Select Page

Month: August 2017

Cybersecurity Is Standard Business Practice for Most Large Companies, New Survey Finds

Over 90% of large US companies with 500+ employees have a cybersecurity policy in place to protect them from both real and anticipated threats, according to a new survey from Clutch, a leading B2B ratings and reviews firm. Clutch surveyed over 300 corporate IT decision-makers about what to include in a cybersecurity policy and found that security software, data backup and storage, and scam detection are the most common areas cybersecurity policies cover. Phishing attacks are the cybersecurity attack large companies most commonly experience: 57% of IT decision-makers said their company experienced a phishing attack in the past year. Policy Enforcement Sometimes Lacking Over 80% of IT decision-makers surveyed say they proactively communicate their company’s cybersecurity policy, policy compliance, and training to employees. However, only two-thirds (66%) of these decision-makers enforce their company’s cybersecurity policy. Experts contribute the drop-off in enforcement to the struggle companies face when balancing policy adherence with employee concerns. This suggests that some employees’ work experience may be affected by a strict employer’s cybersecurity enforcement policy. “If someone violates the policy and they’re immediately terminated, it negatively impacts morale within the company,” said Tom DeSot, CEO of Digital Defense, Inc., a cybersecurity company based in San Antonio, TX. DeSot adds that employees may be less engaged in their company’s culture and fear for their jobs because they are concerned that violating cybersecurity policy may lead to being terminated. Experts recommend...

Read More

OCIE Releases Cybersecurity Risk Alert

On August 7, 2017, the Securities and Exchange Commission’s Office of Compliance Inspections and Examinations (OCIE) released a Risk Alert summarizing its most recent cybersecurity examination findings.1 As a part of its Phase 2 cybersecurity initiative, between September 2015 and June 2016, OCIE performed examinations of 75 firms, including broker-dealers, investment advisers, and investment companies. The Phase 2 examinations are a continuation of OCIE’s 2014 Cybersecurity Phase 1 Initiative, as OCIE further assesses industry practices and compliance issues associated with cybersecurity preparedness, with an emphasis on the maintenance and testing of policies and procedures. OCIE found that, while cybersecurity preparedness improved since its previous examination, many firms experienced issues with some aspects of their cybersecurity programs. Regarding written policies, OCIE concluded that many firms did not reasonably tailor their policies and procedures to their risks and needs. Employees received either only general guidance or the firms failed to articulate procedures for policy implementation. OCIE also highlighted that, in some cases, firms did not abide by their stated policies and procedures, or that the policies and procedures did not reflect actual practice. Finally, OCIE observed that firms did not regularly perform risk assessments, system maintenance, or implement remedial measures after penetration testing. The Risk Alert provides examples of policies and procedures that OCIE believes are elements of a robust cybersecurity program that firms should consider implementing.2 These are as follows : Maintenance...

Read More

Two-thirds of company bosses ‘see cyber security investment as a financial opportunity not a burden’

More than two-thirds of CEOs see cyber security investment as a revenue opportunity rather than a financial burden, a new survey claims. Accountancy giant KPMG’s CEO Outlook 2017 found 70 per cent of leaders view investment in their IT systems as a “positive figure on the balance sheet”. It also found security was firmly part of the CEO agenda, rather than falling solely into the remit of CIOs or chief information security officers. More than three-quarters (77%) of CEOs agreed with the statement: ‘I am personally comfortable with the degree to which mitigating cyber risk is now part of my leadership role’. The outlook also found business leaders were not fully prepared for a cyber event such as an employee-led data breach or business data theft. Only half of those surveyed (52%) believe they are ‘fully prepared’ for both eventualities. It comes as companies have been warned any data loss they suffer could see them fall foul of new GDPR legislation to come into force in May. George Scott, Director of KPMG’s Cyber and Privacy practice in Scotland, said: “It’s encouraging to see business leaders beginning to view cyber security investment as a positive figure on the balance sheet. “However, more needs to be done to make sure businesses are prepared in the event of a cyberattack, whether it’s from external sources, or even insiders. “Nevertheless, the fact three-quarters of UK CEOs see mitigating cyber...

Read More

Shittu: Cybersecurity Remains a Big Challenge for Govt

Emma Okonji The Minister of Communications, Adebayo Shittu has expressed worry that insecurity in cyberspace has continued to pose serious challenge for government, in spite of efforts put in place to address the issue. Adebayo, who spoke at the Nigeria ICT Impact CEO Forum 2017 in Lagos recently, expressed fears that cyberattacks, if not tamed, could erode the gains of global technology advancement, which he said, Nigeria was looking up to in order to catchup with the rest of the world in the area of technology development. Cybersecurity is more than a challenge for government as it poses a huge obstacle to our digital transformation/digital Nigeria agenda, and the federal government has estimated an annual loss of over N127 billion to cybercrime activities across the nation, Shittu said. According to him, Nigeria had its fair share of cybercrimes between 2016 and 2017. He said that the economic recession in 2016 brought about numerous attacks targeted at organisations and individuals. The most recent, he said was the unsuspecting patronisers of ponzi schemes. The minister said: “In the wave of austerity, many people lost money to the said schemes and others fell victims to malicious and compromising websites, and this must not be allowed to continue.” He explained that in 2013, the ministry set a five-year National Broadband Plan target of reaching a fivefold increase in broadband penetration by the end...

Read More

Don’t underestimate women’s potential in cybersecurity

The potential of women in cybersecurity is seriously underestimated, according to a study by the Global Information Security Workforce, which interviewed nearly 20,000 professionals in the information security industry from 170 countries. The study was conducted by the Center for Cyber Safety and Education. Since the internet is being used as an important channel to conduct business and daily activities, network threats arising from ill intentions are inevitable, network security experts say. According to Kaspersky Lab, a network security software company, online attacks detected in the first quarter doubled to more than 400 million compared with the same period in 2016. More than 200,000 mobile phones have been affected by ransomware Trojans, 10 times the number in the first quarter of last year. Unfortunately, antivirus software may not be able to protect your computer and mobile phone completely from attack. Symantec, the developer of Norton, once the best antivirus solution, announced the “death” of antivirus software as it is difficult to shut the virus out. Cybellum, an Israeli network security company, recently announced that it found a virus that specializes in attacking antivirus software and named it DoubleAgent. Instead of hiding and running away from the antivirus, attackers now directly assault, hijack and gain control over the antivirus, turning it into a malicious agent. As antivirus is considered a trusted entity, any malicious operation done by it would be...

Read More