Cyber Incident Response: What To Do When Cloud Bites Back

Grazed from CCI. Author: Nick Pollard.

The technology increases efficiency by removing the need for physical infrastructure, but cloud contracts can present significant practical obstacles to incident response (IR) strategies. When a security incident happens, the speed at which the breach is identified is integral. The faster the response, the more quickly infectious malware can be halted, access stopped, sensitive data protected, and the threat remediated.

This makes a significant difference in controlling risk, costs, and exposure. But in a cloud world, the challenge arises when a company wants access to the servers that infrastructure is based on. Often, data centre providers will not allow a business to get into these, making it impossible to know where the attack is coming from...

Cloud Computing: What's the Cost of a Cyberattack?

Grazed from CFO. Author: David M. Katz.

In a February editorial about the buildup of cyberattacks between the United States and Iran, The New York Times quoted President Obama’s observation that, compared with conventional weaponry, cyberweapons provide “no clear line between offense and defense.” Thus, getting into the enemy’s networks to exploit its weakness and disable its ability to attack you is both offense and defense.

Citing “major banks, Sony Pictures Entertainment, [and] an electrical utility,” the newspaper observed that such recent examples reveal that even corporate computer systems once considered impregnable are vulnerable to attack. In the borderless world of information technology, in fact, computer-security specialists and corporate risk managers have begun working on the assumption that it’s impossible for companies to keep their networks completely free from penetration...

Cloud Computing: 3 Reasons Apple Is Pushing for NSA Spying Reforms

Grazed from TechCheatSheet.  Author: Nathanael Arnold.

Earlier this week, Apple and several other major U.S. tech companies renewed their calls for the U.S. government to reform its controversial electronic surveillance programs. In an open letter addressed to President Barack Obama, NSA Director Admiral Rogers, Attorney General Eric Holder, and several prominent members of Congress, Apple and dozens of other signatories urged the government to end the bulk data collection practices that were authorized under Section 215 of the USA Patriot Act.

As noted in the letter, Section 215 of the USA Patriot Act is used as the legal basis for the NSA’s bulk collection of electronic communications metadata. The letter also asked the government to institute “transparency and accountability mechanisms for both government and company reporting” for decisions made by the secret Foreign Intelligence Surveillance Court...

Cloud Computing: The Increasing Cybersecurity Attack Surface

Grazed from NetworkWorld. Author: Jon Oltsik.

I just read a good Wall Street Journal blog by Ben DiPietro titled, Speed of Tech Change a Threat to Cybersecurity. His main point is that while organizations are adopting new technologies like cloud computing, mobile computing, and applications based upon the Internet of Things (IoT), they continue to address cybersecurity risks, controls, and oversight with legacy tools and processes.

This creates a mismatch where cyber-adversaries have a distinct offensive advantage over a potpourri of assorted legacy enterprise security defenses. I couldn’t agree more Ben but it may be worse than you think as this discrepancy has been going on for years. In a 2012 research survey, ESG asked security professionals to describe the impact of numerous new IT initiatives on infosec operations and management at their organizations (note: I am an ESG employee). The research indicated that:...

Read more from the source @

Cloud Computing: Most Cyber Attacks Occur From This Common Vulnerability

Grazed from Business2Community.  Author: Tim Clark.

As you read this, hackers are working diligently to uncover avenues, inroads and byroads to get into your confidential corporate data. I know what you’re thinking. You’ve heard this all before, your company isn’t vulnerable and you already took care of it. Are you sure?

Time for a reality check. Even if you figured out how to plug holes in your networks, the hackers may be gaining access through applications and solutions. Sure, many organizations have significant network security in place but it’s not enough as 84% of all cyber-attacks are happening on the application layer...

Cloud Computing: Rise of the cybermen - A guide to neutralising 2015’s most dangerous security threats

Grazed from ITProPortal.  Author: Wieland Alge.

Recent speeches by UK Prime Minister, David Cameron, and US President Barack Obama demonstrate that cyber security is still a huge concern for national governments.  We should be in no doubt that another raft of counter-measures is being considered at national and international levels.

However, those in charge of IT security in the business community are not necessarily taking their cue from world leaders to re-evaluate their own policies and ensure they are still offering protection from the kind of cyber attacks that are likely to occur in 2015...

Cloud Computing: Top 3 CIO Challenges in 2015: Security, Downtime and Talent

Grazed from LogicWorks.  Author: Editorial Staff.

What are the top CIO challenges in 2015? According to a survey reported yesterday on, security, downtime, and staffing top the list of workplace issues “keeping CIOs up at night.”

No surprises there. After a flurry of recent high-profile cyber-attacks and internal security breaches, the majority of CIO executives will ramp up the security and availability of their systems in 2015, according to the report. Unfortunately, this often means that teams are scrambling to finish a checklist of CIO security concerns to patch up the most immediate vulnerabilities, rather than taking a longer view and building rigorous and monitored security practices into all layers of their IT deployments...

Security Vendors Say New Technologies Needed to to Bolster Cloud Defenses

Grazed from eWeek.  Author: David Needle.

Much work remains to be done if security breaches such as those at Sony Pictures Entertainment and health insurer Anthem are to become a rare event. That was the consensus of security vendors speaking at the OnCloud 2015 conference here this week. While malicious hackers will continue working to crack the latest security schemes, Barmak Meftah, CEO of AlienVault said security could be greatly enhanced by enterprises sharing more information.

“Imagine if we had a way to share threat data around the world,” he said. “For once we could be more proactive rather than reactive.” Only recently have companies become more forthcoming about data breaches, thanks largely to legislation and social media giving consumers an outlet to quickly spread the news that their personal accounts have been hacked and private information exposed...

See more at:

Cloud Computing: What Google knows about data security that you should know too

Grazed from CBC. Author: Jeff Green.

A new report on cloud storage prepared for Google by a Hamilton-based risk advisor shows that businesses need to take a truly global look to completely secure data. And in an interview with the CBC, James Arlen, director of risk and advisory services for Leviathan Security Group, says the same principles of data security companies such as Google need, apply to your personal data, too.

Arlen said the average person treats their personal memories like a digital shoe box, adding it just takes one "flood" for a catastrophic loss to occur. "The person who kept all the photos of the first four years of their child's life on their computer and now their hard drive crashed," Arlen said. "Now your child's photographic life begins at four."...

Cloud Computing: Cyber Security Web Site Dedicated to C-Suite and Business Personnel Launches

Grazed from PR.Com.  Author: PR Announcement.

The proliferation of cloud computing, big data, BYOD, mobile and inter-connected networks have become opportunistic breeding grounds for cyber criminals to disrupt business operations and cause financial loss as well as to gain access to corporate and personal data. Such losses were estimated last year in excess of $500 billion effecting companies of all sizes.

The impact of a corporate security exposure or breach is staggering and prior implications have proven to result in a loss of revenue, customer confidence and litigation...