Tuesday, April 23, 2019

Companies stuck in continuously reactive cybersecurity response cycle

“An old Russian proverb . . . "Where hangs the smoke of hate burns a fiercer fire called fear."
The trick . . . was to keep that fire alive, but to know at the same time it might consume you also. Then the truck was to make the fear invisible in the smokes of hatred. Having accomplished that, you would own men's souls and your power would be absolute, so long as you never allowed men to see that their hate was but fear, and so long as you, afraid, knowing it, hence more shrewd and cautious than the rest, did not become a corpse at the hands of the hating fearful.
There, in a nutshell, was the recipe for dictatorship. Over the proletariat. Over the godly believers. Over the heathen. Over all men, even those who imagined they were free and yet could be made to hate.
Frighten; then furnish the whipping boys. Then seize.”
― Philip Wylie, The Answer: A Fable for Our Times



Google, Facebook, Amazon and Apple employees donating to Elizabeth Warren, even though she wants to break up big tech Mercury News


Think You’re Discreet Online? Think Again NYT

Who’s using your face? The ugly truth about facial recognition FT

Council committee sought opinion of Chinese consulate on newspaper's sponsorship


Water experts say the Coalition government paid too high a price for water rights owned by a tax haven-linked Australian company, deepening a row that has ensnared former deputy prime minister Barnaby Joyce and Energy Minister Angus Taylor.

As the Greens and Centre Alliance parties called for a royal commission into water trading in the Murray-Darling Basin, the left-leaning think tank The Australia Institute issued a detailed rebuttal of the government's claims that it paid a fair market rate for water to deliver a significant environmental benefit.

Another water expert and former bureaucrat, Quentin Grafton of the Australian National University, said the Department of Agriculture and Water Resources' purchase at a record-high price in southern Queensland "was not value for money".

Labor demands answers on $80 million Murray-Darling Basin water ...





Helloworld chief made $200,000 donation to Liberal Party during government tender

SHOCKING NEWS FROM THE WORLD OF SCIENCE: Workplace wellness programs largely ineffective, study says

 


How PG&E Ignored Fire Risks in Favor of ProfitsNYT


(Geopolitical risks: If organizations do not consider location and geopolitical risk, those that store data in a third party or a nation state that is very sensitive will run the risk of threat actors or nation state resources being used against them.)


Business Law Today – The Rise of Risk Management in Financial Institutions and a Potential Unintended Consequence – The Diminution of the Legal Function By: Thomas C. Baxter, Jr.  After the global financial crisis, a highly respected group of financial supervisors from the industrialized world convened to consider what might have caused the worst financial crisis experienced since the Great Depression.  This group – aptly named the “Senior Supervisors Group” – concluded that a material contributing cause was what they characterized as a “colossal failure of risk management.” 

Companies stuck in continuously reactive cybersecurity response cycle, Optiv security report finds

C
n According to a new research report from Optiv Security, “Enterprise Attitudes to Cybersecurity: Tackling the Modern Threat Landscape”, two out of three U.K.-based IT and security decision makers say their security program is continuously reactive due to constantly changing legislation, threats, and other external factors.


n The research also finds that wider business buy-in is a challenge. Nearly three in five IT leaders feel that obtaining buy-in for their security programs is tough, primarily because of a lack of understanding from the Board.


n Additionally many organizations struggle to successfully measure and report cybersecurity return on investment against corporate business goals. According to the research only one third of organizations actually report back to their business on the success of their program with either a live dashboard or regular reports showing key metrics.


n The research concludes that industry needs an approach that puts business strategy and risk at the heart of cyber decision-making instead of an antiquated outside-in model, which is predicated on buying security technologies based on the latest trends and vulnerabilities in a problem and response manner. Source: Financial post, Companies Stuck in Continuously Reactive Cybersecurity Response Cycle, Optiv Security Report Finds Financial post, Companies Stuck in Continuously Reactive Cybersecurity Response Cycle  and Optiv, Enterprise Attitudes to cybersecurity Optiv Security Report Finds







Tax season presents feeding frenzy for cyber crooks


Businesses will likely see a huge proliferation of phishing scams as attackers prey on the time-sensitive nature of tax requirement items and attempt to convince employees to send information or payments to the incorrect recipients.


One of the biggest risks Canadian businesses face during tax season is social engineering.


CEO fraud is a specific type of social engineering where the attacker imitates an internal corporate executive and requests copies of sensitive information (i.e. SIN, T4 documents, paystubs) from employees. The attacker then uses that information maliciously for identity theft, filing fraudulent tax returns, and to sell on the dark web.


In addition to social engineering, commercial entities should also be on the look-out for tailored ransomware attacks. During the tax season, criminals may customize their ransomware attacks with email attachments that reference pay stubs, T4s, or other sensitive information. Source: Insurance Business, Tax season presents feeding frenzy for cyber crooks Business, Tax season presents feeding frenzy for cyber crooks