Netizen Blog and News

Cybersecurity and cyber defense experience are buzzwords that enhance a resume. They are also jobs that are needed now and far into the future.
In January 2017, cybersecurity expert and CSO Steve Morgan wrote about the need for more cybersecurity talent. On the the CSO website, which serves enterprise security decision-makers, Morgan stated that “there will be 1 million cybersecurity job openings in 2017.” In fact, it is the Chief Security Officers who make the hiring decisions and hire the employees who defend their organizations from cyber threats and vulnerabilities.
Conferences Are a Valuable Source of Cybersecurity Information
InCyberDefense has reported on cybersecurity conferences often in the past few years. Conferences such as Black Hat, DEFCON, BSides and CES provide additional knowledge from experienced professionals.
However, you have to know some cybersecurity basics to understand the discussions at these conferences. DEFCON has some tracks that are for “newbie, newb, noob, or n00b,” also known as “cyber rookies.”

Read here…

The insurance industry has a great record of solving problems where government regulation didn’t because the government either didn’t know how to regulate, or the government wouldn’t regulate,” Richard A. Clarke, former National Coordinator for Security, Infrastructure Protection and Counter-Terrorism for the United States, told attendees at a recent cybersecurity insurance forum in Santa Clara, Calif.
Clarke, now CEO of Good Harbor LLC, a security risk management firm that advises companies and governments on cybersecurity and best practices, was the keynote speaker at the recent National Association of Insurance Commissioners (NAIC) and Stanford Cyber Initiative: Cyber Insurance and Its Evolving Role in Helping to Mitigate Cyber Risks.

Read more…

More rules may not be the best answer to protecting the financial system against cyber attacks, a Federal Reserve official said.

“I don’t think the solution to the cybersecurity problem rests in regulation,” Arthur Lindo, senior associate director of the Fed’s division of supervision and regulation, said Monday at a banking conference in New York. “We’re going to try a more flexible approach.”

The Fed and other regulators issued a notice of proposed rulemaking on cyber risk management standards last year, which is typically followed by a prospective rule. After the industry and others involved in computer security discouraged regulators from creating a standard, they decided not to proceed, Lindo said.

Read more…

As the shortage of skilled security staff widens, the effects on policy and products in overall security organization must be factored into the choice to pursue alternative sources of talent.

Several CISOs I’ve spoken recently have lamented, while cybersecurity assurance stands on three legs – people, policy and products – the industry is weighted down by one overarching problem: a shortage of talent with the right skills.
It’s true of course, but it’s also a little more involved because a decision about any one of the three legs has a relational effect on the others. A skills shortage isn’t just a human resources problem, it also has implications for policy and products too.

Read more…

The ongoing hacking epidemic is leading people to protect their online accounts—or so you would think. In reality, a study suggests about three quarters of the population are ignoring the most effective way of keeping hackers out of their personal information.
The tool, known as two-factor authentication (2FA), prompts people to enter a text message code or some other piece of extra information when they log in from an unfamiliar computer. This can stop a hacker, even one one who has guessed your password, from getting into your Facebook or Gmail accounts.

Read more…

Our nation’s security; indeed, the security of every American, is at risk from enemies we can’t see, and often can’t find, until the damage has been done. Every American citizen, government agency, and commercial or private business that has internet connected devices and networks is a target, and can become both an unwitting predator and unsuspecting prey.
Many are thinking of new ways to defend against this threat. New approaches are being considered, such as the creation of safeguards for personally identifiable information (e.g., a potential replacement for the ubiquitous social security number); or the possible enactment of legislation that enables private companies to “hack back” cyber criminals by employing offensive countermeasures; or even applying cyber counteroffensive lessons from the recent French President Emmanuel Macron campaign that helped counter Russia’s influence into the French election.

Read more…

According to recent reports, consumer credit reporting agency Equifax is still reeling from a massive cybersecurity breach earlier this year. In the breach, which is believed to have occurred between mid-May and July 2017, cyber criminals accessed the personal data of approximately 143 million U.S. Equifax consumers.
In May, Target was still dealing with the ramifications from its own security breach in 2013. The retailer was forced to pay $18.5 million for a data breach that impacted 41 million customers.

Read more…