data

Understanding the intersection between health care and data security is becoming more critical in our increasingly connected world. In order to keep sensitive medical records secure, hospitals and other health care organizations need to recognize what makes this data so valuable and appreciate that they face unique data security challenges.

Also unique is the path that brought Dr. Michael Ash to his current role as Associate Partner for Security, Strategy, Risk and Compliance at IBM. Having previously practiced as an oral surgeon with the U.S. Air Force, Michael has an uncommon familiarity with the worlds of both health care and security. In this podcast, Michael uses his distinct viewpoint to illustrate the value of protected health information (PHI), the dangers of ransomware and the need for better security practices in the health care industry.

Listen now — or download and listen on the go — to hear Michael’s data security insights and his actionable advice on what organizations can do to address their PHI protection challenges.

Read the IBM X-Force Research Report: Security Trends in the Health Care Industry

Never miss a new edition of the Security Intelligence podcast! Subscribe today via iTunes or your favorite platform.


Security Intelligence

Data Center Racks

Data centers are the heart of many enterprises, providing scalable, reliable access to the information and applications that define the organization. As these data centers have become more valuable, so too has the job of securing and monitoring them. However, data centers come with their own unique requirements, challenges, and threats. 

Yet, in many ways, data center and virtualized security has been built in the image of the traditional campus network security. The problem is that the data center is not the perimeter. While porting over the models from the perimeter may feel familiar and safe, it can lead to dangerous gaps in security. 

Moving Beyond Segmentation to Cyber

Using the network perimeter as its model, the industry has sought to virtualize perimeter controls and move them into the data center. This approach began with the bedrock of perimeter security, the firewall. Initially this included simply porting traditional firewalls to run as virtual machines, and then progressed into more agent-based segmentation models that were closely integrated with the virtualization platform software itself. In both cases, the focus remained on enforcing policy within the data center. 

However, creating and enforcing rules is not the same thing as catching an intruder. On the perimeter, firewalling functions are complemented with a variety of threat detection and prevention technologies such as IDS/IPS, anti-malware solutions and web filtering, just to name a few. And like their firewall brethren, many of these perimeter threat-prevention technologies have been ported over to the virtual environment. 

Advanced Attacks and Mature Attacks

The problem is that data centers are not simply perimeter 2.0. A data center will often encounter an attacker at a far more mature phase of attack than the perimeter will, and likewise, will experience different types of threats and attack techniques. 

Specifically, perimeter threat prevention technologies tend to be heavily focused on detecting an initial compromise or infection (e.g. exploits and malware). The problem is that attackers will often only move against the data center after they have successfully compromised the perimeter. 

The attacker may have compromised multiple devices, stolen user credentials or even administrator credentials. Instead of exploits or malware, attackers are far more likely to search for clever ways to use their newly-gained position of trust to access or damage data center assets. This means that a data center will often encounter attacks in a more mature phase of attack that may lack obvious indicators of malware or exploits.

Getting Behavioral

This is prime example where behavioral threat detection models should come into play. More than simply looking for strange or abnormal user behavior, we also must recognize the fundamental behavior of the attack tools and techniques in the hacker’s arsenal. 

Compromising administrator accounts, implanting backdoors, setting up hidden tunnels and RATs are all standard operating procedure for an ongoing persistent attack. All of these techniques have telltale behaviors that can make them standout from the normal traffic in your network, provided that you know how to look for it. In some ways you can think of it as a evolution of threat detection that focuses on recognizing malicious verbs instead of malicious nouns. Instead of looking for a specific malicious payload, you can look for what all payloads do.  

Preempt the Silos

Next we must remember that attackers do not conform to our boundaries, and that attacks will often span both the campus side of a network as well as the data center. It is crucial that security teams retain full context of an attack even when it spans both environments. 

For example hidden command-and-control traffic, network reconnaissance, lateral movement, the compromise of user and admin credentials can all precede an intrusion into the data center. Each of these phases represents an opportunity to detect an attack and it is important for security teams to see as much of this context as possible before the attack reaches the data center. 

This is why it is essential to have a unified approach to cybersecurity that spans the campus and data. Cyber attacks are complex interconnected events, and treating the data center security as a separate silo only helps the attackers. However, if we treat the campus and data center as the interconnected resources that they are, we can actually use the complexity of an attack to our advantage as defenders. The more steps an attack has the more chances we have to detect and correlate them.

A user behavior anomaly in the data center is probably not enough on its own to definitively detect an attack, and chasing down every anomaly would probably be a very poor use of an analyst’s time. However, seeing that a host has shown tunneling behavior on the campus network, used knocking sequences that reveal attempts to communicate with a backdoor on a data center server, and also seems to be slowly accumulating data leads to a very definitive diagnosis. 

All of this leads us to a point where we need to recognize the uniqueness of the data center and the threats that they face, while also recognizing that this uniqueness does not make them separate. We should look for the attack techniques that are unique to the data center, while retaining the context of everything we have learned in the campus. This can require some planning, but is very achievable.

view counter

Wade Williamson is Director of Product Marketing at Vectra Networks. Prior to joining Vectra, he was a Senior Threat Researcher at Shape Security. He has extensive industry experience in intrusion prevention, malware analysis, and secure mobility. He has extensive speaking experience having delivered the keynote for the EICAR malware conference and led the Malware Researcher Peer Discussion at RSA. Prior to joining Shape, he was Sr. Security Analyst at Palo Alto Networks where he led the monthly Threat Review Series and authored the Modern Malware Review. He has also led the product management team at AirMagnet where he helped to develop a variety of security and network analysis tools targeted to WiFi networks. He has been a steady and active researcher of new threats and techniques used to compromise enterprise networks and end-users.

Previous Columns by Wade Williamson:

Tags:


SecurityWeek RSS Feed

Criminals have started to aggressively erase EXIF metadata from their photos to make it harder for authorities to locate them, Harvard University students Paul Lisker and Michael Rose find.

Unbeknownst to most, digital cameras and smartphones that shoot in JPG or TIFF formats write information on where a photograph was taken, when, and the camera used, every time the virtual shutter opens. That data is written in the "exchangeable image file format" (EXIF) standard.

The Harvard pair collected images of drugs and weapons taken by criminals and used in ads placed on dark markets and saved them to a data repository maintained by an independent security researcher Gwern Branwen.

That cache contains some 83 dark markets and 40 associated forums from 2013 to 2015, totalling 44 million files or 1.5Tb of data.

Bash scripts were used to search for EXIF data including longitude and latitude data among the included .jpg files.

They found 229 unique images that contained geolocation data that, unless spoofed, would locate the place the photos were taken within one or two kilometres.

Some 223,471 unique dark market images were analysed in total, with mossing missing their EXIF data.

The largest dark market, Agora, likely stripped metadata from images on its site, the pair found, since EXIF data was absent on all images after 18 March 2014.

"First, it was common in many cases to observe sites, typically residential, surrounded by 5–10 tagged images separated by a few meters," the pair say.

"This suggests the behavior of sellers who are careless on a regular basis, rather than the occasional forgetfulness of not stripping data or purposeful manipulation.

"We also found several instances of these clusters incorporating listings on multiple sites, pointing to sellers with activities across the darknet and failing to strip their products’ location on any of the sites up."

They blame sellers and dark market websites for failing to remove EXIF data from images. ®

Sponsored: Optimizing the hybrid cloud


The Register - Security

In modern business, the complexity and range of use cases for mobile continues to expand. Mobile data, the catalyst for this growth, is a double-edged sword: It empowers organizations just as much as it endangers them. It provides invaluable information instantaneously and a constant connectivity that enables workers to do their jobs regardless of where they’re situated.

Its benefits notwithstanding, mobile data exposes companies of all types and sizes to innumerable risks related to its transmission, storage and overall level of protection.

Through continued global investment in its platform, services and technology, IBM MaaS360 provides the tools and resources required by worldwide enterprise mobility management (EMM) clients to carefully balance the benefits of mobility with its associated risks. This enables organizations to achieve an equilibrium that ensures:

  • Compliance with local, national and global regulations;
  • Data privacy; and
  • A strong mobile security strategy.

MaaS360 for Cross-Country Data Compliance

Regarded by leading analysts as a best-in-class cloud offering, MaaS360 EMM epitomizes the 24/7 accessibility that empowers organizations to fully enable, manage and secure their mobile devices, apps, docs and data on a global scale. These clients must also comply with local data privacy regulations as their mobile data makes its way across international borders.

To accommodate customers seeking a software-as-a-service (SaaS) offering whose operations extend across foreign countries and continents, MaaS360 has announced an expansion that will extend localized services within the next two years across Europe, Asia and the Americas. Developmental processes have already begun for the first two, for which support will launch in India and France.

MaaS360 will be added to existing IBM Cloud locations. To date, IBM Cloud has amassed 47 data centers across 26 countries, a network with which MaaS360 will continue to grow as IBM further extends its global footprint.

map illustration with pinpoints for all the MaaS360 datacenters launching in 2016

Built for Compliance

MaaS360 will be contextually architected with regional ordinances taken into consideration. This will enable customers to expand their flexibility via global transmissions of mobile data without violating local privacy standards.

For example, European clients, and others whose data flows through Europe, will need to abide by new EU directives arriving in May 2018. The General Data Protection Regulation (GDPR) will dictate how businesses address their data life cycles — things like management, access, storage and security. Those who fail to comply will face costly consequences. It’s important for clients to maintain focus on large-scale mobile rollouts that meet local requirements.

Expert Consultation for GDPR Readiness

Merely complying with regulations should never be the goal. Compliance should be the starting point of a larger strategy built for long-term success.

With IBM Privacy Consulting Services, customers can analyze their current processes and fine-tune their efforts surrounding data privacy. Experienced IBM mobility experts work directly with your internal business, legal, IT and management representatives to address current gaps, establishing best practices to oust the competition and maximize returns on other technology investments.

illustration for MaaS360 datacenter launch announcement in 2016.

With more than a year remaining until the GDPR is in full swing, now is the time for organizations to peel back the layers on their current strategies and determine how they can put their best foot forward for future success within an intensifying regulatory climate.

Leveraging IBM Privacy Consulting Services, clients can assess their readiness for the GDPR and identify the roadblocks they’ll need to overcome between now and May 2018 to ensure they’re acclimatized for data privacy.

New Services to Accelerate Mobile Success

Expanding on its new service offerings portfolio, IBM MaaS360 unveiled a complete program geared toward maturity and success with secure enterprise mobility, including:

  • Mobile Security and Productivity Workshops to ensure strategy, policy and technology are aligned to meet organizational goals for enterprise mobility;
  • Mobility Success Services to help your organization achieve fast time to value for your investment in MaaS360 for mobile devices, apps and content;
  • Health Check Services to assess full mobile environment status, review challenges and recommend actions; and
  • Mobility Training Workshops to impart mobile expertise to operations, administrative and help desk teams.

Among our Mobility Success Services, customers may opt for Quick Start or Time-to-Value Services, which can be completed in as few as six days or up to three months, depending on how thorough of a review they are looking to complete.

Quick Start Services afford fast and exceptional guidance to maximize your investment. With Time-to-Value Services, we remain at your side every step of the way for an in-depth engagement to help maximize ROI and jump-start mobile transformation.

Since the organizations we work with scale widely in size and variety, each service is catered to the unique needs of the individual client. We begin by gathering specific information on the environment in its current state, analyzing findings and measuring for competency with industry standards. We then provide recommendations to ensure all facets of the program are hitting on all cylinders for a successful implementation.

MaaS360 Packaging Structure

In alignment with these new services, IBM recently released new product packaging for MaaS360 that is structured around organizational maturity within the EMM market:

  1. Essentials for entry-level mobility management;
  2. Deluxe for extended control over secure productivity;
  3. Premier for the full gamut of tools needed for access and collaboration; and
  4. Enterprise for sophisticated analysis, malware detection and effortless scaling.

Sequentially organized, each new tier is intended to grow alongside enterprises, taking into account the various malleable forces at play in the ever-changing market. These include strategy shifts, increases in device volume, software and hardware advancements, new use cases for mobile and the growing threat landscape.

EMM Meets CASB for End-to-End Integration

Without the right tools to assess activity, analyze threat severity and enforce corporate policies, cloud resources in your environment can be accessed without authorization. IBM’s latest integration of MaaS360 with IBM Cloud Security Enforcer (CSE) gives system administrators the visibility, analysis and control that is critical to achieving secure mobile cloud resource access in their environment. The integration enables security leaders to:

  • Assess identity and security posture to control access to enterprise cloud apps;
  • Leverage IBM X-Force integrity analyses to evaluate the integrity of accessed resources; and
  • Prohibit access to apps that do not meet security requirements.

Learn More

In the coming weeks, MaaS360 experts will outline the full impact of these new investments and advancements as they make their way to the enterprise. Join us for our upcoming webinars and learn how:

  • MaaS360 will enable adherence to regional data privacy standards;
  • Services aid in the design and development of a modern mobility strategy;
  • Solutions packaging accelerates organizational maturity with enterprise mobility; and
  • CSE integration advances transparency and control over cloud app and resource access.

MaaS360 Goes Global to Keep Data Local — Join the Sept. 28 webinar to learn more


Security Intelligence

The Cabinet Office is failing to coordinate the UK's government departments' efforts to protect their information according to a damning report by the National Audit Office.

The NAO found that the Cabinet Office failed in its duty and ambition to coordinate and lead government departments’ efforts in protecting such information.

The Cabinet Office has “tried to take a more strategic role in offering support and guidance to central government departments,” the NAO report found. “However, senior-level governance remains complex and unclear and, until recently, a wide array of central teams have been involved in information assurance and protecting information, sometimes offering overlapping and contradictory advice.”

Reporting personal data breaches is chaotic, with different mechanisms making departmental comparisons meaningless. In addition, the Cabinet Office does not have access to robust expenditure and benefits data from departments, in part because they do not always collect or share such data. The Cabinet Office has recently collected some data on security costs, though it believes that actual costs are "several times" the reported figure of £300 million.

As a result, NAO stated that GCHQ dealt with 200 “cyber national security incidents” per month in 2015, double the number of attacks it had addressed in 2014, though the result of these attacks has not been reported.

The report certainly suggests that departments need to get their own houses in order before they start opening up access to even more of citizens' data, as per the porn-blocking Digital Economy Bill, with 8,995 data breaches in the 17 largest government departments in 2014-15.

Government departments are being challenged by the increasing need to share data with other public bodies, with delivery partners, service users, and citizens. According to the NAO, recent years’ “cuts to departmental budgets and staff numbers, and increasing demands form citizens for online public services, have changed the way government collects, stores and manages information”.

At the same time “the threat of electronic data loss from cyber crime, espionage and accidental disclosure has risen considerably. Alongside this new challenge, reporting to the Information Commissioner’s Office (ICO) by public bodies shows that the loss of paper records remains significant.”

Efforts have complicated by the lack of coordination by the 12 separate teams and organisations which play a role in governmental infosec, including: GDS; GCHQ; CESG, CERT-UK; and the UK National Authority for Counter Eavesdropping (UKNACE).

That this work hasn’t been coordinated “has meant that a large number of bodies continue to have overlapping mandates and activities” according to the NAO, which noted how last November the then-Chancellor of the Exchequer noted this acronym-heavy problem and the need to “address the alphabet soup of agencies involved in protecting Britain in cyberspace.”

As part of that address, Osborne announced the launch of a new National Cyber Security Centre (NCSC) which will act as a hub for sharing best practices in security between public and private sectors, and will tackle cyber incident response.

Speaking to The Register earlier this month, the former head of GCHQ Sir David Omand said: "Next month, the new National Cyber Security Centre starts its work, under the Director of GCHQ, drawing on the technical expertise of GCHQ staff in operating in cyberspace, a further major development in harnessing the skills of the intelligence community in protecting the public."

NAO's head, Amyas Morse, said: “Protecting information while re-designing public services and introducing the technology necessary to support them is an increasingly complex challenge. To achieve this, the Cabinet Office, departments and the wider public sector need a new approach, in which the centre of government provides clear principles and guidance and departments increase their capacity to make informed decisions about the risks involved.” ®

Sponsored: IBM FlashSystem V9000 product guide


The Register - Security

%PDF-1.6 %äãÏÒ 1 0 obj [/PDF/ImageB/ImageC/ImageI/Text] endobj 4 0 obj <</Length 5 0 R /Filter/FlateDecode >> stream xœ endstream endobj 5 0 obj 8 endobj 6 0 obj <</Subtype/Image /Width 150 /Height 150 /BitsPerComponent 8 /ColorSpace/DeviceRGB /Filter/FlateDecode /Length 7 0 R >> stream xœígx]ŵ÷!!›póá^¾¼onè á’¼¸@hƒ &6„zÁÀIè6ظɲ-˲%Y]Vï½Z½ËjVï½Ë²lÉr’ûþgÖÞsf—st$ ‰÷³=Gçì}ÊþíµÖÍ̞ùßÿ=¿ßÎoç·óÛùíüv~;¿ßÎosޞjk﬩­/.-ËÍ/ŒOLŽKHŽOŠ‰KŒŽM€EÅÄGFÇEDņGÆÀÂ"¢³sóaûË*êšpøää‘sý;þ…¶écÇúúªkëò ŠSÓ3SÒ2RR÷%§¦'¥¤'&§%$ ¥Æ'¦Ø14<*$ ,’,($ †7))-ëìꞜœ<׿òŸm;yêÔÀà`]}#\,3+7#3g_FvzFVÚ¾,Sˆx”’Ãㄤ”ø4ŽJƒÃ‚BaØ­¨¤´£³ëÌ™3çúׇ·S§N WVUçææä îeåäefç ˆY9YÙyx>'¯ûäååçåãùþ2tÎ:…œ@ASÑ? æ·7(;'ï<Ê9m_~ùåÁƒãÈP…%ŒHAˆˆpâ’â’²Òýå°XiYqÉþ¢âÒ¢Råû ê<~Ë<484BÑ×?–•Û××®OÏ·z;}útOoyE•ŽHAa10••WÂ+*À°þ…YXˆ"‡Â7‘4]÷†È}üÂ#£Tל>ï’Ú ì !tD`eåUªkkjêªkêð ê@Í7 QÄXDW¢·ïހÀ|¹cÇfÎõ™;÷ÛéÓgÚ;:C&@5µu MP/0T ç"R. ½|üaˆêǎ;×gñÜlÐ=½} "pà/56575·66µ€à· "B+4R¤[email protected]Õ\ŠçúŒ~£ÛÈÈh}}#p"õ -­íÜÚš[Zç€âyáŸèéåóðòñðdæã»72:6" ¥DtjzÆÙ@¤b)[email protected]ôôöójmm;×çõ›ØŽÍ̀b$ pÔp …@ kkïhmë°bfVNDd´¯_Àf‡­«×¬]õ—÷ædŸ­]¿~ÃfW7$ 50š+DªAWD/ß„Ääééés}Ž¿® eÂððáA–è›;;»;»z cPsÙ1'7?4,b‡³Ë~2Wd¶íãO>Å•àíãrÞ~ˆpFè$ Gq§OEeÕ¹>Ù¿Í?ÞÖÖÑÐØL8ðà»z»º{f…˜_Päãë¿æÓu6¼òÖÊ'þôâ²Wž¾ý™mö­úÏvûò«¯úú…CØ ã¯mˆyù.»\§§Ôpædkñ•,¹ò‚¯ºàÁ«/xèê–’]sÁÃ’á_z;`7ìŒCp aå@q1€&|Ùø¹[·CÙΈˆJÝ=¼‹JJq ŸkóÜNž< 4¡ÀhxddxdthxÄÄä”´›¶Áýæ©E?yðj„ì!"uí¿¿ö‚e?g¶üç.ÿÅ…»Ž›úïò_`eO‚qøC*P•&>׉åºÏ7BºÌ 184冀ˆˆzêÔésMcn®:hN!‡‚ µ±°¨dÓf ;d+8ÅO–¨à«ÔàS„Œ`=z³?üòÂÇ`×3{ÜŠÑ«Ø ;ÓQ€é/T *M|G g_üâãFŽÁa¶!Rù/ b¤’sÅÞ ø¦¦¦ETăѱƒÇ·±¾¡i»ÓN,¹þñ».yà*Åãdp‚Ú~©Àzâ¿™=yÃ…OÁ~uáa¿fö´dô^ÂØ ;ÓQ„•€M%÷J| ¸¤Nü8lÙp¶!"¢ ˆÐ9€ø폨ø†GQ±·¯ÿÐÄaØø¡ Sˆ cdÇÒ9ÅIœêhDíIÎtžý¿Ÿåö܍°ïÁž7‰í‰Cžápñ&TÐ|ä: Jî’—

hbàÛ‘ÉÎC‡xTì<:<9 ›8< ß)1Saw­Âî:pÌ}TjŒ‡uË^æöÊÿ0•Ûk·êž§hș⭚ÏÞ¨¢T½RqIž(UüɃס–Ñ8ãn÷ï4D|Ÿ#GŽ"¯A±"ßôô1dCSˆí]H"²Î¼lé L«È~GiŽ±»%/îq8Ãßþ7½À½ì%Áú춬 »Ùë£çiìü'+}é–‹š„’åy€\I”ÄW]ô3TrPÝ°Ñྋ™t™ž;„ÁËffŽ;6c ±¤´ì£×ˆ_ˆÄÂ&i•¥×hüîIbÇC¥î•[,Ôˆè¼ûíVÂîøÁ›6 ;`7ìü†Àʁ š„’%°:Ž"®rƒ ºì•§ÅÏY½fíÞÀ¨˜øY!"'BÞ 2é25…° ×DÈ­|3…˜¾/CÎz¬0®GZå×éØ1§C¨D{Y€ãNôºŠŒ¸¼uÇÅoÝyñŸ™]ò6Ù]cÏÓ>؇¨L9Ð×µ(™Wr—4áxÝ…¤sTg¼þñ»…3"¢Bº|W âÓOœ<É_? "Á?~ü„ºé É bJÖ[r•%lB<°|§cG¡Rõ8œJ ,Ö;ÜÞ…ÝÍl•£WßU÷û®‹9S…&ÞÖ‚òVö¡ŠKj9âKB²Š ú û!—=ü+¹Àm—=ƒCOœ8y® âsÏœ9ƒŠ‚ƒÃàj¦ƒÅ¯C¬DNR,Ë¥°ù4Ïwzv

<¸¿ª¢¯¿ dÒˆK\Eå scÍãÌø6:̘Ê6vp“v¦Ã‡GG¡+z{Ÿpû{¥–ãJ®]Wˆ *9ãSŠ¼a5#~2û¢ŸÉU¿ËnwkEÛ)T Nà7Ÿrúôé¶6Ö㈤(ñP&!ÊÁSÅw•Š‰OœÏßȲÞË·8„{Jø¬²£ '\Ž£;8ÓÑDÄǬö=áþ!eLŽ¯ËΨfFüüJ‹ñþËïy~¹=ÂFôbÄÆ'"1ñ)==}ˆs-­pÁnülüp#ÄŒŒ,}ðTðqÝB‰O-¼RxíÖŠÚjÆÎßȈÀGìdp4ãcãÌ*vH5ö/½dŠ²§§¿qÏG,]Êßæ5ˆT¹3òˆjø„¢6œúúšBý‰ûËʿ÷ªÆ¦–¦æ[email protected]'P±¬¼Â€ïJ->%ñ)¢gcÅíHõ  àé âÌoqÜ&ÊvV÷‘òÔãSKªV²"8«ë vÚyhVj¶iâÍò¦§¦5ûúžÄîSjáŒoßÅ"*j‘M ruºøJÔ‰¢Øwزîg4B¥š¾ŽXʺݏ«­k¨«oD¤œm#ÄаÑhÆZ]¨l_FÊSÉŠ÷½ªâ“zïÜ‚føT¹b…‘"·Ã‡›ë¯œŸÐÕ××_XXˆ ö•´"û“žÿÛ÷iœQŽ¨zˆBØP‰ÁŠýËþ•H+î{¼L!î ¡!‹ªÐKáÚÍÍ-5µõ€ J ¡2ÄŠÊ*ñ=Y›çý—+eû£¼p ´4«««KKKQ ˆñ¾ Ä÷­AdÂF)1Pìã‡?¦ªžE†»‡·)D1Œ?/¿p¡$ ç±²ªºê@ ¢ìêîÑA¬®©ñ󲥿’ÒW/HîÏ)e;Sà$ ]´ø[email protected]|ÂõLØ8…ÑáÙÌBSEYVV¶ÿþŽŽS‚ˆ-RÒ¢" ¥Nä-6BÕP,}àŠë¿[ÄR1PJ†ˆX*n¨™šš:7$ „t©¨<ˆM͝]ÝÔš-CtÚ±S–`ñóÁ«ôéïß [email protected]ÈQîøpN::;mà3u=…mjG¸ÙD‰ü[^^ˆMMMÖ ˆ[¬AdêT­_¾E‘¦"!bé¶íÎòl¢¸+ª¸¤ôì݈äN7÷`ÔoÍ–!æäækô§!~*ê‰~Åm¬~ëÖŠŇsÒÙÙi ܼ­½S±ÅÚë:{kjj©¬¨Äææf bÿ€Q §¼Ä`u"µØ0Us‹šo`Jà%–ʺg„ˆXJ÷'ú¥ª°iY ¢Ž­Ù2ÄÏÖ®·4¿þ¤òÇÏï='ÒßmL³!ý1Æر¢UU¢m‚:OÔQm±áª†%Dc,½ÿrÑÚæà¸]7ï A„IJòŠ³qC8 ®>k 6·°¶PÄ”Ôt1ÎS¦?Y¿ƒ6~jÒŸ„ïC†ïÇŸ<ÐÙÙ%)OCð”#§.l9:yT¶©#dSS_šdf9¤¥¹åÀj‚8+Á¯ŒÂæ=QìKªÆKÕâºôák/XråO¼NHxœ"|“n÷FÝqòäü;ñ¿øâÀ*)-DȨPjЖ[email protected]¡?¥ø)ÒÔáŸãûˆá»t5'¨-¬á“sÜ¬àŽªfJ“Ž­©©…J#ˆ8cöBP!¾/ Ê Q©-º”j¸¤ÝO[·g DqÏ>NõWóª Ù˜'àzÅ%û±¶*¦U1#3[€úS-´éð-úñÇ÷ߥkƒ ¦Ée6K-óY,½‰±‘%Í’«.Y|µÈ†tW”"jCš=#m_æ©S§æá†ø†ÃÃ#…E¥EÅ¥ˆ¢¨©KB†¸mûÈÌ-l|éOmü$ õ"ð]úéx´Q|ŠÆ1=>«ì,°¦¦MGG!«¢œkkëfffæ1Î÷ߌ±”t)~>IJÙpç.Wã\p JS  '>|x®-¥Ô[[ßPPXˆ4S"Ô© RÔ: "`HJñSJ—®¾Å—~¶¤‹Ôâ›°Ÿ`'HM6£šòŒåÀÀ@CCƒžØÓÓ348„¯sôèQÄ"{ J ‘ÅRE—šº!²áb– Emh:¡Ÿ˜Çæ@u 2Úœ‚øôôta1M©TRS[‚:ˆ~þ–PvÀ'ŒÈéOKü>‹^úÙƒŒ Yüäø&'fç73›)(q`gª‰

%PDF-1.6 %äãÏÒ 1 0 obj [/PDF/ImageB/ImageC/ImageI/Text] endobj 4 0 obj <</Length 5 0 R /Filter/FlateDecode >> stream xœ endstream endobj 5 0 obj 8 endobj 6 0 obj <</Subtype/Image /Width 150 /Height 150 /BitsPerComponent 8 /ColorSpace/DeviceRGB /Filter/FlateDecode /Length 7 0 R >> stream xœígx]ŵ÷!!›póá^¾¼onè á’¼¸@hƒ &6„zÁÀIè6ظɲ-˲%Y]Vï½Z½ËjVï½Ë²lÉr’ûþgÖÞsf—st$ ‰÷³=Gçì}ÊþíµÖÍ̞ùßÿ=¿ßÎoç·óÛùíüv~;¿ßÎosޞjk﬩­/.-ËÍ/ŒOLŽKHŽOŠ‰KŒŽM€EÅÄGFÇEDņGÆÀÂ"¢³sóaûË*êšpøää‘sý;þ…¶écÇúúªkëò ŠSÓ3SÒ2RR÷%§¦'¥¤'&§%$ ¥Æ'¦Ø14<*$ ,’,($ †7))-ëìꞜœ<׿òŸm;yêÔÀà`]}#\,3+7#3g_FvzFVÚ¾,Sˆx”’Ãㄤ”ø4ŽJƒÃ‚BaØ­¨¤´£³ëÌ™3çúׇ·S§N WVUçææä îeåäefç ˆY9YÙyx>'¯ûäååçåãùþ2tÎ:…œ@ASÑ? æ·7(;'ï<Ê9m_~ùåÁƒãÈP…%ŒHAˆˆpâ’â’²Òýå°XiYqÉþ¢âÒ¢Råû ê<~Ë<484BÑ×?–•Û××®OÏ·z;}útOoyE•ŽHAa10••WÂ+*À°þ…YXˆ"‡Â7‘4]÷†È}üÂ#£Tל>ï’Ú ì !tD`eåUªkkjêªkêð ê@Í7 QÄXDW¢·ïހÀ|¹cÇfÎõ™;÷ÛéÓgÚ;:C&@5µu MP/0T ç"R. ½|üaˆêǎ;×gñÜlÐ=½} "pà/56575·66µ€à· "B+4R¤[email protected]Õ\ŠçúŒ~£ÛÈÈh}}#p"õ -­íÜÚš[Zç€âyáŸèéåóðòñðdæã»72:6" ¥DtjzÆÙ@¤b)[email protected]ôôöójmm;×çõ›ØŽÍ̀b$ pÔp …@ kkïhmë°bfVNDd´¯_Àf‡­«×¬]õ—÷ædŸ­]¿~ÃfW7$ 50š+DªAWD/ß„Ääééés}Ž¿® eÂððáA–è›;;»;»z cPsÙ1'7?4,b‡³Ë~2Wd¶íãO>Å•àíãrÞ~ˆpFè$ Gq§OEeÕ¹>Ù¿Í?ÞÖÖÑÐØL8ðà»z»º{f…˜_Päãë¿æÓu6¼òÖÊ'þôâ²Wž¾ý™mö­úÏvûò«¯úú…CØ ã¯mˆyù.»\§§Ôpædkñ•,¹ò‚¯ºàÁ«/xèê–’]sÁÃ’á_z;`7ìŒCp aå@q1€&|Ùø¹[·CÙΈˆJÝ=¼‹JJq ŸkóÜNž< 4¡ÀhxddxdthxÄÄä”´›¶Áýæ©E?yðj„ì!"uí¿¿ö‚e?g¶üç.ÿÅ…»Ž›úïò_`eO‚qøC*P•&>׉åºÏ7BºÌ 184冀ˆˆzêÔésMcn®:hN!‡‚ µ±°¨dÓf ;d+8ÅO–¨à«ÔàS„Œ`=z³?üòÂÇ`×3{ÜŠÑ«Ø ;ÓQ€é/T *M|G g_üâãFŽÁa¶!Rù/ b¤’sÅÞ ø¦¦¦ETăѱƒÇ·±¾¡i»ÓN,¹þñ».yà*Åãdp‚Ú~©Àzâ¿™=yÃ…OÁ~uáa¿fö´dô^ÂØ ;ÓQ„•€M%÷J| ¸¤Nü8lÙp¶!"¢ ˆÐ9€ø폨ø†GQ±·¯ÿÐÄaØø¡ Sˆ cdÇÒ9ÅIœêhDíIÎtžý¿Ÿåö܍°ïÁž7‰í‰Cžápñ&TÐ|ä: Jî’—

hbàÛ‘ÉÎC‡xTì<:<9 ›8< ß)1Saw­Âî:pÌ}TjŒ‡uË^æöÊÿ0•Ûk·êž§hș⭚ÏÞ¨¢T½RqIž(UüɃס–Ñ8ãn÷ï4D|Ÿ#GŽ"¯A±"ßôô1dCSˆí]H"²Î¼lé L«È~GiŽ±»%/îq8Ãßþ7½À½ì%Áú춬 »Ùë£çiìü'+}é–‹š„’åy€\I”ÄW]ô3TrPÝ°Ñྋ™t™ž;„ÁËffŽ;6c ±¤´ì£×ˆ_ˆÄÂ&i•¥×hüîIbÇC¥î•[,Ôˆè¼ûíVÂîøÁ›6 ;`7ìü†Àʁ š„’%°:Ž"®rƒ ºì•§ÅÏY½fíÞÀ¨˜øY!"'BÞ 2é25…° ×DÈ­|3…˜¾/CÎz¬0®GZå×éØ1§C¨D{Y€ãNôºŠŒ¸¼uÇÅoÝyñŸ™]ò6Ù]cÏÓ>؇¨L9Ð×µ(™Wr—4áxÝ…¤sTg¼þñ»…3"¢Bº|W âÓOœ<É_? "Á?~ü„ºé É bJÖ[r•%lB<°|§cG¡Rõ8œJ ,Ö;ÜÞ…ÝÍl•£WßU÷û®‹9S…&ÞÖ‚òVö¡ŠKj9âKB²Š ú û!—=ü+¹Àm—=ƒCOœ8y® âsÏœ9ƒŠ‚ƒÃàj¦ƒÅ¯C¬DNR,Ë¥°ù4Ïwzv

<¸¿ª¢¯¿ dÒˆK\Eå scÍãÌø6:̘Ê6vp“v¦Ã‡GG¡+z{Ÿpû{¥–ãJ®]Wˆ *9ãSŠ¼a5#~2û¢ŸÉU¿ËnwkEÛ)T Nà7Ÿrúôé¶6Ö㈤(ñP&!ÊÁSÅw•Š‰OœÏßȲÞË·8„{Jø¬²£ '\Ž£;8ÓÑDÄǬö=áþ!eLŽ¯ËΨfFüüJ‹ñþËïy~¹=ÂFôbÄÆ'"1ñ)==}ˆs-­pÁnülüp#ÄŒŒ,}ðTðqÝB‰O-¼RxíÖŠÚjÆÎßȈÀGìdp4ãcãÌ*vH5ö/½dŠ²§§¿qÏG,]Êßæ5ˆT¹3òˆjø„¢6œúúšBý‰ûËʿ÷ªÆ¦–¦æ[email protected]'P±¬¼Â€ïJ->%ñ)¢gcÅíHõ  àé âÌoqÜ&ÊvV÷‘òÔãSKªV²"8«ë vÚyhVj¶iâÍò¦§¦5ûúžÄîSjáŒoßÅ"*j‘M ruºøJÔ‰¢Øwزîg4B¥š¾ŽXʺݏ«­k¨«oD¤œm#ÄаÑhÆZ]¨l_FÊSÉŠ÷½ªâ“zïÜ‚føT¹b…‘"·Ã‡›ë¯œŸÐÕ××_XXˆ ö•´"û“žÿÛ÷iœQŽ¨zˆBØP‰ÁŠýËþ•H+î{¼L!î ¡!‹ªÐKáÚÍÍ-5µõ€ J ¡2ÄŠÊ*ñ=Y›çý—+eû£¼p ´4«««KKKQ ˆñ¾ Ä÷­AdÂF)1Pìã‡?¦ªžE†»‡·)D1Œ?/¿p¡$ ç±²ªºê@ ¢ìêîÑA¬®©ñ󲥿’ÒW/HîÏ)e;Sà$ ]´ø[email protected]|ÂõLØ8…ÑáÙÌBSEYVV¶ÿþŽŽS‚ˆ-RÒ¢" ¥Nä-6BÕP,}àŠë¿[ÄR1PJ†ˆX*n¨™šš:7$ „t©¨<ˆM͝]ÝÔš-CtÚ±S–`ñóÁ«ôéïß [email protected]ÈQîøpN::;mà3u=…mjG¸ÙD‰ü[^^ˆMMMÖ ˆ[¬AdêT­_¾E‘¦"!bé¶íÎòl¢¸+ª¸¤ôì݈äN7÷`ÔoÍ–!æäækô§!~*ê‰~Åm¬~ëÖŠŇsÒÙÙi ܼ­½S±ÅÚë:{kjj©¬¨Äææf bÿ€Q §¼Ä`u"µØ0Us‹šo`Jà%–ʺg„ˆXJ÷'ú¥ª°iY ¢Ž­Ù2ÄÏÖ®·4¿þ¤òÇÏï='ÒßmL³!ý1Æر¢UU¢m‚:OÔQm±áª†%Dc,½ÿrÑÚæà¸]7ï A„IJòŠ³qC8 ®>k 6·°¶PÄ”Ôt1ÎS¦?Y¿ƒ6~jÒŸ„ïC†ïÇŸ<ÐÙÙ%)OCð”#§.l9:yT¶©#dSS_šdf9¤¥¹åÀj‚8+Á¯ŒÂæ=QìKªÆKÕâºôák/XråO¼NHxœ"|“n÷FÝqòäü;ñ¿øâÀ*)-DȨPjЖ[email protected]¡?¥ø)ÒÔáŸãûˆá»t5'¨-¬á“sÜ¬àŽªfJ“Ž­©©…J#ˆ8cöBP!¾/ Ê Q©-º”j¸¤ÝO[·g DqÏ>NõWóª Ù˜'àzÅ%û±¶*¦U1#3[€úS-´éð-úñÇ÷ߥkƒ ¦Ée6K-óY,½‰±‘%Í’«.Y|µÈ†tW”"jCš=#m_æ©S§æá†ø†ÃÃ#…E¥EÅ¥ˆ¢¨©KB†¸mûÈÌ-l|éOmü$ õ"ð]úéx´Q|ŠÆ1=>«ì,°¦¦MGG!«¢œkkëfffæ1Î÷ߌ±”t)~>IJÙpç.Wã\p JS  '>|x®-¥Ô[[ßPPXˆ4S"Ô© RÔ: "`HJñSJ—®¾Å—~¶¤‹Ôâ›°Ÿ`'HM6£šòŒåÀÀ@CCƒžØÓÓ348„¯sôèQÄ"{ J ‘ÅRE—šº!²áb– Emh:¡Ÿ˜Çæ@u 2Úœ‚øôôta1M©TRS[‚:ˆ~þ–PvÀ'ŒÈéOKü>‹^úÙƒŒ Yüäø&'fç73›)(q`gª‰


SANS Information Security Reading Room

If you’re a member of my generation living in the U.S., you may remember the Bubble Boy. His story grabbed the national consciousness and was made into a TV movie featuring John Travolta. It was a sad tale of how a boy with a severe immune deficiency was forced to live his life inside a plastic bubble to protect him from pathogens. A single breach of that perimeter could end his life.

Patching the Bubble

In a way, an organization that relies on perimeter controls for critical data protection is in a similar sensitive situation. It can be easy for attackers to breach barriers using stolen credentials or via SQL injection. On top of that, organizations need to stay competitive by having data flow through traditional boundaries, such as to the cloud and through mobile applications.

Data needs to break free of barriers so that your organization can thrive, but it must have a strong security immune system to protect it every step of the way. Data protection is not a single silver bullet; it relies on an ecosystem of security disciplines along with collaboration and expertise.

Health Care Industry Struggles With Data Protection

Vendors are often so focused on showing off product capabilities that they forget there are really compelling security issues to be solved. Their job is to bring the pieces together and show the art of the possible.

The problem of a weak security immune system really hit home for me after my health care data was breached twice in the past year. Sure, I was angry, but beyond that, I wanted to demonstrate that there is a better way to protect data and that all organizations can do better.

Out of this experience was born a real-life demonstration that we built on the cloud. To me, it’s much more effective than PowerPoint slides in demonstrating a more robust approach to data protection that leverages an integrated, layered approach to security.

Whether you work in health care or not, we can all relate to getting medical treatment — that’s where our story begins. In my upcoming tech talk, you will see how attacks occur and how a security immune system can help you detect and prevent loss of your valuable data.

The Story of Gullible Janet

prom picture of

The demo starts with Janet Stevens, patient intake coordinator at Pretty Good Health — a fictional health company, of course — who is on a break from her emergency room duties. Here’s Janet:

Janet notices an email in her inbox from a Facebook friend. She opens it and sees a photo of an adorable King Charles puppy for sale, just the kind she’s been looking to buy. She double clicks on the link, and that’s where the trouble begins. She’s been spear phished!

cute puppy that phished Janet because her prom photo was hawt.

Breaking the Attack Chain

In the demo, you’ll see how this attack and the resulting data breach could have been prevented or mitigated at a number of points in the attack chain, culminating in an integrated incident response. Like Janet, you can learn from this experience to avoid having your bubble popped.

To see the demo and to learn more about the technology behind the scenes, join me for the Guardium Tech Talk titled, “Behind the Scenes of the Security Immune System Demo: Guardium Integration Architecture” on Sept. 22, 2016.

Register Now for the Sept. 22 tech talk


Security Intelligence

An investigation into the OPM breach has been completed by the House Oversight and Government Reform committee and although the report is more than 200 pages long, experts said there were details missing.

The report paints a grim picture.

"The government of the United States of America has never been more vulnerable to cyberattacks. No agency is safe. In recent data breaches, hackers took information from the United States Postal Service; the State Department; the Nuclear Regulatory Committee; the Internal Revenue Service; and even the White House," the report begins. "None of these data breaches though compare to the data breaches of the U.S. Office of Personnel Management (OPM)."

The breaches of OPM came to light in June 2015 and the report said they involved "personnel files on 4.2 million former and current government employees and security clearance background investigation information on 21.5 million individuals" as well as fingerprint data for 5.6 million of those individuals.

The report said the loss of this data was "deeply troubling and citizens deserve greater protection from their government."

"The damage done by the loss of the background investigation information and fingerprint data will harm counterintelligence efforts for at least a generation to come," the report read. "The intelligence and counterintelligence value of the stolen background information for a foreign nation cannot be overstated, nor will it ever be fully known."

Michael Lipinski CISO and chief security strategist at Securonix, said the report lacked more detailed breakdowns of the risks to the data lost for the individuals affected.

"People will pay a price for this into the next generation. The risk to government and private organizations from the lost fingerprints alone has huge potential impacts. Security risks from the biometric use of these fingerprints are possible," Lipinski told SearchSecurity. "Does the existence of these fingerprints in the wild undermine the validity of fingerprint identification in everyday court cases? The state actors that possess the exfiltrated data will be able to create very sophisticated, very targeted phishing campaigns. I think there is a lot of potential fallout from this data loss that hasn't been well communicated to the public yet."

Richard Helms, CEO of Ntrepid, said the monitoring services offered to the affected individuals months after the OPM breach were not enough.

"The missing piece is a discussion of the fact the breach was not a theft of credit card data at a point of sale; rather it was an attack on our national security community personnel by a foreign state to benefit further collection of intelligence on them. The millions spent on credit monitoring in response are of zero benefit," Helms said. "The national security community needs to extend its security perimeter to include employees' online activity. Follow-up collection efforts or attacks from these adversaries will logically be most effective through the Internet browsers of these employees and their families. That protection can be had for a lot less money than is being spent on ineffective credit monitoring."

The report provides a detailed timeline of the attack, and reports that the first attacker (referred to as Hacker X1 in the report) gained access to the OPM network in July 2012. On March 20, 2014, US-CERT notified OPM of data exfiltration on its network and OPM. At the same time, US-CERT decided to monitor the attacker to gather counterintelligence with a fail-safe plan to shut down the compromised systems if needed to remove the hacker.

However on May 7, another hacker (Hacker X2) "established their foothold into OPM's network" using credentials stolen from a contractor to install malware and a backdoor. OPM did not identify this second hacker despite actively monitoring the first.

"As the agency monitored Hacker X1's movements throughout the network, it noticed Hacker X1 was getting dangerously close to the security clearance background information," the report reads. "The agency was confident the planned remediation effort in late May 2014 eliminated Hacker X1's foothold on their systems. But Hacker X2, who had successfully established foothold on OPM's systems had not been detected due to gaps in OPM's IT security posture, remained in OPM's system."

The gaps in OPM's security were quite wide, according to the report. The OPM Inspector General (IG) had been warning about cybersecurity deficiencies since 2005, but the report said the "absence of an effective managerial structure to implement reliable IT security policies" meant fundamental weaknesses remained. And, a 2015 IT security report from the Office of Management and Budget said OPM was one of the agencies with the "weakest authentication profiles."

"Had OPM implemented basic, required security controls and more expeditiously deployed cutting edge security tools when they first learned hackers were targeting such sensitive data, they could have significantly delayed, potentially prevented, or significantly mitigated the theft," the report read. "Importantly, the damage also could have been mitigated if the security of the sensitive data in OPM's critical IT systems had been prioritized and secured."

Igor Baikalov, chief scientist at Securonix, said this shows the OPM breach was not due to technical problems.

"What the audit shows is a systematic pattern of negligence and total disregard for information security principles and practices. Since 2007, OIG repeatedly reported grossly inadequate security management and weak governance as a foundational cause of numerous security problems at OPM," Baikalov said. "Any information security program starts with standards to adhere to, policies to comply with, and procedures to follow -- all of that was missing at OPM, and that has nothing to do with how outdated their systems were or what technology they had deployed."

Beth Cobert, acting director of OPM, who took over after the resignation OPM director Katherine Archuleta following the OPM breach, wrote in a blog post that the report "does not fully reflect where this agency stands today."

"While we disagree with many aspects of the report, we welcome the committee's recognition of OPM's swift response to the cybersecurity intrusions and its acknowledgement of our progress in strengthening our cybersecurity policies, and processes. We also appreciate the panel's willingness to work with us on these important issues and find many of the final recommendations to be useful for OPM and the Federal Government at-large," Cobert wrote. "Over the past year OPM has worked diligently with its partners across government and made significant progress to strengthen our cybersecurity posture, and reestablish confidence in this agency's ability to protect data while delivering on our core missions."

Cobert went on to detail steps the agency has taken to improve security and accountability, including the implementation of multifactor authentication (MFA) in the agency, the continuous diagnostics and mitigation program developed by the Department of Homeland Security (DHS) and DHS's Einstein 3a and the ongoing process of rebuilding and enhancing the web app system used for background investigations. Other initiatives Cobert cited included strengthening legacy systems while modernizing IT infrastructure and working with the Department of Defense "who are designing, building, and will operate the IT infrastructure for the new National Background Investigations Bureau, the OPM-based entity that will conduct background investigations for the Federal Government in the future."

The report focused heavily on how the OPM breach could have been prevented if the agency had implemented multifactor authentication and experts agreed.

"Implementation of multifactor authentication is a good suggestion, but also really just a baseline that everyone should have adopted. An attacker with control of a desktop can still leverage credentials even with two factor authentication," Lance Cottrell, chief scientist of Passages at Ntrepid, told SearchSecurity. "It is like saying an organization should patch their software and keep good backups -- it is totally generic and entry level advice, which makes it somewhat shocking that this is what they are telling an organization handling sensitive government information."

Sam Elliott, director of security product management at Bomgar, said the recommendation could have gone farther.

"I am glad to see the report make this recommendation, but I would also recommend a strong password management policy which includes frequent rotation of privileged credentials, as well as employing technology to control, facilitate, and monitor direct access to sensitive infrastructure," Elliott said. "With those three areas in place, a bad actor with stolen credentials, who is trying to gain persistence in an environment, will face significant challenges. The hacker won't be able to use traditional mechanisms to access a target in the first place, and lastly with MFA in place, even if they are able to get to a target, standard authentication will do them almost no good."

Lipinski said the recommendation of MFA, although important, "grossly misses the remaining issues."

"This was a people, process and technology failure. There was no executive level responsibility watching over security. It fell under the CIO who was not credentialed as a security professional. The people failure led directly to the process gaps," Lipinski told SearchSecurity. "The report concluded that additional talent is needed. Poor logging, insufficient tools, lack of internal hunting capability, no vulnerability management, no penetration testing and incident response activities were grossly lacking."

Lipinski added: "This was a failure at every level, people, process, technology and governance. Instead of striving for a continuous improvement model, I saw an excuse driven, 'not my fault because we have old equipment' model. The government failed to hold itself to even the lowest level of standards it places on the private sector. Lack of basic controls, lack of any discernable policies or processes, lack of incident response capabilities and lack of executive ownership over data protection all need to be addressed to prevent another occurrence. "

Next Steps

Learn more about the alleged OPM hackers being arrested by the Chinese government.

Find out how the Cybersecurity Strategy and Implementation Plan aims to improve government security.

Get info on the costly changes needed for the Einstein government cybersecurity system.


SearchSecurity: Security Wire Daily News

As Britain prepares to leave the European Union, privacy professionals on both sides of the ocean may find their...

lives becoming more complicated. The Brexit referendum leaves the U.K. in tumultuous state as the world waits to see how the exit proceeds. Britain may now have to negotiate new, separate agreements both with the EU and the U.S., requiring that international companies comply with multiple sets of data privacy regulations.

This turmoil creates changes for organizations on both sides of the Atlantic Ocean. U.S. and EU companies will need to quickly adapt to the changing U.K. privacy environment and be prepared to approach U.K. privacy issues separately than those of EU member states. British companies will need to come up to speed on their "less favored" status when they suddenly find themselves outside of the EU privacy umbrella.

Data sharing agreements

On October 6, 2015 the European Court of Justice invalidated the EU-U.S. Safe Harbor agreement on the grounds that the agreement allowed American government authorities to gain routine access to Europeans' online information. This led to one of the new data privacy regulations, the EU-U.S. Privacy Shield framework for transatlantic data flows, which imposes stronger obligations on companies handling Europeans' personal data. This framework was an attempt to restore business as usual and, if it passes, it will restore the flow of information between EU and U.S. entities.

If Britain leaves the European Union, it will find itself outside of the Privacy Shield agreement negotiated between the EU and the U.S. If the U.K. chooses to continue to apply privacy protections similar to those currently used in data privacy regulations in the EU, the U.S. and the U.K. will need to adopt a separate agreement, which may wind up being modeled after the Privacy Shield. This uncertainty will put a significant burden on businesses seeking to expand operations within the U.K.

What will happen with GDPR?

The new EU General Data Protection Regulation (GDPR) is also due to come into force in 2018. Companies around the world were already preparing to comply with the GDPR throughout the EU and will now need to see how changes in British law affect those efforts. There are two likely courses of action for the U.K. First, Britain could decide to simply adopt the GDPR framework, independently of the EU. Second, the U.K. could decide to develop its own data privacy regulations or framework. Either way, there will likely be changes afoot.

Organizations working with the private information of U.K. residents should adopt a wait-and-see attitude on this issue. There are simply too many changes ahead to make any other response reasonable. Proceeding with GDPR compliance efforts seems to be a prudent strategy, especially for organizations that must comply with the data privacy regulations in other EU member states. Britain's departure from the EU won't take place for at least a couple of years, preserving the status quo from a regulatory perspective. The eventual withdrawal will leave many regulatory gaps, affecting many more issues than data privacy, and the U.K. will need time to react. Organizations should therefore still closely watch the unfolding of Britain's exit from the EU, but there is little action to be taken from a cybersecurity perspective in the immediate future.

Next Steps

How to stay compliant in life after Safe Harbor

Find out how regulators feel about Privacy Shield

Learn why some experts think Privacy Shield is imperfect and incomplete

This was first published in August 2016

PRO+

Content

Find more PRO+ content and other member only offers, here.


SearchSecurity: Security Wire Daily News

A stolen cache of files that may belong to the National Security Agency contains genuine hacking tools that not only work, but show a level of sophistication rarely seen, according to security researchers.

That includes malware that can infect a device's firmware and persist, even if the operating system is reinstalled.  

[ Watch out for 11 signs you've been hacked -- and learn how to fight back, in InfoWorld's PDF special report. | Discover how to secure your systems with InfoWorld's Security newsletter. ]

"It's terrifying because it demonstrates a serious level of expertise and technical ability," said Brendan Dolan-Gavitt, an assistant professor at New York University's school of engineering.

He's been among the researchers going over the sample files from the cache, after an anonymous group called the Shadow Brokers posted them online.

Allegedly, the files were stolen from the Equation Group, a top cyberespionage team that may be connected with the NSA.

The Equation Group likely helped develop the infamous Stuxnet computer worm, and is said to have created malware that can be impossible to remove once installed.

Already, researchers have found that the hacking tools inside the sample files target firewall and router products and do so by exploiting software flaws -- some of which could be zero-day vulnerabilities or defects that have never been reported before.

On Wednesday, Cisco confirmed that the sample files did contain one unknown flaw that affects the company's firewall software, and a patch has been rolled out.

Other affected vendors including Juniper Networks say they are still studying the matter, but more patches will likely come.  

Brian Martin, a director at Risk Based Security, has been studying the sample files as well and said they also target possible zero-day vulnerabilities in Chinese products, including those from firewall provider Topsec.

However, the hacks may not be as dangerous as researchers initially feared. For instance, the exploits found within the samples rely on having direct access to the firewall's interface, which is normally restricted from outside Internet users, Martin said.

"The exploits are still useful, but they're not what people dreaded," he added.  

Nevertheless, the hacking tools probably weren't easy to develop. Within the sample files are also pieces of malware that can target a computer's firmware called the BIOS, Dolan-Gavitt said.

"The BIOS is the first piece of code that runs when a system boots, and so it has control over everything else," he added.

As a result, any malware installed on the BIOS, will continue to persist even if the computer's operating system is reinstalled. That can make it particularly useful to spy on a computer's network traffic or inject new data.

However, to develop malware, the creators would have needed detailed knowledge on the hardware, Dolan-Gavitt said. Normally this isn't made publicly available, so the creators may have resorted to reverse-engineering.

The BIOS malware appears to affect Cisco products, but on Wednesday the company said that it had already patched the issue through its Secure Boot startup process.


InfoWorld Security