SEC weighs cybersecurity disclosure rules

The Securities and Exchange Commission is advancing measures that would require publicly owned companies to disclose more information about their cybersecurity vulnerabilities, including data breaches.

The requirements could put pressure on companies to tighten their own security, because the SEC rules would let the public know how well firms are securing their private information.

In 2014, the agency held a public roundtable on the issue, proposed enhanced cybersecurity disclosure requirements and investigated the cyber defenses of 100 top financial firms. In 2015, those proposals could become actual regulations, and the SEC revealed this week it may soon release the results of its investigation.

Read More

No one at Homeland Security is addressing threat of cyber attacks on government buildings

Federal buildings are unprepared for potential cyber attacks on their security systems, elevators, heating and cooling networks and other critical operations because the Department of Homeland Security doesn’t have a handle on the risks.

At stake are thousands of vulnerable facilities, including the offices of federal employees and structures that house high-risk items such as drugs and weapons.

Those are the findings from a Government Accountability Office report this week that said DHS lacks a strategy for protecting government buildings from hackers, terrorists, corrupt employees and criminal groups who might want to breach their networks.

Read More

Agencies fall short of White House targets for cybersecurity

The White House continues to see an upward trend in new cybersecurity practices governmentwide, but the Obama administration is finding that not all agencies are living up to the cyber standards it set forth in last year’s cross-agency priority goals.

Published with the 2015 budget, the cross-agency priority (CAP) goals focus on longstanding and critical issues affecting agencies across the federal government. Cybersecurity — one of the first mentioned of the White House’s 15 CAP goals — is a mission-based goal to “[i]mprove awareness of security practices, vulnerabilities, and threats to the operating environment, by limiting access to only authorized users and implementing technologies and processes that reduce the risk from malicious activity,” according to a goal statement. It says the president views cybersecurity as “one of the most serious national security, public safety, and economic challenges we face as a nation.”

Read More

North Korea is doubling its skilled cyber security staffers

NORTH KOREA IS REPORTEDLYdoubling the number of its highly skilled cyber soldiers while still denying claims that it ever maliciously hacked anyone.

In case you missed it, North Korea has been accused of hacking like a dry cough. The country has had more fingers pointed at it than a button, and has got rather comfortable with denyingaccusations that it has done things like tear apart Sony Pictures Entertainment.

Now it is accused of doubling its cyber warfare posse, called Bureau 121, which the last time anyone checked was made up of some 3,000 skilled staffers.

Today, according to reports, including this one on Reuters, that number is 6,000 if South Korea is to be believed.

A white paper from the South Korean Defence Ministry said that the enlarged unit will be used to bring mischief on the South, and possibly other countries and their utilities.

Trend Micro Supports Cybersecurity Curriculum with Educational Grant

DALLAS, Jan. 7, 2015 /PRNewswire/ — Trend Micro Incorporated (TYO: 4704; TSE: 4704), a global leader in security software, has announced a $10,000 donation to the Mission College Center for Innovation and Technology (MC²IT). The grant will provide resources and expertise to advise and help enhance cybersecurity course curriculum. As the security and privacy industry continues to expand and evolve, Trend Micro is committed to encouraging students to enter the cybersecurity field while empowering them with the core competency to do so.

“As part of our responsibility to help keep the world safe for exchanging digital information, Trend Micro is helping MC²IT rebuild existing curriculums while recommending relevant courses,” said Raimund Genes, CTO, Trend Micro. “The addition of these types of courses will help students to become future experts and next generation leaders in cyber security.”

As a member of the MC²IT advisory board, Trend Micro and other security and privacy leaders recognize the challenges presented by a lack of skilled cybersecurity professionals. With the advent of new technology, experts and professionals will need training on how to investigate and manage corresponding threats.

“With the expertise and knowledge that Trend Micro and the security advisory board bring to MC²IT, we can bridge the gap between technology and education,” said Daniel Peck, president, Mission College. “We have the right people collaborating, bringing their passion to the security profession to motivate students and others interested in learning more about technology careers.”

Read More

Air Force evolves its cybersecurity as JIE comes into focus

The Air Force is moving beyond requiring airmen to use smart identification cards to log onto its computer network. The service now is making its network security even stronger.

Lt. Gen. Bill Bender, the Air Force’s chief of information dominance and chief information officer, said the use of role-based authentication should be “baked- into” its IT systems in the future.

Read More

Ex-Sony Employees Echo Cybersecurity Company’s Suspicion That Hack Was An Inside Job

WASHINGTON — A Silicon Valley cybersecurity firm is doubling down on its claim that at least one former Sony employee was involved in hacking Sony. Some former employees of the company are expressing that sentiment as well, even as the U.S. government stands by its conclusion that North Korea orchestrated the massive cyberattack.

Kurt Stammberger, senior vice president at Norse, which provides cyber intelligence to customers in financial services, technology and government, told The Huffington Post that the company remains “pretty confident” that “at least one ex-employee was involved, probably more” in the Sony hack.

As evidence, Stammberger said that Norse has samples of malware used in the Sony hack that existed as early as July, “completely in English with no Korean whatsoever.” Sony credentials, server addresses and digital certificates were already built into the malware, he added.

Read more

Targeted attacks will become as prevalent as cybercrime, says Trend Micro: 2015 Technology Predictions

In 2015, more cyber criminals will turn to darknets and exclusive-access forums to share and sell crime ware; increased cyber activity will translate to better, bigger and more successful hacking tools and attempts; and exploit kits will target Android as mobile vulnerabilities play a bigger role in device infection. This is all according to Trend Micro, a global developer of cyber security solutions.

Trend Micro’s predictions about Internet security are all part of our second annual Technology Predictions series in which industry experts share their predictions with us about the hot tech trends that they think will take center stage in 2015. We’ll be sharing all of their predictions with you over the next several days. Read on for more predictions from Trend Micro (which were originally posted on Trend Micro’s blog here). Edited and reprinted below with permission.

Read More

Companies Are Freaked Out About Cybersecurity And Plan To Spend A Lot More On It This Year Read more

Reports of security breaches reached new heights in 2014, following the iCloud and Sony hacks. Many consider the Sony hack to be the worst cyberattack in US corporate history.

And it looks as if these attacks are having a direct impact on the amount companies are spending on computer security.

According to a survey by Piper Jaffray, security was ranked as the top spending priority for CIOs this year, with a whopping 75% of the respondents saying they would increase spending in 2015.

Read More

U.S. suspects North Korea had help attacking Sony Pictures: source

According to Reuters, U.S. investigators believe that North Korea likely hired hackers from outside the country to help with last month’s massive cyberattack against Sony Pictures, an official close to the investigation said on Monday.

As North Korea lacks the capability to conduct some elements of the sophisticated campaign by itself, the official said, U.S. investigators are looking at the possibility that Pyongyang “contracted out” some of the cyber work. The official was not authorized to speak on the record about the investigation.

The attack on Sony Pictures is regarded to be the most destructive against a company on U.S. soil because the hackers not only stole huge quantities of data, but also wiped hard drives and brought down much of the studio’s network for more than a week.

Read More