The CyberWire Daily Briefing 04.06.16

Cyber Trends

We Must Stop The Race to Attribution After Each Cyberattack (Fabius Maximus website) Summary: Cybersecurity expert Emilio Iasiello discusses one of the key issues in cybersecurity — how do we determine who attacked us? Each attack brings forth rapid declarations by the govern…

Distrust of Vendors Raises Questions on Data Security, Regulatory Compliance (Legaltech News) A large number of companies are skeptical about how their vendors would behave in the event of a breach.

5 reasons you need to hire a Chief Privacy Officer (CSO Online) Businesses are increasingly relying on data, but they're overlooking another key aspect of data: privacy. In order to keep up with the growing regulations surrounding data privacy, it may be time to hire a Chief Privacy Officer.

Smart home convenience, efficiency come with a data security price (FierceITSecurity) While the Internet of Things promises great convenience for consumers and greater efficiency for enterprises, that convenience and efficiency could come at a price in terms of data security risk

Article 29 Working Party still not happy with Windows 10 privacy controls (SC Media) The EU privacy watchdog has told Microsoft despite changes to the install screen, there is still no clear message of how Microsoft plans to process users' data.

Former Scotland Yard detective discusses cybercrime and threat intelligence (CSO Online) Former Scotland Yard detective discusses cybercrime and threat intelligence. Steve Santorelli, passionate about Internet Security and committed to bringing folks together to attack the problem in many ways.

Legislation, Policy and Regulation

Cyber Command Gets 'First Wartime Assignment' in Fight against ISIS (Military.com) The DoD's relatively new Cyber Command has received its "first wartime assignment" in the fight against the Islamic State.

Russia, China Are Greatest Cyberthreats, but Iran Is Growing (ABC News) Russia and China present the greatest cyber security threat to the U.S., but Iran is trying to increase and spend more on its capabilities, the Navy admiral in charge of the military's Cyber Command told Congress Tuesday

Senators bash Obama over cyber war policy (TheHill) “The administration’s cyber policy as a whole remains detached from reality,” McCain said.

U.S. Cyber Command should be combatant command, DoD's top cyber warrior says (Military Times) The head of U.S. Cyber Command told Congress that his command should be elevated to become its own unified combatant command, a move that would make it one of the most powerful institutions in the Defense Department.

Rogers reignites CYBERCOM combatant command discussion (C4ISRNET) ADM Mike Rogers says operational concerns are his priority.

Senate Leaders Set to Expand Role of U.S. Cyber Command in New Defense Bill (USNI News) The Senate Armed Services Committee’s version of the defense authorization bill will call for making U.S. Cyber Command a functional combatant command and also recommend consolidating some geographic commands, the panel’s chairman and ranking member said Tuesday. When asked at a hearing whether Cyber Command was mature enough for such a step, Adm. Michael Rogers …

On cyber, the U.S. can't seem to balance security and privacy (Military Times) “Worst-case scenario is we don’t have dialogue and then we have a major event,” said Adm. Michael Rogers, head of U.S. Cyber Command. “We have got to figure out how we can do this.”

CIA drops plan to destroy most email records (FierceGovernmentIT) Facing widespread criticism, the Central Intelligence Agency has formally withdrawn its plan to destroy email records of most agency officials, the National Archives and Records Administration told the Federation of American Scientists

DNI Clapper Signs IC Transparency Council Charter (IC ON THE RECORD) On April 5, 2016, Director of National Intelligence James Clapper formalized the transition of the Intelligence Community Transparency Working Group into a permanent IC Transparency Council with his signature on the Council Charter. The IC’s Transparency Working Group, made up of senior officers from across the Intelligence Community, was established over two years ago to develop the Principles of Intelligence Transparency, which provide guidance to the Intelligence Community on being more transparent with the public, while protecting the sources and methods necessary for performing its national security mission. The Working Group then created an Implementation Plan to put these Principles into action across the community. Recognizing the importance of the transparency initiative, the DNI directed that the Working Group be elevated to a permanent entity in the form of a Council. With its Charter in place, the Council will be responsible for overseeing the Transparency Implementation Plan and ensuring that transparency becomes a comprehensive and sustainable practice within the Intelligence Community. Read IC Transparency Council Charter (photo by Brian Murphy, ODNI Public Affairs)

Poll: People Don't Mind Hacking to Fight Terrorism (Morning Consult) The Federal Bureau of Investigation’s solution to opening a locked iPhone used by a San Bernardino shooter reflects how public generally wants government policing to work, a new Morning Consult poll shows. Voters do, however, think law enforcement officials should tell manufacturers about any vulnerabilities they exploit during criminal investigations. (See poll toplines and crosstabs.) A healthy majority of registered voters (57 …

The impact of the new Trans-Atlantic privacy law (CSO Online) After 20 years of relative calm regarding the handling of personal data of EU citizens by U.S. companies, events over the past six months have instigated widespread reform. While the resolution is yet to be confirmed, the building blocks for a modern, cross-border data privacy agreement have begun to take shape.

Dateline

Setting the Conditions for Self-Organized Cooperative Security: the Billington CyberSecurity International Summit (The CyberWire) Apart from two sessions conducted under Chatham House rules and closed to the media, here's an account of the day's discussions. After welcoming remarks from conference organizer Thomas K. Billington, Deputy Secretary Alejandro Mayorkas of the US Department of Homeland Security opened the proceedings with the first keynote address

U.S. officials: World needs to follow our lead on cyber norms - Fedscoop (Fedscoop) Even as the U.S. government shores up its own beleaguered cyber defenses, its officials are touting their progress setting cybersecurity standards — saying the rest of the world should follow the U.S. to protect itself online. Two U.S. officials — Deputy Homeland Security Secretary Alejandro Mayorkas and State Department Coordinator for Cyber Issues Chris Painter — implored a …

Cyber-Attack Against Ukrainian Critical Infrastructure (ICS-CERT) On December 23, 2015, Ukrainian power companies experienced unscheduled power outages impacting a large number of customers in Ukraine. In addition, there have also been reports of malware found in Ukrainian companies in a variety of critical infrastructure sectors. Public reports indicate that the BlackEnergy (BE) malware was discovered on the companies’ computer networks, however it is important to note that the role of BE in this event remains unknown pending further technical analysis

Products, Services, and Solutions

ThreatTrack Launches VIPRE® Endpoint Security (Yahoo! Finance) Latest VIPRE for Business solution is powered by the new VIPRE anti-malware engine, which ranks among the top-performing antivirus products in the world, according to AV-Comparatives

Spikes Security and Osterman Research Publish First-Ever Report on Use of Isolation Technology to Prevent Web-Based Malware Attacks (Yahoo) Spikes Security™, the isolation security company, today announced the availability of the industry's first-ever research that documents the increasing role of isolation technology as a defense against ...

CYBERBIT, Elbit Systems' Subsidiary, Awarded Contract to Supply an Intelligence and Cyber System to a Customer in Africa (WDRB) Elbit Systems Ltd. (NASDAQ and TASE: ESLT) ("Elbit Systems"), announced today that its subsidiary, CYBERBIT Ltd. ("CYBERBIT"), was awarded contract to supply intelligence and cyber analysis and research systems for a country in Africa. The contract, that is in an amount that is not material to Elbit Systems, will be supplied over a two-year period

Telstra talent helps vendor target Australia's cryptolocker 'epidemic' (CRN Australia) Fast-growing Cylance seeks to add local resellers.

1Password 6.2 for Mac has a bigger brain, offers easier import from other password managers (FierceCIO) AgileBits has released version 6.2 of its 1Password for Mac, which offers a selection of new features and upgrades

Opera Software founder launches Vivaldi, a new browser (Help Net Security) The Vivaldi UI uses React and JavaScript, as well as Node.js. The core of the browser uses Chromium, ensuring pages render quickly and accurately.

Subgraph OS: A hardened OS that prioritizes security (Help Net Security) Subgraph, an open source security company based in Montreal, release the alpha version of Subgraph OS, designed to with security AND usability in mind.

Swipebuster lets you spy on Tinder users – privacy lesson or invasion? (Naked Security) If you’ve ever wanted to know if your friends or lovers are using the Tinder dating app, now there’s a tool for you to find out.

Technologies, Techniques, and Standards

NIST outlines process for creating strong encryption standards (Federal Times) Researchers acknowledge this might put them at odds with law enforcement but stood by the need to protect sensitive information.

SEBI: Commodity Exchanges Need CyberSec Policy (InfoRiskToday) SEBI urges commodity derivatives exchanges to put resilient cybersecurity defences in place to protect themselves from growing attacks. Security leaders say such

FTC debuts web tool for health app makers (Fedscoop) The Federal Trade Commission unveiled a new online tool to help mobile health app developers figure out what federal laws and regulations might apply to their products. The tool asks developers a series of yes-or-no questions, each related to one of four possibly applicable laws: the Health Insurance Portability and Accountability Act, the Federal Food, Drug

Avoiding Legal Landmines in Data Breach Response (Dark Reading) Building a legally defensible cybersecurity program means seeking out guidance from legal advisors before a serious incident forces you together.

A reality check for security leaders on insider risk (CSO Online) Mike Tierney shares his insights on successfully implementing processes to combat insider risk by engaging the right people at the right time in the program

A retailers guide to cyber security (Information Age) In recent times, mobile smart devices and cloud-based platforms have been the predominant sources of new security challenges and have received the majority of attention by businesses. Their proliferation has rapidly produced ‘perfect storm’ conditions, with the traditional security models and practices in place unable to keep pace with emerging threats. Added to this, the importance and amount of data retailers transmit within an omnichannel operational landscape makes the security challenge greater. >See also: How retailers can combat the growing tide of cyber attacks Last year, 38% more security incidents were reported than in 2014, but the increase in the retail sector was an enormous 154%. Here are the main security threats that retailers should address. 1. Making BYOD policies smart The benefits and risks with bring your own device (BYOD) at work are largely known. Data leakage and control of intellectual property is at the top of the risk list, as users can easily…

Take it to the boardroom: Elevating the cybersecurity discussion (Help Net Security) Appointing a chief information security officer (CISO) to take the lead in keeping corporate data safe is a step taken by many forward-thinking companies.

5 security bad habits (and easy ways to break them) (CSO Online) Your end-users are often the weakest link in your organization's security strategy. Here are five solutions to help users strengthen their security posture.

Marketplace

Baltimore, St. Louis, Philadelphia, Selected As Top Cities for Entrepreneur Support By Peer Group of 16 US Cities (CityBizList) Pioneer class of 16 “VilCap Communities” leaders has committed to invest over $1 million in local ventures through peer-selection

Envisioning the CISO of 2020 (InfoRiskToday) Ahmed Baig, founder of the CISO Council of UAE, says security leadership via fear, uncertainty and doubt is a thing of the past. In fact, future CISOs who use those

Cybersecurity Luminaries Join KoolSpans Boards as Escalating Surveillance and Privacy Risks Drive Unprecedented Demand for Mobile Encryption (News On 6) Renowned Experts including Dr. Edward Amoroso, Eran Feigenbaum, Daniel Garrie, Adam Meyers, and Amit Yoran Join KoolSpan’s Board of Directors and Advisory Board

Research and Development

Phishing Attacks Prevented by SCAM (ISS Source) Educating employees on how to recognize phishing emails, those authentic-looking messages that encourage users to open a malicious hyperlink or attachment that

Security Patches, Mitigations, and Software Updates

Apple fixes iOS lock screen bypass that gives access to photos, contacts (CSO Online) Apple has reportedly fixed a vulnerability that could have allowed hackers to bypass the passcode on iPhone 6s and 6s Plus running iOS 9.3.1 in order to access the address book and photos.

WhatsApp is now encrypting all your messages, by default, all the time, end-to-end (Graham Cluley) WhatsApp has made a big announcement, that will help protect the privacy of its one billion users. End-to-end encryption on all communications sent via WhatsApp, enabled by default.

WhatsApp encrypts messages end-to-end: why you should care (Naked Security) WhatsApp has a chequered history when it comes to security and cryptography, so its news about end-to-end encryption makes happy reading.

WhatsApp’s new encryption won’t protect you unless you’re also doing all these things (Quartz) Intercepting your messages in transit is just one—indeed, possibly the least likely—of the ways someone might try to snoop on you.

YAFP (Yet Another Flash Patch) - SANS Internet Storm Center (SANS Internet Storm Center) SANS Internet Storm Center - A global cooperative cyber threat / internet security monitor and alert system. Featuring daily handler diaries with summarizing and analyzing new threats to networks and internet security events.

Rollout or Not: the Benefits and Risks of iOS Remote Hot Patching « Rollout or Not: the Benefits and Risks of iOS Remote Hot Patching (FireEye) FireEye has seen the development of various third-party solutions that allow developers to remotely hot patch an iOS app on a non-jailbroken device without going through Apple’s review process, leading to security risks. This blog examines Rollout.io, a commercial solution that addresses the remote patching problem while remaining focused on security.

Update your ManageEngine Password Manager Pro ASAP! (Help Net Security) A security researcher has revealed 8 security vulnerabilities in ManageEngine Password Manager Pro and has released details and PoC code for each of them.

Cyber Attacks, Threats, and Vulnerabilities

Iceland PM steps aside after protests over Panama Papers revelations (the Guardian) Sigmundur Davíð Gunnlaugsson steps aside amid widespread anger over allegations his family attempted to hide millions in offshore account

Panama Papers: “It was an email server attack” (Naked Security) The Panama Papers – big breach, big news…but how did it happen?

'Panama Papers' leak details ties to insurance fraud in boat tragedy (Business Insurance) A fatal boating accident in upstate New York is cited among the 11 million documents released this week.

How an Aussie security firm broke the Panama Papers (CRN Australia) Nuix technology crunched the data for journalists.

Industry reactions to the Mossack Fonseca data breach (Help Net Security) The Panama Papers, a collection of 11.5 million files leaked from Panama-based law firm Mossack Fonseca, are now online. The documents show in detail just

Hackers branching out to law firms (Business Insurance) Move to "soft targets" opens door to merger & acquisition and potentially stock information for a bigger payday for cyber criminals.

Three-year-old IBM patch for critical Java flaw is broken (CSO Online) Security researchers have found that a patch released by IBM three years ago for a critical vulnerability in its own Java implementation is ineffective and can be easily bypassed to exploit the flaw again.

Black hat SEO campaign targets WordPress and Joomla installations (Help Net Security) In this Black hat SEO campaign, the attackers injected a fake jQuery script into the head section of the websites. It went unnoticed by random visitors.

Trojan found in more than 100 Android apps on Google Play Store (Graham Cluley) Researchers have uncovered a new strain of advertising spyware in more than 100 Android apps downloadable from the official Google Play Store.

Chrome extension was secretly redirecting users to ad pages (Naked Security) Somebody bought it and stuck in malicious code to redirect a user’s traffic through a proxy, show them ads and snoop on their web browsing.

Crypto ransomware targets called by name in spear-phishing blast (Ars Technica) Once the domain of espionage, personalized scams embraced by profit-driven scammers.

PowerWare or PoshCoder? Comparison and Decryption (AlienVault Blogs) PowerWare was brought to my attention by Carbon Black via their blog post. PowerWare is downloaded by a malicious macro-enabled Microsoft Word document that is distributed via a phishing email campaign. The malicious document in question attempts to convince the user to enable macros by informing them that the file is protected by Microsoft Office. This, of course, is a farce. Once the macro is enabled, the PowerWare payload will be downloaded and executed. PowerWare, unfortunately, is hitting

New Locky Ransomware Variant Implementing Changes in Communication Patterns (Check Point Software Blog) Recently, Check Point published a detailed report describing Locky, an emerging new ransomware threat, which was first reported on February 16, 2016. New characteristics related to its communication have now been observed in the wild.

Incident response teams dealing with 3 to 4 Ransomware incidents weekly (CSO Online) Ransomware has gone from a niche attack to a booming criminal market since its introduction in 2013. Dozens of organizations have faced Ransomware attacks this year, and some of them have turned to Stroz Friedberg for help. In an interview with Salted Hash, the company says they were dealing with three to four Ransomware cases per week in the first quarter of 2016.

BillGates Malware used in DDoS Attacks (Akamai Blog) By Bill Brenner, Akamai SIRT Senior Tech Writer Akamai's Security Intelligence Research Team (SIRT) continues to see the BillGates trojan/bot family of malware being used to launch DDoS attacks. Attackers who control the malware -- first disclosed on a Russian...

New Variant of TinyPOS Discovered (SecurityWeek) TinyPOS malware gathers input card data before the system can encrypt it, but is written in "'hand rolled' assembly language and comes in at only 5120 bytes."

Trump Thinks the U.S. Is Obsolete on Cyber. Are His Hotels Also? (Foreign Policy) Hackers reportedly stole credit card data from the GOP frontrunner's hotels.

Europe’s ports vulnerable as ships sail without oversight (Financial Times) Data show ships making unexplained stops in terrorist havens before entering European ports

Oculus Rift sparks Ts and Cs storm over sharing data with Facebook (Naked Security) Oculus Rift users can expect to share their “physical movements and dimensions when [using] a virtual reality headset” with Facebook and pals.

Hacker-for-Hire Market is Booming, Says New Report (WSJ) Intelligence analysts found that business is booming in underground markets for Russian and other hackers, according to a new report released Tuesday by security firm Dell SecureWorks Inc.

Academia

Wendy Hall Named Kluge Chair in Technology and Society (The Library of Congress) Dame Wendy Hall, professor of computer science at the University of Southampton, England, and an early pioneer in serious research on computing and the web, has arrived at the John W. Kluge Center at the Library of Congress as the Kluge Chair in Technology and Society.

Hands-On CyberSec Skills Needed (InfoRiskToday) Each year the skills gap estimate for cybersecurity goes up, with few concerted, industry-wide efforts to address the issue. What organizations in all sectors truly

Litigation, Investigation, and Enforcement

FBI Analyzing Data From San Bernardino iPhone for Leads (WSJ) The Federal Bureau of Investigation is still analyzing data on the iPhone used by a San Bernardino, Calif., terrorist and won’t decide whether to talk about what it has found until after that examination is complete, a senior FBI official said Tuesday.

How a federal spy case turned into a child pornography prosecution (Washington Post) An investigation in California illustrated the use of national security powers in a criminal matter.

Stolen federal equipment puts sensitive data of millions at risk - again (FierceGovernmentIT) U.S. Senate investigators expressed frustration with Obama administration officials following the theft of a laptop and portable hard drives from a federal building in Washington state

State Department: Don’t Ask Hillary Aides About Classified Info in Lawsuit (The Daily Beast) Lawyers object to any attempt to ask Huma Abedin, Cheryl Mills, and others about how information was handled—and are dead set against Clinton testifying.

FBI director: No rush to finish Clinton email probe before convention (POLITICO) Making sure the inquiry is done "well" is more important than speed, he said.

Man given jail time for sending gun emoji to ex (Naked Security) It’s a mere emoji, not a death threat, his lawyer argued. A judge disagreed, sending the gun-texting ex-boyfriend to prison for 3 months.

Design and Innovation

Brave will pay you to see ads with its ad-blocking browser (Naked Security) You’ll get micropayments in Bitcoin if you opt in to see ads that won’t bog down page loading, track you like a blood hound or mess with your privacy.

How you move your mouse could stop cybertheft (CNBC) Biometric technology has swiftly emerged as a go-to solution for improving digital security and how fast you type could soon stop hackers.

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

newly Noted Events

ISSA LA Eighth Annual Information Security Summit (Universal City, California, USA, May 19 - 20, 2016) The ISSA-LA Information Security Summit is the only educational forum in the great Los Angeles area specifically designed to attract an audience from all over Southern California as a means to encourage participation and interaction among all three vital information security constituencies: (1) business executives, senior business managers, and their trusted advisers; (2) technical IT personnel with responsibility for information systems and the data they contain; and (3) information security practitioners with responsibility for ensuring the security of sensitive information. Training and Reception on Thursday - Forums and Sessions on Friday.

upcoming Events

SANS Atlanta 2016 (Atlanta, Georgia, USA, April 4 - 9, 2016) Learn the most effective steps to prevent attacks and detect adversaries with actionable techniques that you can directly apply when you get back to work. Take advantage of tips and tricks from the experts so that you can win the battle against a wide range of cyber adversaries who want to harm your digital environment

Cyber Security Summit Atlanta (Atlanta, Georgia, USA, April 6, 2016) The Inaugural Atlanta Cyber Security Summit will be held April 6th at the Ritz-Carlton, Buckhead. This event is for Sr. Executives only. We are Honored to have the US Asst. Attorney General of National Security, the Honorable John P. Carlin keynote along with experts from The FBI, The US Secret Service, Intel Security and dozens more. The invited attendees will have a catered breakfast, lunch & cocktail reception with fellow business leaders. Limited Passes still available, for 50% off use promo code cyberwire50 at CyberSummitUSA.com (just $125 with code).

ASIS 15th European Security Conference & Exhibition (London, England, UK, April 6 - 8, 2016) ASIS Europe 2016 invites you to join security professionals and experts from over Europe and beyond in one of the most dynamic centres of business and culture in the world

ISC West 2016 (Las Vegas, Nevada, USA, April 6 - 8, 2016) ISC West is the leading physical security event to unite the entire security channel, from dealers, installers, integrators, specifiers, consultants and end-users of physical, network and IT products. With over 1,000 exhibitors and brands, spanning hundreds of product categories, it's the Must-Attend event for the global security industry. ISC West is where the security community gathers to see new products and technologies first, to network with other security professionals, and to stay on top of emerging security risks with cutting edge education

Cyber Risk Management 360 (Baltimore, Maryland, USA, April 7, 2016) The Cybersecurity Association of Maryland, Inc. (CAMI) is partnering with the MD Department of Commerce, Chesapeake Regional Tech Council and Greater Baltimore Committee to host our first Signature event designed to help keep Maryland’s businesses cyber secure and connect them with Maryland’s cybersecurity providers. Join us for an information-packed cybersecurity panel discussion followed by a business exchange and networking hour during which attendees can visit sponsor and MD cybersecurity company exhibits.

Cybersecurity and Privacy Protection Conference (Cleveland, Ohio, USA, April 7 - 8, 2016) The Center for Cybersecurity and Privacy Protection 2016 Conference will bring together experienced government officials, in-house counsels, business executives, cyber insurance leaders, litigators, information security officers and privacy managers to discuss current developments and best practices in cybersecurity and privacy protection. The conference is aimed at identifying innovative strategies that integrate legal, managerial and technical approaches to managing cyber and privacy risks. Join us to connect and engage with leading experts who will address cyber and privacy risk-management strategies, regulatory compliance, civil litigation following high-profile data breaches, law enforcement cooperation and information-sharing models, incident-response and cyber-risk insurance.

Spring Conference 2016: Creating a Cybersecurity Communtiy (Los Angeles, California, USA, April 11, 2016) The ISACA Los Angeles Chapter provides affordable quality training on fundamental information systems auditing concepts and emerging technology risks, and an opportunity to network with other auditing and security professionals.The Spring Conference is the leading Information Systems IT governance, control, security and assurance event for the Southern California area.

Rock Stars of Risk-based Security (Washington, DC, USA, April 12, 2016) Virtually every company will be hacked, and today, experts accept that a 100% security solution is not feasible. Advanced risk assessment and mitigation is the order of the day. Rock Stars of Risk-Based Security is the must attend symposium of its kind in 2016 on this critical new reality.

Federal Security Summit 2016 (Washington, DC, USA, April 12, 2016) Advanced threats and more sophisticated hackers are making it increasingly difficult to protect mission-critical government systems and communications. The U.S. Government is probed 1.8 billion times per month, and 66% of these breaches take up to a year to be discovered. With over 200,000 new malicious programs created daily, what are agencies doing to fight off cyber attacks and keep systems secure? This interactive working breakfast panel will share best practices and solutions.

Workforce 2.0: How to Cultivate Cybersecurity Professionals (Baltimore, Maryland, USA, April 12, 2016) Please join Passcode along with White House Chief Information Officer Tony Scott and other leading figures in digital security to explore the newest ideas and approaches to close the cybersecurity skills gap. At the event, Passcode will also launch its new Security Culture section that will unpack and illustrate the far-reaching and increasingly important role that digital security plays in daily life.

Threat Hunting & Incident Response Summit 2016 (New Orleans, Louisiana, USA, April 12 - 13, 2016) The Threat Hunting & Incident Response Summit 2016 focuses on specific hunting and incident response techniques and capabilities that can be used to identify, contain, and eliminate adversaries targeting your networks. Attend this summit to learn these skills directly from incident response and detection experts who are uncovering and stopping the most recent, sophisticated, and dangerous attacks against organizations

QuBit Conference (Prague, the Czech Republic, April 12 - 14, 2016) QuBit offers you a unique chance to attend 2 selected Mandiant training courses, taught by some of the most experienced cyber security professionals in the business

Cloud Security Expo 2016 (London, England, UK, April 12 - 14, 2016) Cloud Security Expo is a cloud security event with over 80 dedicated cloud security exhibitors, seven streams of content, over 150 security speakers, and 40 real cloud security and compliance case studies. The conference will bring together the top business leaders and decision makers from across organisations and sectors already profiting from securing the cloud with confidence.