Cyber security a growing concern for Canadians

Canadians are more concerned about cyber security than they were in 2016.

According to the Canadian Internet Registration Authority (CIRA)’s latest Internet Factbook, 75 per cent of Canadians are worried about the threat of cyber attacks against organizations they know, a 13 per cent increase from 2016.

They’re also less likely to make online purchases from a business after a cyber attack: Nearly 45 per cent of Canadians surveyed said they would probably stop buying items online from a business following a major cyber attack, which happens nine times more often per capita in Canada than in the U.S.

“The first step to building a better online Canada is understanding the experiences, perceptions and needs of Canadian internet users,” Byron Holland, CIRA president and CEO, said in a press release.

Jacques Latour, CIRA’s chief technology officer, echoed Holland’s statement, while calling for investment in Canada’s Internet infrastructure, which he said would contribute to a healthier online environment in Canada.

“Over three quarters of Canadians are concerned about their personal information on the Internet if it is stored or routed through the U.S,” Latour said. “Investing in Canadian Internet infrastructure, which includes local Internet exchange points that help Canadian data stay within our borders, should be a priority for governments, businesses and Canadian Internet service providers.”

But it’s not just large companies that have to contend with cyber attacks. The Canadian Chamber of Commerce’s Cyber Security in Canada report says 71 per cent of all breaches impact small businesses.

 

 

Enhanced here to go further full details http://snip.ly/k4cqu

Advertisements

Intensifying Cybersecurity Fears Could Fuel Blackberry Rebound

Sometimes there’s a temptation to think that cyberattacks are an unfortunate consequence of our ever-increasing interconnected digital world, which is underscored by the fact that most Americans walk around with a personal computer in their pocket. Cyberattacks, however, are nothing new.

In 1999, the so-called Melissa virus infected Microsoft Word documents and wreaked havoc on business and personal computers powered by Windows worldwide. It caused an estimated $80 million in damage and was the impetus behind the sales boom in anti-virus software, which has gained near universal acceptance since. Shortly after that, in 2000, a hacker dubbed Mafiaboy unleashed a series of distributed-denial-of-services (DDoS) attacks on a string of consumer sites, including Amazon, eBay, E*TRADE and Yahoo!, at the time the no. 1 search engine in the world. The blitz resulted in over $1 billion in damage.

Still, there’s no question that cybersecurity concerns have become more acute more recently. In all, cybersecurity lapses cost the global economy $450 billion last year and will exceed $2 trillion by 2021, according to estimates. That suggests that companies getting ensnarled in a hacking incident is as much an inevitability as it is a risk. The fallout will paralyze some businesses and entail massive PR problems (It took Target years to overcome the breach that took place during the holiday shopping season a few years ago), while for others the implications will be far worse.

Not surprisingly, then, the market for cybersecurity goods and services is expected to expand rapidly in the years ahead. According to the research firm Cybersecurity Ventures, global spending in this area will grow, year-over-year, by 12% to 15% until 2021, when it’s expected to exceed $1 trillion. This would seem to spell good news for cybersecurity firms such as FireEye, Symantec and Palo Alto Networks.

A more under-the-radar beneficiary, though, could be Blackberry. The company’s past troubles are well documented. It’s essentially the Blockbuster Video of smartphones, once controlling more than 50% of the market, only to see their dominant position implode once Apple and Alphabet developed superior operating systems. Blackberry has since shunned its hardware business entirely, announcing last year that it will focus on enterprise software and the emerging internet of things (IoT) industry.

As part of this evolution, the company last month launched a cybersecurity consulting division, the culmination of a fresh round of strategic acquisitions that beefed up its expertise in the area. In many ways, this is a natural evolution for Blackberry, which has long been a leader in encryption services. For years, it was the preferred handset provider for US government officials who trafficked sensitive information, including White House staff, members of Congress and the intelligence community, thanks, in part, for its reputation for successfully securing devices.

Click here to continue http://snip.ly/ycm31

60 Cybersecurity Predictions For 2018

Like death and taxes, there are only two safe predictions about cybersecurity in 2018: There will be more spectacular data breaches and the EU General Data Protection Regulation (GDPR) will go into effect on May 25. But as the continuing digital transformation of our lives entails the ongoing digital transformation of crime, vandalism and warfare, 2018 could also bring a lot of new takes on old vulnerabilities, some completely new types of cyberattacks, and successful new defenses.

The following list of 60 predictions starts with three general observations and moves to a wide range of cybersecurity topics: Attacks on the US government and critical infrastructure, determining authenticity in the age of fake news, consumer privacy and the GDPR, the Internet of Things (IoT), Artificial Intelligence (AI) as a new tool in the hands of both attackers and defenders, cryptocurrencies and biometrics, the deployment of enterprise IT and cybersecurity, and the persistent cybersecurity skills shortage.

IoT vulnerabilities will get more critical and more dangerous. Despite this, there will be no real changes in US law to regulate these devices. This isn’t a very risky prediction; Congress is currently incapable of passing even uncontroversial laws, and any IoT regulation faces powerful industry lobbies that are fundamentally opposed to government involvement. More interesting is what’s happening in Europe. GDPR takes effect next year, and European regulato rs will begin to enforce it. The regulation has provisions on security as well as privacy, but it remains to be seen how they will be enforced. If Europe starts enforcing Internet security regulations with penalties that make a difference, we might start seeing IoT security improve. If not, the risks will continue to increase—Bruce Schneier, Schneier on Security

Sophisticated adversaries will leverage the granular metadata stolen from breaches like Equifax, OPM, and Anthem, in precision targeted attacks that rely on demographic and psychographic Big Data algorithms powered by machine-learning and artificial intelligence. Attackers will deploy armies of bots to propagate the false narratives used to weaponize malicious fake news, inflate partisan debates, and undermine democratic institutions; meanwhile, they will launch multi-vector DDoS, ransomware, and malware campaigns to impede critical infrastructure cybersecurity and national security. The demographic and psychographic metadata will enable advanced spear-phishing operations against privileged critical infrastructure executives and pervasive Influence Operations against populations—James Scott, Senior Fellow, Institute for Critical Infrastructure Technology

Click here to full artuicle http://snip.ly/xr8qx

Trump administration pulls back curtain on secretive cybersecurity process

The White House on Wednesday made public for the first time the rules by which the government decides to disclose or keep secret software flaws that can be turned into cyberweapons — whether by U.S. agencies hacking for foreign intelligence, money-hungry criminals or foreign spies seeking to penetrate American computers.

The move to publish an un­classified charter responds to years of criticism that the process was unnecessarily opaque, fueling suspicion that it cloaked a stockpile of software flaws that the National Security Agency was hoarding to go after foreign targets but that put Americans’ cyber­security at risk.

“This is a really big improvement and an outstanding process,” said White House cybersecurity coordinator Rob Joyce, who spoke at an Aspen Institute event and issued a blog post on the charter.

By making it public, he said, “we hope to demonstrate to the American people that the federal government is carefully weighing the risks and benefits” of disclosure vs. retention.

The rules are part of the “Vulnerabilities Equities Process,” which the Obama administration revamped in 2014 as a multi­agency forum to debate whether and when to inform companies such as Microsoft and Juniper that the government has discovered or bought a software flaw that, if weaponized, could affect the security of their product.

The Trump administration has mostly not altered the rules under which the government reaches a decision but is disclosing its process. Under the VEP, an “equities review board” of at least a dozen national security and civilian agencies will meet monthly — or more often, if a need arises — to discuss newly discovered vulnerabilities. Besides the NSA, the CIA and the FBI, the list includes the Treasury, Commerce and State departments, and the Office of Management and Budget.

The priority is on disclosure, the policy states, to protect core Internet systems, the U.S. economy and critical infrastructure, unless there is “a demonstrable, overriding interest” in using the flaw for intelligence or law enforcement purposes.

To continue Click here http://snip.ly/tykw7

Cybersecurity needs more attention from local authorities, experts say

“Cyber applications are tools for Viet Nam to connect with the world and motivation for the country to develop a knowledge-based economy. However, cybersecurity is becoming serious, even threatening national security,” Le Thanh Tam, executive chairman of the International Data Group (IDG) ASEAN, said at the Viet Nam Cyber Security 2017 Forum on Thursday.

From 2017 to 2021, Vietnamese authorities are expected to spend over VND1 trillion (US$44.5 million) for cybersecurity, but by 2021, damages by cyberattacks are expected to reach VND6 trillion ($267 million).

“We must do more to limit the damage,” he said.

Lieutenant general Hoang Phuoc Thuan, director general of the Ministry of Public Security’s Cyber Security Authority, said that each year, authorities have discovered dozens of cases involving the loss of national secrets from cyberattacks.

“National security threats by cyberattacks have become more serious. The websites of the Party, Government and media are often attacked with threats of creating fake information and calling for uprisings,” he said.

Thuan said that protecting Viet Nam’s cyber sovereignty is difficult as the country has hundreds of connections through the seas, borders and satellites.

“We are lagging behind on national cybersecurity because awareness is limited. This results in limited cyberdefensive ability, while most of the solutions rely on foreign partners,” he added.

The lieutenant general said that awareness of cybersecurity must be enhanced throughout the entire society.

“Relevant authorities must issue a strategy and an action plan for cybersecurity, and improve and complete the legal framework for cybersecurity in line with international regulations,” he said. “An industry for cybersecurity should be set up to defend Viet Nam. Authorities should also encourage start-ups and innovative businesses to join the field.”

Nguyen Thanh Hai, director general of the Ministry of Information and Communications’ Information Security Authority, said: “International co-operation, in-depth research and training for new technology related to cybersecurity are very important.”

Last year, Viet Nam trained more than 400 information technology engineers and provided short training courses for more than 2,600 State staff, and also organised international and national workshops on cybersecurity.

Click to continue http://snip.ly/t5cs6

Joe Stuntz on cybersecurity and One World Identity

Joe Stuntz was most recently the Policy Lead for the White House Office of Management and Budget (OMB) Cyber and National Security unit, now he works with One World Identity. We spoke with Stuntz about cybersecurity threats and solutions.

In October 2017, One World Identity, an independent strategy and research company focused on identity, named Joe Stuntz, as Vice President of Cybersecurity. Stuntz was recently served the Director of Program Performance for the White House Office of Management and Budget (OMB) Cyber and National Security unit. During his time at the White House, Stuntz helped develop the following cybersecurity initiatives: Executive Order 13800, The Cybersecurity National Action Plan (CNAP) and The Cybersecurity Strategy and Implementation Plan (CSIP). To find out what these initiatives were about, the on going threat of cyberattacks and the focus of One World Identity, we spoke with the technology expert.

Digital Journal How big is the cybersecurity risk facing developed economies?

Joe Stuntz: Because developed economies have connected more of their infrastructure and systems to the Internet, they are at a large risk of attack. In many cases what allows the economies to make progress and grow through the use of new technology and people connecting is also increasing their risk. Because connectedness is only going to increase with the introduction and adoption of smart devices known as the Internet of things, the risk will also increase.

DJ: Which types of risks do you think are the most significant?Stuntz: Outside of the very very unlikely catastrophic cyber attack that has physical impacts and causes loss of life, the risks I worry about are to the financial sector. If trust, confidence, and safety in the markets disappear, an economy could collapse and because of the interconnectedness of economies today it would be a global crisis. Also it is important to think about the definition of cyber security risk and think beyond the typical image of a hacker in a hoodie in a dark basement with a glowing keyboard. This risk includes lots of data stewardship issues where companies or countries use data to target fraud or misinformation. The advances in technology have made new types of commerce possible, but are also being used to create instability. Cyber hygiene is still critical and the fundamentals still address many of the common issues, but it should be part of a larger trust and safety strategy around managing data.

DJ: Are these risks greater from different countries?Stuntz: Each country has a different level of maturity in terms of cybersecurity, and a different number and type of threats. As mentioned above, some countries are not as technologically advanced which may be limiting their economy, but also reduces their cyber risk. Cyber attacks can also come as a reaction to international relations, political positions, or non-cyber attacks or sanctions. The focus should be for countries to understand the broader context and see cyber as a tool that a country or actor can use to accomplish broader goals.

For continue this http://snip.ly/ixn7f

What is cyber security certification worth?

There have been a lot of interesting reactions to the Equifax data breach. One of the most interesting for me is the criticism of the Equifax CISO’s lack of technical or cyber security education. She does have Bachelor’s and Master’s degrees in music composition as well as a resume that shows a work history at several companies also in the finance industry. This situation illustrates the challenge we all face in identifying qualified candidates.

It is only recently that Information Security degrees have become available from universities. Most people rely on “certifications” to vet qualified candidates. The Certified Information Systems Security Professional (CISSP), Global Information Assurance Certification (GIAC), Certified in Risk and Information Systems Control (CRISC) and Certified Information Security Manager (CISM) certifications are common in cyber Security job descriptions. But what is the true value of such certifications?

Certifications are issued by for-profit companies whose business model is to generate revenue by issuing certificates. On the one hand, they need to ensure a minimum “quality” of their certification holders so potential customers value the brand and are willing to pay the certification fees. On the other hand, they are encouraged to sign up as many customers as possible so the “quality bar” cannot be set too high. Once a certification brand is valued enough, there develops an education system to assist candidates to achieve the certification. You will often see “Boot Camps” that promise to fill your mind with all of the knowledge to pass the certification exam in one week. I think we can all agree that one week is insufficient to develop competency in any discipline.

For more to continue http://snip.ly/reins