competing to be the country’s “cyber hub.”

  • Cyber insuranceInsurance industry wary about insuring Bitcoin companies, transactions

    Consumers worldwide are engaging in 100,000 financial transactions every day using Bitcoins. The currency has moved beyond its secretive past and has been embraced by tech firms who are interested in it from a technological perspective and for its investment potential. Venture capital companies have invested more than $670 million worth of Bitcoins into security-related companies. An estimated $3.5 billion worth of Bitcoins are in circulation, 82,000 merchants now accept the currency, and eight million users have set up Bitcoin “wallets” in which they store and manage the currency. As of Monday one bitcoin is worth about $240 U.S. dollars. As a digital currency, Bitcoin is vulnerable to cyber theft — and a s a result, cybersecurity has been a concern among many insurers considering policies that cover Bitcoins.

  • CybersecurityU.S. adopts a more assertive cyber defense posture

    Recent cyberattacks and intrusions by hackers, operating alone or backed by nation-states, have prompted the Pentagon and DHS to reaffirm their commitment to upholding the reliability and integrity of America’s cyber network and the systems connected to it. Americans rely on the connected Web to deliver critical services such as water and electricity, and should the Web be breached by bad actors, the consequences could threaten national security. “If we look at cyberspace as a hostile environment and there are bad people out there who want to do bad things to us, it may cause a wholesale re-examination of the way we build our systems in the first place,” noted one expert.

  • view counter
  • Cyber insuranceTo bolster the world’s inadequate cyber governance framework, a “Cyber WHO” is needed

    A new report on cyber governance commissioned by Zurich Insurance Group highlights challenges to digital security and identifies new opportunities for business. It calls for the establishment of guiding principles to build resilience and the establishment of supranational governance bodies such as a Cyber Stability Board and a “Cyber WHO.”

  • CybersecurityEfforts to improve cyber information sharing between the private sector, government

    Lately, Obama administration officials having been venturing West to encourage tech firms to support the government’s efforts to improve cyber information sharing between the private sector and government agencies. The House of Representatives last week passed two bills to advance such effort. The Protecting Cyber Networks Act and the National Cybersecurity Protection Advancement Act of 2015 authorize private firms to share threat data such as malware signatures, Internet protocol addresses, and domain names with other companies and the federal government. To the liking of the private sector, both bills offer companies liability protection for participating in cyberthreat information sharing.

  • view counter
  • CybersecurityEnergy companies prime targets for hackers

    A third of the cyber incidents handled in 2014 by DHS’s Industrial Control Systems Cyber Emergency Response Team involved energy companies. Oil and gas operators face the greatest cyber risks among energy producers because their projects often involve multiple companies working together, sharing information, and trying to integrate systems. Still, 60 percent of energy companies around the world said they do not have a cyberattack response plan.

  • CybersecurityCybersecurity firms hire former military, intelligence cyber experts

    Over the past two years, U.S. cybersecurity firms have brought in several former military and intelligence community computer experts to help combat hackers targeting the U.S. private sector. For the new private sector employees, the wages are higher and opportunities are endless. Hundreds of ex-government cybersecurity workers represent the competitive advantage of a cybersecurity services industry expected to bring in more than $48 billion in revenue next year, up 41 percent from 2012. “The people coming out of the military and the intelligence community are really, really good,” says a cyber startup founder. “They know the attackers. They know how they work.”

  • Data protectionDo you know where your data is?

    Bitglass, a data protection company, undertook an experiment aiming to gain better understanding of what happens to sensitive data once it has been stolen. In the experiment, stolen data traveled the globe, landing in five different continents and twenty-two countries within two weeks. Overall, the data was viewed more than 1,000 times and downloaded forty-seven times; some activity had connections to crime syndicates in Nigeria and Russia. “This experiment demonstrates the liquidity of breached data, underscoring the importance of discovering data breaches early,” said Nat Kausik, Bitglass CEO.

  • CybersecurityAir-gapped computer systems can be hacked by using heat: Researchers

    Computers and networks are air-gapped – that is, kept approximately fifteen inches (40 cm) apart — when they need to be kept highly secure and isolated from unsecured networks, such as the public Internet or an unsecured local area network. Typically, air-gapped computers are used in financial transactions, mission critical tasks, or military applications. Israeli researchers have discovered a new method, called BitWhisper, to breach air-gapped computer systems. The new method enables covert, two-way communications between adjacent, unconnected PC computers using heat – meaning that hackers to hack information from inside an air-gapped network, as well as transmit commands to it.

  • CybersecurityIT security spending grows, but confidence in cyber protection measures does not

    A new report looking at how organizations view the future of cyberthreats and these organizations’ current defenses, found that while IT spending is increasing, confidence in the efficacy of cyber protection is declining. In a survey of more than 800 IT security leaders and professionals, the report found that more than 70 percent of respondents’ networks had been breached in 2014 — a 62 percent increase from 2013. Security concerns are only going to increase as the number of Internet connected devices increase from fourteen billion today to fifty billion by 2020.

  • CybersecuritySenate panel passes revised cybersecurity bill, but privacy concerns remain

    Last Thursday, the Senate Intelligence Committeepassed the Cybersecurity Information Sharing Act(CISA) meant to encourage the private sector to share data with federal agencies, with the hopes of preventing and responding to cyberthreats before they materialized. The bill is a reincarnation of the 2013 Cyber Intelligence Sharing and Protection Act(CISPA), which drew a veto threat from President Barack Obama because of privacy concerns. Critics say that CISA, as was the case with its predecessor, would create a legal framework for companies to more closely monitor internet users and share that data with government agencies.

  • PrivacyThe Brandeis program: Harnessing technology to ensure online privacy

    In a seminal 1890 article in the Harvard Law Review, Louis Brandeis developed the concept of the “right to privacy.” DARPA the other day announced the Brandeis program – a project aiming to research and develop tools for online privacy, one of the most vexing problems facing the connected world as devices and data proliferate beyond a capacity to be managed responsibly.

  • CybersecurityCyber researchers need to predict, not merely respond to, cyberattacks: U.S. intelligence

    The Office of the Director of National Intelligence wants cybersecurity researchers to predict cyberattacks rather than just respond to them, according to the agency’s Intelligence Advanced Research Projects Activity (IARPA) program. Current cyber defense methods such as signature-based detection “haven’t adequately enabled cybersecurity practitioners to get ahead of these threats,” said Robert Rahmer, who leads IARPA’s Cyber-attack Automated Unconventional Sensor Environment (CAUSE) program. “So this has led to an industry that’s really invested heavily in analyzing the effects or symptoms of cyberattacks instead of analyzing [and] mitigating the cause.”

  • CybersecurityBio-inspired analysis helps in recognizing, characterizing evolving cyberthreats

    Our reliance on cyber systems permeates virtually every aspect of national infrastructure. The volume of network traffic data generated has outpaced our ability effectively analyze it fast enough to prevent many forms of network-based attacks. In most cases new forms of attacks cannot be detected with current methods. The MLSTONES methodology leverages technologies and methods from biology and DNA research — LINEBACkER applies the MLSTONES methodology to the problem of discovering malicious sequences of traffic in computer networks. LINEBACkER allows cyber security analysts quickly to discover and analyze behaviors of interest in network traffic to enhance situational awareness, enable timely responses, and facilitate rapid forensic and attribution analysis.