The CyberWire Daily Briefing 02.08.16
A hacktivist (who "wishes to remain anonymous," as Motherboard primly puts it) releases what he alleges are personal data on some 20,000 FBI employees and about 8000 US Department of Homeland Security personnel. It's unconfirmed whether the data are genuine. The dump was accompanied by a pro-Palestinian message.
One hacktivist tactic, which ESET calls "haxposure," may see greater use this year — the Hacking Team and Ashley Madison breaches would be examples. The goal is typically reputational damage. Widespread availability of indifferently protected information and the tools to extract and disseminate it are thought likely to drive an increase in haxposure.
Hackers have made off with UK tax filers' self-assessment records, using the information to file fraudulent claims for tax repayment.
Researchers continue to work on the TeslaCrypt ransomware infesting WordPress sites.
Researchers also wonder who's been subverting Dridex malware download sites to server up anti-virus software. The (presumed) white-hat is now being called "Batman."
Kaspersky researchers report that banking malware has begun to adopt some of the APT techniques hitherto principally associated with cyber espionage.
In the marketplace, a broad selloff continues to affect cyber security stocks. Observers cite weakness in allied IT sectors as a partial cause, along with concerns about possible over-valuation and the unsettling story of Norse Corporation's apparent "implosion."
Intelligence services research ways of mining social media for threat indicators and warnings, but the data remain in many ways resistant to such analysis.
Twitter reports that it's deleted more than a hundred thousand accounts for extremism.
Today's issue includes events affecting Australia, China, Ethiopia, European Union, Iraq, Democratic Peoples Republic of Korea, Libya, New Zealand, Nigeria, Pakistan, Philippines, Russia, Rwanda, Spain, South Africa, South Sudan, Sudan, Syria, Tanzania, Uganda, United Arab Emirates, United Kingdom, United Nations, United States, Uzbekistan, and and Zimbabwe.
Cyber Attacks, Threats, and Vulnerabilities
Hackers leak DHS staff directory, claim DOJ is next (CSO) Staff directory contains details on over 9,000 employees
Hacker Plans to Dump Alleged Details of 20,000 FBI, 9,000 DHS Employees (Motherboard) A hacker, who wishes to remain anonymous, plans to dump the apparent names, job titles, email addresses and phone numbers of over 20,000 supposed Federal Bureau of Investigation (FBI) employees, as well as over 9,000 alleged Department of Homeland Security (DHS) employees, Motherboard has learned
Cyber-thieves hack the taxman (Sunday Times) Criminals are stealing money by hacking into people's online tax returns on the website of HM Revenue & Customs and hijacking their self-assessment records, The Sunday Times can reveal
Anonymous Targets African Governments Against Corruption (Hack Read) The online hacktivist Anonymous is targeting African countries to protest against the increasing corruption in government sector
Ransomware Criminals Infect Thousands With Weird WordPress Hack (SpiceWorks) An unexpectedly large number of WordPress websites have been mysteriously compromised and are delivering the TeslaCrypt ransomware to unwitting end-users. Antivirus is not catching this yet
Readers of celebrity gossip site TMZ hit by malvertising campaign (Graham Cluley) The celebrity gossip website TMZ has become the latest victim of an ongoing malvertising campaign that redirects visitors to the malicious Angler exploit kit
Time Warner Data Breach Reveals Emails and Passwords (Divergys) 2016 is off to a rough start in the world of internet security. Just seven days into the new year, and Time Warner has reported that a small subset of its customer data was hacked
Criminals impersonate Arrow exec to steal $18 million (CRN) Distie discovers fraud in January
Online 'Batman' Takes On Dridex Banking Trojan Operators (Dark Reading) Several Dridex malware download sites have begun mysteriously serving up antivirus software instead
Metel Bank Robbers Borrowing from APT Attacks (Threatpost) Many bank robbers long ago dropped the stick-up man persona in favor of a keyboard and a reliable password-stealing Trojan
Cybercrime Gangs Blend Cyber Espionage And Old-School Hacks In Bank Heists (Dark Reading) 'Metel' 'GCMAN,' and Carbanak's comeback highlight how cybercriminals are now going after bank users and systems with cyber espoinage-type tools and tactics
SAP Afaria: how to wipe mobile devices clean with one text message (ERPScan) In the previous blog entry, we described how to exploit an XSS vulnerability in SAP Afaria. Today's post is dedicated to another security issue affecting Afaria
Fake Amazon survey-for-money offer leads to account compromise (Help Net Security) Amazon users are being targeted with a clever phishing email impersonating the retail giant
Vulnerability Spotlight: Libgraphite Font Processing Vulnerabiities (Talos) Talos is releasing an advisory for four vulnerabilities that have been found within the Libgraphite library, which is used for font processing in Linux, Firefox, OpenOffice, and other major applications
Android system processes can be infected by Trojans (Dr. Web) Virus makers continue to complicate architecture of malicious programs for Android. First samples had rather primitive structure, but their today's counterparts, on the contrary, are almost equal to the fanciest Trojans for Windows. Doctor Web specialists registered a whole pack of multifunctional malicious programs for Android this February
Serious flaw discovered in Avast's security-focused SafeZone browser (PCWorld) The flaw could allow a malicious website to read cookies, stored passwords and local files
Expert issues warning on nuclear weapons cyber attack safety (Buxton Advertiser) It will never be possible to say UK nuclear weapons are entirely safe from cyber attack or cannot be compromised or undermined, an expert has told an international security think tank
Trend Micro finds Uber accounts for sale on the Deep Web (ITWeb) In a report that Trend Micro researchers put together for US news channel CNBC, the security company found that Uber accounts are worth more on the Deep Web than stolen credit card information
Louisiana Healthcare Connections announces data breach potentially affecting 13k Medicaid beneficiaries (Becker's Health IT & CIO Review) Louisiana Healthcare Connections, a Bayou Health network for the state's Medicaid population, received notification of an investigation of stolen health information
'Anonymous' hackers may have infiltrated York County government website (Penn Live) The online hacker group "Anonymous" may be responsible for shutting down York County government's website Friday afternoon
The 2016 cyber security roadmap (Information Age) Another year, another round in the escalating fight against cyber crime. Looking ahead, Information Age asked industry experts what themes they think will dominate the agendas of security professionals in 2016
What Is Cyberwarfare? (Semiconductor Engineering) Tens of billions of dollars are being spent on this growing threat, but so far no one can define it
An inside look at what's driving the hacking economy (CNBC) Cybercrimes will cost the global economy a whopping $445 billion this year
What Motivates Cyber-criminals and Who Are They Targeting? (Infosecurity Magazine) There is a part of me that finds hackers, or cyber-criminals, of fascinating interest. Whether it's the clandestine nature of their 'profession' or the untapped genius with which some of them operate that I find curious, I do not know
The emerging threat of haxposure (IT Online) One 2015 cyber threat trend was not widespread, but deserves attention because of a pair of high-profile security breaches: Hacking Team and Ashley Madison
The Secrecy Cryptography Giveth to Criminals, the Internet of Things Taketh Away (IEEE Spectrum) In the rock-paper-scissors game of technology, the Internet of Things beats cryptography
Cyber-attacks on the energy industry could cause physical damage (ITProPortal) The energy industry is mostly unprepared for cyber-threats, a new study by Tripwire suggests
Hey, Business — We Have It on Good Authority You're on Your Own (PivotPoint Risk Analytics) You've heard, maybe, about how the Feds indicted some officers of China's Peoples Liberation Army for hacking trade secrets from US manufacturers in Pennsylvania? It was solid work, and kudos to the FBI's Pittsburgh office for stellar investigative work
Malware Museum shows how it was "before it was all about money" (Naked Security) "The past is a foreign country: they do things differently there." If, by the past, we mean "malware in about 1990," then they certainly did do things differently
CFTC Commish Says Cybersecurity Risks Disrupting Markets (Law360) The U.S. Commodity Futures Trading Commission's J. Christopher Giancarlo on Thursday released a podcast outlining the biggest trends currently impacting the global financial markets, saying that cybersecurity risks and other technological developments are the most disruptive
CatIQ conference speakers discuss 'cyber cats,' Lac-Mégantic response (Canadian Underwriter) A malicious computer program reported to have interfered with uranium enrichment in Iran was a "game changer" in cyber security, but there is no historical data that actuaries could use to assess potential losses arising from "cyber cats" affecting industrial control systems, a computer science professor recently told insurance professionals
Palo Alto, FireEye Tumble as Cyber Security Stocks Get Crushed (Bidness Etc.) FireEye and Cyberark are scheduled to post financial results for the fourth quarter of 2015 next week amid mass turbulence in cyber-security space
Imperva Falls to Earth as Cybersecurity Growth Comes at a Price (BloombergBusiness) Stock down 49% from peak as 2016 earnings forecast falls short. CEO says company is 'on fire,' rout caused by broader selloff
CRN Exclusive: FireEye CEO On New Products, Acquisitions And Why FireEye Will Be More Competitive Than Ever In 2016 (CRN) FireEye has taken some heat from Wall Street recently, with its stock dropping 35 percent in 2015 and competition in the security market heating up
Who Will Symantec Acquire With Their $5 Billion In Cash? (Forbes) Symantec Corp., the world's largest security software company according to Gartner IT -1.39%, announced yesterday a $500 million strategic investment from Silver Lake, a global leader in technology investing
Armed with a star hacker brand, Clearwater tech firm KnowBe4 eyes a future IPO (Tampa Bay Times) At 59, serial entrepreneur Stu Sjouwerman is on his fifth startup. This one is called KnowBe4, a security awareness company that trains employees of subscribing businesses how not to get snookered by clever hackers masquerading online as do-gooders or perhaps even the company CEO
Ex-CEO On How His Silicon Valley Cybersecurity Firm Crashed (Forbes) A recent story in Forbes stated that Norse Corp. — which raised more than $40 million in VC funding — looked like it may be shutting down, according to a blog posted by Brian Krebs, a well known investigative reporter who covers the cybersecurity industry
Enterprise software and security stocks hammered after Tableau/LinkedIn's earnings (Seeking Alpha) A long list of enterprise software and security tech names are off sharply after business intelligence/analytics software upstart Tableau (down 45.3%) reported slower-than-expected license revenue growth and issued below-consensus Q1/2016 guidance
Why You Should Care About Elliott Management's Investment In Symantec (Seeking Alpha) The WSJ has reported that Elliott Management has amassed a stake in Symantec
Behind the deal: What the new $10B Leidos will look like (Washington Business Journal) Leidos Holdings Inc. is going to gain considerable market share in four key areas after its deal to combine with Lockheed Martin Corp.'s (NYSE: LMT) $5 billion Information Systems & Global Solutions business, CEO Roger Krone said at an investor conference Thursday
EXCLUSIVE: Andrew Mamonitis leaves Kaspersky Lab (ARN) Joins Hemisphere Technologies in director role
Products, Services, and Solutions
Mocana's Security of Things Platform to Protect Schneider Electric's Next-Generation IP Connected "Things" (BusinessWire) Mocana, a leading provider of IoT security, today announces its partnership with Schneider Electric, the global specialist in energy management and automation
'Defense wins championships' in application security and NFL (CSO) Of the more than 20 Super Bowl Apps tested by Appthority, the Carolina Panthers Android app exhibited more risky behaviors than their Super Bowl opponent, the Denver Broncos 365 app
Threat intelligence vital to cyber defence, claims CrowdStrike (ComputerWeekly) Companies that ignore the global events that are the drivers behind cyber threats will pay for it in the loss of revenue, jobs, intellectual property, and shareholder value, says CrowdStrike
Box, IBM and Black Duck announce security offerings amid open source vulnerabilities (BCN) Two more services have been launched with the aim of shoring up the security of the cloud, as its popularity sees it becoming increasingly targeted for attack
Technologies, Techniques, and Standards
Modern Defenders Share, Visualize, and Succeed (Threatpost) Network defenders who rely solely on lists of assets to protect are running a fool's errand
Watch The Target, Not Just The Wire (Tripwire: the State of Security) Before I became a systems engineer a few years ago, I worked in the industry as a technical security manager for over 15 years, focusing on computer forensics, incident management and compliance
Manage cyber risk for business benefit, says industry expert (ComputerWeekly) Cyber risk management can add business benefit while improving security, says Digital Policy Alliance advisory panel member Philip Virgo
The Role of Tor in Cybercrime (RSA) In a previous blog, we explored the layers of the deep web, and briefly explained how anonymity technologies (such as Tor) facilitate illegal, underground commerce. This post aims to explain the underlying concept of how Tor functions, thus, how anonymity on the Internet is accomplished
Design and Innovation
Blockchain Won't Make Banks Any Nimbler (American Banker) In 1855, Karl Benz combined his profession of manufacturing internal combustion engines with his hobby of designing carriages to produce the first autonomously powered mobile carriage — the automobile
Research and Development
Social media is a rich source for security services — if they can figure out how to use it (Baltimore Sun) Seen a flood of support for Russia's foreign policy on Twitter? Or a surge in sympathy for Islamic State terrorists?
Detecting 'Multi-Stage' Cloud Cyber-Attacks from the Start (EnterpriseTech) From small, hardly noticeable beginnings the biggest cloud cyber-attacks grow
Contest introduces teens to booming field of cybersecurity (Chicago Tribune) The room looked like something you'd see in Palo Alto or Mountain View: pizza boxes strewn across a table at one end, young people clustered around computer screens at the other, working in near silence except for the occasional mumble or electronic bleep
Marshall receives $170K NSA grant (My Daily Tribune) A group of faculty within Marshall University's Department of Mathematics has been awarded a $170,000 grant from the National Security Agency
Mathematics Department receives National Security Agency grant (ETSU University News) East Tennessee State University's Department of Mathematics and Statistics is the recipient of a $125,000 grant from the National Security Agency for the project "Strengthening Minorities Achievements via Research Training in Mathematics"
Legislation, Policy, and Regulation
Opinion: Why China needs to rein in North Korea's hackers (Christian Science Monitor Passcode) If China blunts North Korea's increasingly aggressive hackers, and keep them from operating on its side of the border, that would go a long way toward improving security on the Korean Peninsula
UAE society formed to shield youths from terrorist influence online (The National) A group of Emiratis and expatriates have joined to launch a foundation to protect children from online risks including terrorist groups
UN Chief: 34 Groups Now Allied to Islamic State Extremists (AP via Military.com) Thirty-four militant groups from around the world had reportedly pledged allegiance to the Islamic State extremist group as of mid-December — and that number will only grow in 2016, UN Secretary-General Ban Ki-moon said in a report Friday
Twitter Steps Up Efforts to Thwart Terrorists' Tweets (New York Times) For years, Twitter has positioned itself as a "global town square" that is open to discourse from all
Twitter offers new, though limited, evidence that it's driving terrorists away (Los Angeles Times) Twitter Inc. announced Friday that it had deleted 125,000 terrorist-related accounts in the last seven months
UK-US deal would allow MI5 to get chat, e-mails directly from US companies (Ars Technica) Concern over "dumbing down" of protections because of UK's weaker safeguards
Distrust of US surveillance threatens data deal (The Hill) European privacy regulators are putting U.S. surveillance practices under the microscope, this time with a crucial transatlantic data deal hanging in the balance
Don't Sleep On New Data Privacy Regulations (TechCrunch) Chalk it up to the Snowden Effect
Experts Weigh in on the Shifting EU U.S. Data Transfer Paradigm (Legaltech News) From the newly minted Privacy Shield agreement to the EU's upcoming GDPR law, experts dissect what the new data regulations mean for U.S. businesses
EU — US Data Protection Privacy Agreement may provide insight to the Privacy Shield (LinkedIn) The DPPA covers transfers of data between EU and US law enforcement agencies and focuses on "the exchange of information which is critical to prevent, investigate, detect and prosecute criminal offenses, including terrorism…" It is posted on the EU Commission website here
When the NSA Merges Its Offense and Defense, Encryption Loses (Just Security) How do you create strong encryption standards when the organization tasked to build them finds itself absorbed into an organization that dedicates huge quantities of resources to break them?
Bipartisan bill would speed DOD's cyber warfare efforts (The Hill) A new Senate bill aims to empower the Defense Department's cyber warfare efforts
Why You Should Be Concerned About The Cybersecurity Information Sharing Act (TechCrunch) I really do wish I understood why lawmakers seem so gung-ho on tearing apart technologies they don't understand, and freedoms they hardly think about
Contracting Docs: OPM Seeks to Tighten IT Security of Background Investigation Companies (NextGov) Contractors that conduct background investigations for the federal government will have to report information security incidents to the Office of Personnel Management within half an hour, are required to use smartcards as a second layer of security when logging on to agency networks and must agree to let OPM inspect their systems at any time
Understanding the E.U. Portability Rules for Digital Services (Willis Towers Watson Wire) For media companies, intellectual property assets and the ability to exploit these assets remain at the core of the business. For those companies, attending to changes in copyright law within the jurisdictions they operate is key to managing their unique risks
Litigation, Investigation, and Law Enforcement
Another Islamic State jailer who held Western hostages identified as Londoner (Washington Post) A member of a British cohort within the Islamic State that oversaw the brutal detention and beheading of Western hostages in Syria has been identified as Alexanda Kotey, a 32-year-old convert to Islam who grew up in West London
The feds billed him as a threat to American freedom. Now they're paying him for help. (Washington Post) The way federal prosecutors told it, Jesse Morton was an inspiration for terrorists across the world. Through his Revolution Muslim website, they said, the New York City man provided justification for violence in the name of Islam, encouraged followers to support Osama bin Laden and advocated attacks on the writers of "South Park" in retaliation for their depiction of the prophet Muhammad in a bear suit
Spanish Raids Net Seven Suspected of Supplying Cash, Weapons to ISIS (NBC News) Seven people were arrested in Spain Sunday in relation to the supply of firearms and cash to terrorist groups in Syria and Iraq
Exclusive: Top cybercrime ring disrupted as authorities raid Moscow offices — sources (Reuters) Russian authorities in November raided offices associated with a Moscow film distribution and production company as part of a crackdown on one of the world's most notorious financial hacking operations, according to three sources with knowledge of the matte
He hacked, he stole porn, he spied. But British man isn't going to jail (Hot for Security) Is there any consistency in how hackers are treated by courts around the world?
Facebook taunts send another "catch me if you can" crook to jail (Naked Security) Yet another nyah-nyah, hide-and-seek playing, tongue sticker outer, "catch me if you can" crook has proved that cops know how to use social media
Burglars allegedly spoof caller ID to scare couple out of their home (Naked Security) Two Missouri men have been arrested for allegedly spoofing the police department's phone number to scare a couple out of their home so that they could burglarize it
7 Online Activities That Can Get You Arrested (Hack Read) The Internet is a wonderland. It is a place where everything from the birth of the universe to the Miley Cyrus's twerking is available with just a few clicks of your mouse!
For a complete running list of events, please visit the Event Tracker.
Newly Noted Events
National Insider Threat Special Interest Workding Group: Insider Threats From A Human Resources & Legal Perspective (Laurel, Maryland, USA, Feb 18, 2016) This meeting will be focused on "Insider Threats From A Human Resources & Legal Perspective." Mrs. Jordan C. Meadows, Security Program Analyst at Rolls-Royce North America will present from the Human Resources perspective. Super Lawyer Mark Zaid will present from a Legal perspective. There will also be a presentation from Securonix on using big data analytics to automatically and accurately detect the most advanced data security, insider threat and fraud attacks
SANS Cyber Threat Intelligence Summit & Training 2016 (Alexandria, Virginia, USA, Feb 3 - 10, 2016) This Summit will focus on specific analysis techniques and capabilities that can be used to properly create and maintain Cyber Threat Intelligence in your organization. Attend this summit to learn and discuss directly with the experts who are doing the CTI analysis in their organizations. What you learn will help you detect and respond to some of the most sophisticated threats targeting your networks
BSides Tampa 2016 (MV Royal Caribbean Brilliance of the Seas, Tampa to Mexico, Feb 4 - 8, 2016) BSides Tampa is an annual IT security/hacking conference featuring hands on training classes and lectures from some of the greatest minds in the industry and academia
Insider Threat Program Development Training — California (Carlsbad, California, USA, Feb 8 - 10, 2016) The National Insider Threat Special Interest Group website has some very "eye opening" examples of how "damaging and costly" an "insider threat incident" can be. The FBI Insider Threat Alert states companies victimized by current or former employees incur costs from $5,000 to $3 million. bring? Is your company required to establish an Insider Threat Program per the requirements of NISPOM Conforming Change 2? Insider Threat Defense has trained a substantial number of U.S. Government Agencies (DoD, IC), Defense Contractors, Critical Infrastructure Providers, Aviation Security Professionals, large and small businesses on Insider Threat Program Development and Insider Threat Risk Mitigation
OPSWAT Cyber Security Seminar (Washington, DC, Feb 9, 2016) OPSWAT, along with our Washington DC partners, InQuest and Punch Cyber, will be hosting a half-day seminar to cover several threat detection and research technologies
Secure Rail (Orlando, Florida, USA, Feb 9 - 10, 2016) The first conference to address physical and cyber rail security in North America
Cyber Security Breakdown: Dallas (Dallas, Texas, USA, Feb 10, 2016) This half day session will provide you with the critical information you need to start formulating an effective response in the eventuality of a cyber security event. Rather than try and handle the breach during the chaos of the event, you'll understand how to build in advance, the best practices to respond effectively. Attend the Cyber Security Breakdown event that is focused on the unique issues and threats facing legal professionals
SecureWorld Charlotte (Charlotte, North Carolina, USA, Feb 11, 2016) Join your fellow security professionals for affordable, high-quality cybersecurity training and education. Earn 6-12 CPE credits through 30+ educational elements learning from nationally recognized industry leaders. Attend featured keynotes, panel discussions & breakout sessions all while networking with local peers
Suits and Spooks (Washington, DC, USA, Feb 4 - 5, 2015) Suits and Spooks DC (Feb 4-5, 2015) is moving to the Ritz Carlton hotel in Pentagon City! We're expanding our attendee capacity to 200 and for the first time will be including space for exhibitors. We have an international panel of speakers from the public and private sectors and we'll be adding live-streaming via Webex for those who cannot attend in person
2016 Cyber Security Division R&D Showcase and Technical Workshop (Washington, DC, USA, Feb 17 - 19, 2016) The cybersecurity threat continues to evolve and in order to keep ahead of the threat; new cutting-edge cybersecurity technologies are needed. The Cyber Security Division (CSD) within the Department of Homeland Security (DHS), Science and Technology Directorate (S&T) is funding many R&D efforts through academia, small businesses, industry and government and national labs. This year, we are excited to include an R&D Showcase featuring nine innovative transition-ready solutions and two collaboration projects with the private sector selected from our portfolio that address a variety of complex challenges and have the potential for transition into the marketplace
Department of the Navy (DON) IT Conference, West Coast 2016 (San Deigo, California, USA, Feb 17 - 19, 2016) The purpose of the DON IT conference is to: (1) Explain the new and invigorated DUSN (M), DON/AA, and DON CIO organization and its business and IT transformation priorities. (2) Share information that supports the SECNAV's vision laid out in the DON Transformation Plan to achieve business transformation priorities, leverage strategic opportunities, and implement DON institutional reform initiatives by changing the culture, increasing the use of data-driven decision-making, and effective governance
ICISSP 2016 (Rome, Italy, Feb 19 - 21, 2016) The International Conference on Information Systems Security and Privacy aims at creating a meeting point for researchers and practitioners that address security and privacy challenges that concern information systems, especially in organizations, including not only technological issues but also social issues. The conference welcomes papers of either practical or theoretical nature, presenting research or applications addressing all aspects of security and privacy, that concerns to organizations and individuals, thus creating new research opportunities
Interconnect2016 (Las Vegas, Nevada, USA, Feb 21 - 25, 2016) IBM InterConnect 2016 is for those who are building new business models, transforming industries, and creating better outcomes. Whether you're a C-suite executive, IT leader, developer, designer, architect, or cloud expert, we all have one thing in common — we strive to build better businesses. The relationship between IT and business is changing. As a leader, builder or innovator of technology, the decisions you make today will have an increasingly greater impact on your company's bottom line tomorrow. To remain successful, it's critical that you transform along with this ever-changing environment
CISO Canada Summit (Montréal, Québec, Canada, Feb 21 - 23, 2016) Tactics and best practices for taking on enterprise IT security threats. The CISO Summit will bring together C-level IT security executives, industry analysts and solution providers to discuss challenges and best practices in a relaxed, yet focused business setting
cybergamut Tech Tuesday: Neuro Cyber Analytics: Understanding the Patterns of Human Cognition in the Cyber Domain (Elkridge, Maryland, Middletown, Feb 23, 2016) This presentation will discuss Neuro Cyber Analytics. Humans use context-specific neurocognitive patterns for receiving and processing internal and external sensory information. Stated differently, people interact with the world around them primarily by seeing, hearing, and feeling, and make decisions about what to do next depending upon the context of what is happening in their environment. People often do not realize that their decision making process triggers certain unconscious behaviors that can be read as indicators of how their thoughts were formulated and sequenced
Insider Threat Program Development Training Course — Maryland (Annapolis, Maryland, USA, Feb 23 - 25, 2016) The National Insider Threat Special Interest Group website has some very "eye opening" examples of how "damaging and costly" an "insider threat incident" can be. The FBI Insider Threat Alert states companies victimized by current or former employees incur costs from $5,000 to $3 million. bring? Is your company required to establish an Insider Threat Program per the requirements of NISPOM Conforming Change 2? Insider Threat Defense has trained a substantial number of U.S. Government Agencies (DoD, IC), Defense Contractors, Critical Infrastructure Providers, Aviation Security Professionals, large and small businesses on Insider Threat Program Development and Insider Threat Risk Mitigation
CISO New York Summit (New York, New York, USA, Feb 25, 2016) A data breach is not only a PR nightmare, but cause for customers to turn to competitors, exposing sensitive company information and racking up fines from industry regulators. In order for organizations to operate smoothly, CISOs and IT security executives need to be ahead of the hackers, and kept abreast of the latest IT security topics and trends. Agenda sessions include panel discussions, think tanks, analyst Q&A sessions and much more
BSides San Francisco (San Francisco, California, USA, Feb 28 - 29, 2016) BSides San Francisco is an Information / Security conference that's different. We're a 100% volunteer organized event, put on by and for the community, and we truly strive to keep information free. There is no charge to the public to attend BSides SF. Our costs are covered by our generous donors and sponsors, who share our vision of free dissemination of information. The conversations are getting more potent and the "TALK AT YOU" conferences are starting to realize they have to change. BSides SF is making this happen by shaking-up the format
CISO Summit Europe (London, England, UK, Feb 28 - Mar 1, 2016) With the media covering the latest data breaches, cloud computing security questions going unanswered and hackers developing more sophisticated attacks, the IT department has a growing responsibility to protect customer and company data. The CISO Summit will bring together C-level IT security executives, industry analysts and solution providers to discuss challenges and best practices in a relaxed, yet focused business setting. Agenda sessions include engaging Keynote Presentations, Thought Leadership sessions, CISO Think Tanks, Analyst Q&As and much more
RSA Conference 2016 (San Francisco, California, USA, Feb 29 - Mar 4, 2016) Celebrating its 25th anniversary, RSA Conference continues to drive the information security agenda forward. Connect with industry leaders at RSA Conference 2016