Proposed ‘hack back’ law would not have stopped WannaCry

On Monday, the Financial Times published a story concerning a proposed bill form Representative Tom Graves, a Republican from Georgia’s 14th district.

Graves has proposed changing the Computer Fraud and Abuse Act (CFAA) to allow organizations to fight back when being attacked online. But is this a smart, or even workable solution for enterprise operations?

To read this article in full or to leave a comment, please click here

from CSO Online Data Protection http://www.csoonline.com/article/3198490/security/proposed-hack-back-law-would-not-have-stopped-wannacry.html#tk.rss_dataprotection

10 things threat hunters watch for

Dogged pursuit
03 bounty hunter

Image by Thinkstock

Pursuing cyber threats is much like conventional hunting in that it requires patience, persistence and a keen eye, and when done correctly, it can be both exhilarating and rewarding. Threat actors do everything in their power to blend in and attempt to become a ghost in your network, so it is the job of the security professional to be the ghostbuster, says Tim Bandos, director of cybersecurity at Digital Guardian. In order to track and acquire an elusive target, a threat hunter needs to be well equipped with the right skills and tools. Start by loading up on cyber threat knowledge and centralizing critical logging data. He sets out the common indicators that say a threat is underway.

To read this article in full or to leave a comment, please click here

from CSO Online Data Protection http://www.csoonline.com/article/3197380/data-protection/10-things-threat-hunters-watch-for.html#tk.rss_dataprotection

5 common ways businesses lose valuable data

Where did I leave that…?
maze lost question direction wayward

Image by Thinkstock

According to a 2016 study from IBM regarding the costs of data breaches and loss, the average consolidated cost moved from $3.8 million to $4 million. On a granular level, the study also found the costs for each lost or stolen record containing sensitive and confidential information increased from $154 to $158. The stakes are high for companies to properly manage their data, as loss and data exposure can ruin a firm’s reputation with customers and partners.

To read this article in full or to leave a comment, please click here

from CSO Online Data Protection http://www.csoonline.com/article/3198087/data-protection/5-common-ways-businesses-lose-valuable-data.html#tk.rss_dataprotection

Few firms will be ready for new European breach disclosure rules, fines

The new European General Data Protection Regulation goes into effect next May, with onerous notification requirements and high penalties, but a year might not be enough for firms to get ready.

Recent surveys show that most companies are not prepared for the regulations. According to a recent SailPoint survey, 80 percent see GDPR as a priority, but only 25 percent have an established plan. Gartner estimates that the majority of all companies affected by GDPR will still not be in compliance at the end of 2018.

To read this article in full or to leave a comment, please click here

from CSO Online Data Protection http://www.csoonline.com/article/3198112/compliance/few-firms-will-be-ready-for-new-european-breach-disclosure-rules-fines.html#tk.rss_dataprotection

IDG Contributor Network: China’s theft of IBM’s intellectual property

China continues to view the theft of intellectual property as a viable means of technology transfer. Global private sector entities are finding their insiders are being used by China to purloin the proprietary information for use by Chinese state-owned-enterprises or national entities with ever increasing regularity.

On 19 May 2017, Xu Jiaqiang, a PRC national, pleaded guilty to economic espionage and trade secret theft. Xu stole source code from his employer, IBM, and attempted to share it with the National Health and Family Planning Commission in the PRC.  According to the Department of Justice, Xu pleaded guilty to all six of the counts included in his indictment.

To read this article in full or to leave a comment, please click here

from CSO Online Data Protection http://www.csoonline.com/article/3197751/security/chinas-theft-of-ibms-intellectual-property.html#tk.rss_dataprotection

A day in the life of a threat researcher

After leaving security intelligence platform provider Exabeam at the end of the workday, Ryan Benson’s mind doesn’t shut off when it comes to thinking about designing new defenses against black Hats. He heads to the gym to work out, still with his mind on security. He sits down to dinner with his wife Kelly … to keep the family life happy. We’ll say he takes a break from security at this time.

Once family time is done, he is back at it. Many nights, he does a lot of research/blogging on browser forensics and maintains an open source tool (Hindsight).

To read this article in full or to leave a comment, please click here

from CSO Online Data Protection http://www.csoonline.com/article/3193270/data-protection/a-day-in-the-life-of-a-threat-researcher.html#tk.rss_dataprotection

How to maintain data oversight to avoid ‘shadow data’

from CSO Online Data Protection http://www.csoonline.com/article/3197404/security/how-to-maintain-data-oversight-to-avoid-shadow-data.html#tk.rss_dataprotection