The Electronic Frontier Foundation's Coder's Rights Project

The Coders' Rights Project builds on EFF's longstanding work protecting researchers through education, legal defense, amicus briefs, and involvement in the community with the goal of promoting innovation and safeguarding the rights of curious tinkerers and hackers on the digital frontier.

They also provide policy advice to decision-making officials who are considering new computer crime legislation and treaties. Reverse Engineering: People have always explored and modified the technologies in their lives, whether crystal radios, automobiles, or computer software. Reverse engineering is one expression of this tinkering impulse. Unfortunately, legal regulation of reverse engineering can impact the Freedom to Tinker in a variety of ways. This FAQ gives some information that may help coders reduce their legal risk. Vulnerability Reporting: Discovering security flaws is only half the battle – the next step is reporting the findings such that users can protect themselves and vendors can repair their products. Many outlets exists for publicly reporting vulnerabilities including mailing lists supported by universities and by the government. Unfortunately, however, researchers using these public reporting mechanisms have received legal threats from vendors and government agencies seeking to stop publication of vulnerability information or “proof of concept” code demonstrating the flaw. The Vulnerability Reporting FAQ gives information that may help security researchers reduce their legal risk when reporting vulnerabilities. Grey Hat Guide: A computer security researcher who has inadvertently violated the law during the course of her investigation faces a dilemma when thinking about whether to notify a company about a problem she discovered in one of the company’s products. By reporting the security flaw the researcher reveals that she may have committed unlawful activity which might invite a lawsuit or criminal investigation. On the other hand withholding information means a potentially serious security flaw may go unremedied. Do these coder rights withstand the need for consumer security? Send us your thoughts here at the Cloud and Cyber Security Center.

What is the New Normal for Cyber Terrorism? Is This Acceptable?

With recent news stories involving serious attacks on Sony and its PlayStation Network, Microsoft’s Xbox Live network, alongside other high profile attacks on the Tor project and North Korea’s Websites, has cyber-terrorism become a very real and dangerous reality for enterprises to battle alongside other threats? Let’s start from the beginning.

What is the difference between cyber-terrorism, vandalism, or even war? Looking back to the 90s and early 2000s, websites were commonly defaced just to satisfy an attacker’s ego. Just like graffiti, this is a great example of vandalism. A more recent example of this sort of attack was the recent defacement of the Twitter home page – a textbook example of vandalism. If you consider malware like Stuxnet  discovered in June 2010 and nicknamed the “world’s first digital weapon” things change drastically. Stuxnet had moved beyond the virtual world and was capable of causing physical destruction to computer equipment and possible large-scale destruction – or cyber-war. However, cyber-terrorism seems to have found a different niche where the destruction or disruption of service isn’t a military or state target, but that of a commercial entity or service – the businesses, services, or information that you and I often times depend upon. In the case of the Sony attack, which saw the release of confidential data of employees and their families in November 2014, there are many potential suspects. Sony’s potential and current customers are likely to question purchasing Sony products, which could have a devastating long-term impact on the company. Share your comments with us here at the Cloud and Cyber Security Center.

Security Best Practices for Cloud Users

First time cloud users can be most at risk, simply because of unfamiliarity with the new environment and the added burden of having to grapple with a new way of managing users, data and security. Here are five security must-do’s before taking the plunge: 

1. Know the cloudy areas There are three main segments in any cloud deployment - the cloud vendor, network service provider and enterprise. Given that the cloud should be treated like an extension of the enterprise data centre, the question to ask is therefore: can a common set of security services and policies be applied across the three segments? What are the security gaps?

2. New apps, new fortifications Ready to move an application into the cloud? Before you do, consider adding new fortifications to the existing security measures you have built around your application’s authentication and log-in processes. To fortify the access to your cloud application, you should have a granular data access scheme. You can do so by tying access privileges to roles, company positions and projects.  This will add an additional layer of protection when attackers steal your staff’s login credentials. 3. Embrace encryption Data encryption is one of your biggest security ally in the cloud, and it should be non-negotiable when it comes to file transfers and emails. While it may not prevent hacking attempts or data theft, it can protect your business and save an organization from incurring hefty regulatory fines when the dreaded event happens. Ask your cloud vendor about their data encryption schemes. Find out how it encrypts data that is at rest, in use, and on the move. To understand what data should be encrypted, it helps to get a handle of where they reside - whether in your cloud vendor’s servers, the servers of third-party companies, employee laptops, office PCs or USB drives. 4. Wrestling with the virtual Moving into the cloud lets businesses reap the benefits of virtualization, but a virtualized environment can present challenges to data protection. The main issue has to do with managing the security and traffic in the realm of multi-tenancy and virtual machines. Physical security appliances are typically not designed to handle the data that is in the cloud. This is where virtual security appliances come in - to secure traffic as it flows from virtual machine to virtual machine. Such appliances are built to handle the complexities of running multiple instances of applications, or multi-tenancy. 5. Don’t be in the dark about shadow IT There is no shortage of anecdotes and reports out there that point to how the unauthorised use of applications and cloud services, or shadow IT, is on the rise among businesses. The uncontrolled nature of this poses a security threat and governance challenge. Your new cloud application will be at risk because of this. Consider the simple scenario in which your employees use their smartphones to open a file on their device. It is likely that the phone will make a copy of the file, which could then be sent to an unapproved online storage destination when the phone does its routine automatic backup. Which cloud security best practices do you recommend? Share your inputs with the Cloud and Cyber Security Center.

Data Breaches Large and Small Affect Millions of Users

Cyber crime or computer crime can be divided into two categories: the first comprises crimes that target computers directly such as viruses, attacks and malware; the second focuses on online crime that uses computer networks or devices as means to perform fraud and identity theft through social engineering as well as cyber bullying, cyber stalking and cyber warfare.

Companies in the United States experience an annual loss of greater than $25m USD.  Due to cyber crime with the majority of these losses stemming from malicious code and DoS attacks. Data breaches and their consequences have also had profound effects on consumers with personal information and credit details being stolen. Th largest on-line data breach compromised more than 130 million user accounts. Online brands with the highest possibility of being targeted by phishing attacks.  include online payment provider Paypal and online auction house eBay, as well as numerous online service providers that require personal identification as well as payment information.  With the ubiquity of the internet, an increased online usage and the spread of social network usage throughout all age groups, cyber bullying and cyber stalking have become increasingly common, especially among teenagers. Cyber bullyingis defined as the harming or harassing of other people in a deliberate, repeated, and hostile manner, including cyber dating abuse within relationships.  Will this brand of cyber crime continue to expand in 2016? Share your comments with the Cloud and Cyber Security Center. Graph provided by Statistica.

Government Measure to Combat Cyber Threats to National Infrastruture

Cyberspace touches nearly every part of our daily lives. It's the broadband networks beneath us and the wireless signals around us, the local networks in our schools and hospitals and businesses, and the massive grids that power our nation. It's the classified military and intelligence networks that keep us safe, and the World Wide Web that has made us more interconnected than at any time in human history. 

We must secure our cyberspace to ensure that we can continue to grow the nation’s economy and protect our way of life. The government must work collaboratively with critical infrastructure owners and operators to protect our nation’s most sensitive infrastructure from cybersecurity threats.   Specifically, we are working with industry to increase the sharing of actionable threat information and warnings between the private sector and the U.S. Government and to spread industry-led cybersecurity standards and best practices to the most vulnerable critical infrastructure companies and assets. Because cyberspace crosses every international boundary, we must engage with our international partners.  We will work to create incentives for, and build consensus around, an international environment where states recognize the value of an open, interoperable, secure, and reliable cyberspace. We will oppose efforts to restrict internet freedoms, eliminate the multi-stakeholder approach to internet governance, or impose political and bureaucratic layers unable to keep up with the speed of technological change.  An open, transparent, secure, and stable cyberspace is critical to the success of the global economy. Do these counter-measures go far enough to protect our national infrastucture? Share your comments with the Cloud and Cyber Security Center.

Cloud Standards Customer Council - Emerging Cloud Security Standards

The current landscape for information security standards specifically targeted for cloud computing environments is best characterized as immature but emerging. This space is still very much in its infancy stage but there are several standards initiatives that have recently been started that plan to deliver formal specifications in the 2014/2015 time frame. 

In the interim, there is are number of general IT security standards that are applicable to cloud computing environments that customers should be aware of and insist that their cloud service providers support. When finalized, the cloud specific security standards will provide more detailed guidance and recommendations for both cloud service customers and cloud service providers. As customers transition their applications and data to use cloud computing, it is critically important that the level of security provided in the cloud environment is equal to or better than the security provided by their traditional IT environment. Failure to ensure appropriate security protection could ultimately result in higher costs and potential loss of business thus eliminating any of the potential benefits of cloud computing. This report focuses primarily on information security requirements for public cloud deployment since this model introduces the most challenging information security concerns for cloud service customers. Which cloud standards will have the greatest impact on on the future of cloud security? Share your comments here at the Cloud and Cyber Security Center.

Fortinet named 2015 Frost & Sullivan Network Security Vendor of the Year

Fortinet® has received the 2015 Frost & Sullivan New Zealand Network Security Vendor of the Year Award. The Award acknowledges the NZ team's dedication to customers and recognises Fortinet’s outstanding performance throughout 2014.

The award was presented on Thursday, 15 October at the Frost & Sullivan Asia Pacific ICT Awards banquet held at the Conrad Centennial in Singapore. “New Zealand businesses are confronting the fact that cyber attacks have increased significantly in the last few years,” says Andrew Milory, Vice President, ICT Practice, Asia Pacific for Frost & Sullivan. “A major challenge is that a large portion of New Zealand businesses are not prepared for these cyber attacks. Coupled with that, many organisations in the country have encouraged employees to bring their own devices to work to increase productivity and employee satisfaction. “However,” he continues, “these trends have also introduced more threats into business networks, which in turn has caused more challenges for these businesses to secure their network infrastructure as well as their commercially-sensitive digital assets. Fortinet has leveraged cutting-edge network security technologies to address these challenges and become a market leader in New Zealand. “Fortinet has continued to increase its market share by securing contracts and partnering with major organisations in New Zealand. Consequently, the company showed strong financial performance with 24% growth in year-on-year revenue." Send us your picks for Cloud and Cyber Security "Vendor of the Year - 21015 to the Cloud and Cyber Security Center.

Countermeasures to Prevent and Mitigate Against ISIS Cyber Attacks

Hacker collective Anonymous posted a video Saturday on YouTube in which it declared a cyber war on ISIS. In the nearly two-and-a-half-minute video, a person wearing the group’s signature Guy Fawkes mask 

read a statement in French promising that the hacktivist organization would attack ISIS in cyberspace with the ultimate goal of weakening the terrorist organization. “Expect massive cyber attacks,” the person said. “War is declared. Get prepared. Anonymous from all over the world will hunt you down. You should know that we will find you and we will not let you go.” ISIS has claimed responsibility for the horrific attacks that killed nearly 140 people and left hundreds more injured on Friday. The attacks prompted the French government to go on the offensive against the group. Prime Minister Manuel Valls confirmed on Monday that French authorities had conducted more than 150 raids and completed a bombing campaign against suspected ISIS encampments in Syria. Anonymous, however, has its own plans. And as history has shown that it is not one to be taken lightly. Which pro-active countermeasures should governments and corporations take to prevent ISIS cyber attacks? Send us your recommendations here at the Cloud and Cyber Security Center.

Mitigation Tactics for Evolving Cyber Crimes - How to Keep Your Business Secure?

Advances in IT security are continuing to cause headaches for today’s cyber criminals, yet as a new breed of increasingly savvy hackers emerge, exposure to a variety of threats remains a fact of life for most organizations across the globe. Without appropriate security measures in place, companies are facing the risk of data breaches, loss of employee productivity, damage to brand reputation and non-

compliance, leading to potentially severe fines. 

Malware is constantly evolving, with millions of forms of malware being released every year. In fact, McAfee catalogs over 100,000 new malware samples a day (69 per minute). With that, successful cyber-attacks have risen 20 percent year on year, with the average cost of cybercrime standing at over $7m dollars a year Increasingly, threats faced by enterprises are coming from the inside as well as the outside. Recent headlines have been dominated by stories of data theft driven by maverick insiders. Details of the most high profile event, the notorious breach by Edward Snowden at the NSA, continue to emerge over a year later. With research commissioned by the UK BIS finding that 84% of data breach incidents are caused by staff, business leaders must be prepared for the risks associated by insiders gaining access to corporate information.

Predictions: 1) McAfee: “In the spy vs. spy world of cybercrime and cyberwarfare, criminal gangs and state actors will deploy new stealth attacks that will be harder than ever to identify and stop.” McAfee Labs 2014. 2) Gartner: “We are in one of those periods that occurs every  five years or so, where the attackers find new levels of vulnerabilities to exploit, and the threats get ahead of the standard level of protection.” Gartner, Strategies for Dealing with Advanced Targeted Attacks. Which mitigation tactics have been most effective in your organization? Share your thoughts - without disclosing confidential  details - with the Cloud and Cyber Security Center.

Gemalto Offers New Data Protection for the Cloud

Cloud and Virtualization gives you agility and efficiency to instantly roll out new services and expand your infrastructure. But the lack of physical control, or defined entrance and egress points, bring a whole host of cloud security issues – data co-mingling, privileged user abuse, snapshots and backups, data deletion, data leakage, geographic regulatory requirements, cloud super-admins, and many more. 

Fortunately, experts agree that encryption is the unifying cloud security control, allowing you protect, control and comply. Gemalto's proven encryption and enterprise key management solutions turn any cloud environment into a trusted and compliant environment by solving the critical challenges of data governance, control, and ownership - no matter where you store your data. Snapshots and backups are taken daily, or even hourly, and automatically stored in the cloud.  Do you know where they’ve been stored, or who can move and copy them? Can you trace unauthorized copying of data? Virtualization and cloud computing require cooperation between security, storage, server, application, and cloud security admins – all with access to your most sensitive data. With this number of people, the risks of failing an audit, or an admin going rogue, grow exponentially. In minutes, a disgruntled employee can load an entire virtual machine onto a thumb drive. Virtual data is easily lost or exposed as it moves between VMs or in the cloud. Can you prove that authorized users are accessing your data within their defined policies? Can you block access to compromised information? Share your comments with the Cloud and Cyber Security Center. 

Cloud and Virtualization gives you agility and efficiency to instantly roll out new services and expand your infrastructure. But the lack of physical control, or defined entrance and egress points, bring a whole host of cloud security issues – data co-mingling, privileged user abuse, snapshots and backups, data deletion, data leakage, geographic regulatory requirements, cloud super-admins, and many more. Fortunately, experts agree that encryption is the unifying cloud security control, allowing you protect, control and comply.
SafeNet’s proven encryption and enterprise key management solutions turn any cloud environment into a trusted and compliant environment by solving the critical challenges of data governance, control, and ownership - no matter where you store your data.

Data Replication & Lack of Visibility

Snapshots and backups are taken daily, or even hourly, and automatically stored in the cloud.  Do you know where they’ve been stored, or who can move and copy them? Can you trace unauthorized copying of data?

New Class of Privileged Users

Virtualization and cloud computing require cooperation between security, storage, server, application, and cloud security admins – all with access to your most sensitive data. With this number of people, the risks of failing an audit, or an admin going rogue, grow exponentially.

Risk of Breach & Data Loss

In minutes, a disgruntled employee can load an entire virtual machine onto a thumb drive. Virtual data is easily lost or exposed as it moves between VMs or in the cloud. Can you prove that authorized users are accessing your data within their defined policies? Can you block access to compromised information?
- See more at: http://www.safenet-inc.com/data-protection/virtualization-cloud-security/#sthash.B8vrlfue.dpuf

Cloud and Virtualization gives you agility and efficiency to instantly roll out new services and expand your infrastructure. But the lack of physical control, or defined entrance and egress points, bring a whole host of cloud security issues – data co-mingling, privileged user abuse, snapshots and backups, data deletion, data leakage, geographic regulatory requirements, cloud super-admins, and many more. Fortunately, experts agree that encryption is the unifying cloud security control, allowing you protect, control and comply.
SafeNet’s proven encryption and enterprise key management solutions turn any cloud environment into a trusted and compliant environment by solving the critical challenges of data governance, control, and ownership - no matter where you store your data.

Data Replication & Lack of Visibility

Snapshots and backups are taken daily, or even hourly, and automatically stored in the cloud.  Do you know where they’ve been stored, or who can move and copy them? Can you trace unauthorized copying of data?

New Class of Privileged Users

Virtualization and cloud computing require cooperation between security, storage, server, application, and cloud security admins – all with access to your most sensitive data. With this number of people, the risks of failing an audit, or an admin going rogue, grow exponentially.

Risk of Breach & Data Loss

In minutes, a disgruntled employee can load an entire virtual machine onto a thumb drive. Virtual data is easily lost or exposed as it moves between VMs or in the cloud. Can you prove that authorized users are accessing your data within their defined policies? Can you block access to compromised information?
- See more at: http://www.safenet-inc.com/data-protection/virtualization-cloud-security/#sthash.B8vrlfue.dpuf

Cloud and Virtualization gives you agility and efficiency to instantly roll out new services and expand your infrastructure. But the lack of physical control, or defined entrance and egress points, bring a whole host of cloud security issues – data co-mingling, privileged user abuse, snapshots and backups, data deletion, data leakage, geographic regulatory requirements, cloud super-admins, and many more. Fortunately, experts agree that encryption is the unifying cloud security control, allowing you protect, control and comply.
SafeNet’s proven encryption and enterprise key management solutions turn any cloud environment into a trusted and compliant environment by solving the critical challenges of data governance, control, and ownership - no matter where you store your data.

Data Replication & Lack of Visibility

Snapshots and backups are taken daily, or even hourly, and automatically stored in the cloud.  Do you know where they’ve been stored, or who can move and copy them? Can you trace unauthorized copying of data?

New Class of Privileged Users

Virtualization and cloud computing require cooperation between security, storage, server, application, and cloud security admins – all with access to your most sensitive data. With this number of people, the risks of failing an audit, or an admin going rogue, grow exponentially.

Risk of Breach & Data Loss

In minutes, a disgruntled employee can load an entire virtual machine onto a thumb drive. Virtual data is easily lost or exposed as it moves between VMs or in the cloud. Can you prove that authorized users are accessing your data within their defined policies? Can you block access to compromised information?
- See more at: http://www.safenet-inc.com/data-protection/virtualization-cloud-security/#sthash.B8vrlfue.dpuf

Cloud and Virtualization gives you agility and efficiency to instantly roll out new services and expand your infrastructure. But the lack of physical control, or defined entrance and egress points, bring a whole host of cloud security issues – data co-mingling, privileged user abuse, snapshots and backups, data deletion, data leakage, geographic regulatory requirements, cloud super-admins, and many more. Fortunately, experts agree that encryption is the unifying cloud security control, allowing you protect, control and comply.
SafeNet’s proven encryption and enterprise key management solutions turn any cloud environment into a trusted and compliant environment by solving the critical challenges of data governance, control, and ownership - no matter where you store your data.

Data Replication & Lack of Visibility

Snapshots and backups are taken daily, or even hourly, and automatically stored in the cloud.  Do you know where they’ve been stored, or who can move and copy them? Can you trace unauthorized copying of data?

New Class of Privileged Users

Virtualization and cloud computing require cooperation between security, storage, server, application, and cloud security admins – all with access to your most sensitive data. With this number of people, the risks of failing an audit, or an admin going rogue, grow exponentially.

Risk of Breach & Data Loss

In minutes, a disgruntled employee can load an entire virtual machine onto a thumb drive. Virtual data is easily lost or exposed as it moves between VMs or in the cloud. Can you prove that authorized users are accessing your data within their defined policies? Can you block access to compromised information?
- See more at: http://www.safenet-inc.com/data-protection/virtualization-cloud-security/#sthash.B8vrlfue.dpuf

On-line Shoppers Brace for Cyber Theft During the Christmas Retail Season

As millions of Americans are steeling themselves for the holiday shopping season, cybersecurity researchers are warning about a stealthy malware aimed at stealing credit card and debit card numbers from retailers. Cybersecurity firm iSight Partners on Tuesday revealed research about the malware, dubbed ModPOS, which the company says is largely undetectable by current antivirus scans.

The firm declined to name specific victims of the threat, but it said its investigation uncovered infections at "national retailers." The revelation comes as the retail industry is reeling from a wave of breaches uncovered since Target was hit during the 2013 holiday season. "It's the most sophisticated point-of-sale malware we've seen to date," said Maria Noboa, an iSight senior threat analyst. Instead of being just one piece of software, it's a complex framework of multiple modules and plug-ins. Those parts combine to collect a lot of detailed information about a company, including payment information and personal log-in credentials of executives. One way the companies try to limit their exposure is using more advanced forms of encryption to protect consumer data. With one method, known as point-to-point encryption, a consumer's payment card data is unlocked only after it reaches the payment processor. Which other measures can consumers and Etailers alike take to prevent on-line theft? Share your comments at the Cloud and Cyber Security Center.

We Survived Cyber Monday Security Threats - So What is Next?

With Cyber Monday behind us many people still wonder if it is safe to buy online during end-of-the-year sales events. Of course it is safe in the sense that you won't be pushed, hit, or crushed by other customers who also want to get their hands on the big deals.

But is your credit or debit card information safe when you shop online? If you take a few basic precautions, you can enjoy the big discounts and not worry about getting into trouble. Historically, November and December are the months with the most online transactions, and are therefore the months in which cyber-criminals are the most active. The common threats still lurking on the Internet for eCommerce shoppers include Phishing, Weak Passwords, Malware and Social Media Scams, Transactions Made Over Public Computers and Shopping at Unsecure Web Sites. So which threats have you encountered, avoided and can advise other users to avoid during the Christmas shopping season? Share your comments with the Cloud and Cyber Security Center or shop at the Home and Computer Security Superstore: www.homecomputersecuritysuperstore. 

Mitigating Cyber Crime on Cyber Monday

High-impact cases of cyber crime affect organizations which were was fully compliant with its respective regulatory frameworks. Organizations can become blinded by compliance to the point where they have a false sense of assurance about managing people-related risk.

This is defined as counter-productive behaviour, from inadvertent to malicious, and can range from oversight and corner-cutting – such as sharing passwords or propping open doors – to opportunistic behaviour including theft, fraud and sabotage. A recent example of the potential damage that people risk can cause is when an investment bank suffered significant losses through a single broker’s late-night trading. While the bank was compliant in identifying individual anomalies, its lack of a holistic approach led to it losing £6m. The broker took Monday off work (an operational state anomaly) and by the evening had made his first batch of unauthorized trades (role, authorization and operational anomalies). He notched up thousands of trades worth a total of $520m (£345m). He bought a net 7.13 million barrels of oil during the typically quiet overnight period (a time anomaly). His actions sent prices surging (price/market anomaly) by more than $1.50 to $73.50 for a barrel of Brent crude oil – the highest for eight months (another time anomaly). The deals potentially cost companies worldwide more than $100m. By taking a holistic approach to people risk management, the bank could have avoided this loss. In September, Holistic Management of Employee Risk was published by the UK’s Centre for the Protection of National Infrastructure (CPNI) and PA Consulting Group. Homer recommends as series of key steps for organizations to manage people risk effectively.  How effective can these cyber crime mitigation tactics for business be applied to consumers shopping this Christmas season on-line? Share your comments with the Cloud and Cyber Security Center.

Christmas Shopping at the New Home and Computer Security Superstore

The Home and Computer Security Superstore offers a wide variety of home security, surveillance and CCTV systems, computer security software from vendors such as Norton, McAfee, Kaspersky Labs, Viper and Bullguard, and yes, even remote baby monitors for new parents.  While we commit to keep any posts which are actually "commercials" to an absolute minimum we greatly value your feedback on this one-time basis.

Our goal is provide both homeowners, computer users, small businesses and young parents with quality security products that will reduce their threat of traditional and Internet crime. We are just launching this new eCommerce store and encourage all of our readers to visit and send us your feedback on which additional security products will best suit your needs. While we commit to keep any posts which are actually "commercials" to an absolute minimum we greatly value your feedback on this one-time basis. Visit the Home and Computer Security Superstore at: http://homecomputersecuritysuperstore.com/

Cyber Terrorism: The Threat to Business and eCommerce

Cyber terrorism is the premeditated use of disruptive activities, or the threat thereof, against computers and/or networks, with the intention to cause harm or further social, ideological, religious, political or similar objectives, or to intimidate any person in furtherance of such objectives.  If your look at the projected eCommerce number for this year, the Internet being down for just one day could disrupt nearly $6.5 billion worth of transactions.

More than just eCommerce transactions flow over the Internet. eMail, voice communications, some banking machines, credit card authorizations for physical stores and the list goes on and on. Information is the life blood of commerce, regulatory oversight and even social status. The importance of the information and the ability to access it, transfer it and act upon it has increased to the point that it is unfathomable for all but the smallest of businesses to operate without computers or networks. As the value of the computing infrastructure increases so to does the value of disruption. The financial implications are one thing, but the psychological impact of the Internet disruption could be even more damaging. How likely is this to happen? It is not, if it will happen, but when. The likelihood of a cyber terrorism attack disrupting the Internet increases every day. The increased reliance on the Internet by business, government and society has made it a prime target for terrorist intent on disrupting our economy and way of life. How likely is the West to be targeted by major cyber terrorism attacks in the coming months? Share your comments with the Cloud and Cyber Security Center.

SAS Cybercecurity - A New Entrant into the Cybersecurity Arena

The vendor SAS has long been known as a world-class statical analysis software vendor. With the introduction of SAS Cybersecurity the company seeks to level its brand and statistical expertise to gain a foothold in the cyber security software market.

  The solution offers: Contextual data enrichment. Augments network flow with business information and external threat data to detect cyberrisks based on your specific business workflows, "Right-timed," multilayered analytics. Optimizes the speed and complexity of analytics across the real-time, near-time and "any-time" continuum for faster and deeper situational awareness, Visual data exploration. Enables risk exploration without requiring previous analytics knowledge or expertise, Continuously updated intelligence. Behavioral analytics automatically evolve cyberanalytic models based on new events, new data and new context, and Cost-efficient, optimized data storage. Reduces your storage footprint by saving only the relevant data for analysis on commodity hardware. How effective will this new software be in combating cyber threat? Share your assessment with the Cloud and Cyber Security Center.

The Impact of Cyber Threats on Our Professional and Personal Lives

Cyber criminals are invading countless homes and offices across the nation—not by breaking down windows and doors, but by breaking into laptops, personal computers, and wireless devices via hacks and bits of malicious code. 

The collective impact is staggering. Billions of dollars are lost every year repairing systems hit by such attacks. Some take down vital systems, disrupting and sometimes disabling the work of hospitals, banks, and 9-1-1 services around the country. Who is behind such attacks? It runs the gamut—from computer geeks looking for bragging rights…to businesses trying to gain an upper hand in the marketplace by hacking competitor websites, from rings of criminals wanting to steal your personal information and sell it on black markets…to spies and terrorists looking to rob our nation of vital information or launch cyber strikes. Today, these computer intrusion cases—counterterrorism, counterintelligence, and criminal—are the paramount priorities of our cyber program because of their potential relationship to national security. Combating the threat. In recent years, we’ve built a whole new set of technological and investigative capabilities and partnerships—so we’re as comfortable chasing outlaws in cyberspace as we are down back alleys and across continents. Which cyber threats have the most direct impact on your daily business and professional lives? Share your comments with the Cloud and Cyber Security Center.

Top Cyber Security Threats - Mitigation and Countermeasures

From identity theft and fraud to corporate hacking attacks, cybersecurity has never been more important for businesses, organizations and governments. Hacking experts warn there are plenty more security risks ahead in 2015 as cyber criminals become more sophisticated. While "traditional" cybercrime such as internet password fraud will still be widespread in 2015, larger scale espionage attacks and hacking the Internet of Things (IoT) will also be risks.

Some of the top cyber threats in 2015 include: Cyber espionage, cyber threats, insecure passwords, Internet of Things and ransomware. The U.S. government has budgeted $14 billion for cybersecurity for fiscal year 2016, so clearly, this threat is being taken seriously at the highest levels of government. Unfortunately, security experts expect cyberattacks seen in 2015 to continue in the new year, if only because those most likely to be victimized simply haven't done much to step up security. In fact, many federal agencies have not even instituted two-factor authentication, something as simple as requiring both a card and a PIN number.Which cyber threats have you encountered this year and what mitigation measures have you taken? Share your thoughts with the Cloud and Cyber Security Center.

Cyber Threat Mitigation Strategies - Can They Succeed?

Advances in IT security are continuing to cause headaches for today’s cyber criminals, yet as a new breed of increasingly savvy hackers emerge, exposure to a variety of threats remains a fact of life for most organizations across the globe. 

Without appropriate security measures in place, companies are facing the risk of data breaches, loss of employee productivity, damage to brand reputation and non-compliance, leading to potentially severe fines. Malware is constantly evolving, with millions of forms of malware being released every year. In fact, McAfee catalogs over 100,000 new malware samples a day (69 per minute). With that, successful cyber-attacks have risen 20 percent year on year, with the average cost of cybercrime standing at over $7m dollars a year. Increasingly, threats faced by enterprises are coming from the inside as well as the outside. Recent headlines have been dominated by stories of data theft driven by maverick insiders. Details of the most high profile event, the notorious breach by Edward Snowden at the NSA, continue to emerge over a year later. With research commissioned by the UK BIS finding that 84% of data breach incidents are caused by staff, business leaders must be prepared for the risks associated by insiders gaining access to corporate information. Can such strategies succeed in preventing or at least mitigating against cyber threats? Send your comments to the Cloud and Cyber Security Center.