Data deluge obscuring real cyber threats warns SAS

Australian businesses are drowning in a deluge of cyber security data, causing genuine threats to get lost in a sea of false positives, a top executive at multibillion-dollar business intelligence, analytics and data management firm SAS has warned.

In Melbourne last week to visit Australian clients, SAS cyber security vice-president Stewart Bradley said his company had joined the pantheon of vendors selling security services, as it believed greater use of analytics was required to analyse the unfathomable amount of threat data being generated.

“Organisations have largely tackled the security challenge through many different solutions that solve only small fractions of the problems they face,” Mr Bradley said.

“They have created a patchwork quilt of solutions … now they’re trying to get a better understanding of where their greatest risks are, and need a holistic view.”

Mr Bradley has spearheaded the growth of SAS’ cyber security division since it launched its first cyber security software suite in November last year.

SAS is one of the world’s largest private software firms and dedicates about a quarter of its $4.1 billion of revenue to research and development. It is poised to start offering its cyber security technology in Australia for the first time at the end of the year.

Its technology works by analysing how a machine should behave, thereby more accurately detecting significant security threats, even when the attack uses new security flaws or methods.

SAS will be targeting its Australian financial services clients, including the big banks, which already use SAS’ fraud detection software.

Converging threats

Mr Bradley said that in the past five years the threat to banks had transformed from one where individuals’ accounts were being fraudulently taken over, to mass compromises of user information and the sale of that on the dark web.

“The ecosystem of fraud and cyber has converged over the last five years. Now we’re seeing cyber events … where the ultimate monetisation of the breach is fraud,” he said.

“One of the biggest issues is that the environment is changing so rapidly from an attack perspective. All organisations are struggling to keep up … and the proliferation of bring-your-own-devices and the internet of things is eliminating the perimeter that was around organisations.”

Already the big four banks are said to be spending up to $100 million on cyber security measures each year and late last year Commonwealth Bank of Australia director Harrison Young said there was “approximately no chance that banks or even armies could keep hackers out of their systems”.

Mr Bradley said businesses would always be behind the cyber criminals, but by changing the approach to detecting cyber criminals to one that was less reliant on humans and more driven by computer analytics, it was possible to minimise their head start.

“We’ll always be in a situation where we’re trying to keep up with the cyber criminals. That’s the reality of the game we’re playing,” he said.

“Historically the protection of an organisation’s corporate assets has been focused on building a thicker and wider moat, but that’s no longer valid with the connectedness we have through the internet of things. It is shifting what organisations are doing from protection, to detection and response.”

Sector consolidation

The cyber security sector has become a hot spot for investors in recent times, leading to the creation of numerous players in the space.

Mr Bradley said that in 2015 more than 125 new cyber security vendors entered the market, and he tipped a consolidation of the sector.

“When the older players in the market are developing enterprise security platforms that allow integration across an organisation’s ecosystem, that’s what will drive vendor consolidation,” he said.

“Our role is to be the analytics fabric that can support the integrated security platforms to be able to make sense of the data that is being shared.”

By: Yolanda Redrup

Posted On: http://www.afr.com/technology/web/security/data-deluge-obscuring-real-cyber-threats-warns-sas-20161108-gskham

 

Brisbane Hosting & Website Hosting’s products and services include Website Hosting, Domain Names, DNS Services, Website Development, Website Design, Website Revamps, Website Maintenance, Social Media Campaigns and more.

Contact Brisbane Hosting on (07) 3889 2977 or via email info@brisbanehosting.com.au for further information and quote today.

Google Puts Repeatedly Dangerous Websites on Notice

Web giant tries to fill the protection gap created when malicious sites clean up their act just long enough to ditch the Safe Browsing warning.

Google has added a new classification to its Safe Browsing initiative to better protect users from malicious websites trying to game the system.

Google’s Safe Browsing warns users when they are about to visit a website known to violate the web giant’s policies on malware, unwanted software, phishing or social engineering. The warning appears until Google verifies that the site in question no longer poses a threat to users. But some sites are only cleaning up their act just long enough to shake the warning, and then returning to their harmful behavior.

That gap in user protection led Google to create a new label to warn users of sites that engage in this pattern.

“Starting today, Safe Browsing will begin to classify these types of sites as “Repeat Offenders,” Google explained in a company blog post Tuesday. “Please note that websites that are hacked will not be classified as Repeat Offenders; only sites that purposefully post harmful content will be subject to the policy.”

Once classified as a “repeat offender,” sites will not be allowed to request a review for 30 days. During that time, users will continue to see messages warning them of the risk involved in visiting the site.

Google has added a new classification to its Safe Browsing initiative to better protect users from malicious websites trying to game the system.

Google’s Safe Browsing warns users when they are about to visit a website known to violate the web giant’s policies on malware, unwanted software, phishing or social engineering. The warning appears until Google verifies that the site in question no longer poses a threat to users. But some sites are only cleaning up their act just long enough to shake the warning, and then returning to their harmful behavior.

That gap in user protection led Google to create a new label to warn users of sites that engage in this pattern.

“Starting today, Safe Browsing will begin to classify these types of sites as “Repeat Offenders,” Google explained in a company blog post Tuesday. “Please note that websites that are hacked will not be classified as Repeat Offenders; only sites that purposefully post harmful content will be subject to the policy.”

Once classified as a “repeat offender,” sites will not be allowed to request a review for 30 days. During that time, users will continue to see messages warning them of the risk involved in visiting the site.

By: Steven Musil

Posted on: https://www.cnet.com/au/news/google-puts-repeatedly-dangerous-websites-on-notice

 

Brisbane Hosting & Website Hosting’s products and services include Website Hosting, Domain Names, DNS Services, Website Development, Website Design, Website Revamps, Website Maintenance, Social Media Campaigns and more.

Contact Brisbane Hosting on (07) 3889 2977 or via email info@brisbanehos

Risky online behaviour due to security fatigue: study

Security fatigue is causing computer users to indulge in risky behaviour, both in computing and their personal lives, a study by the US National Institute of Standards and Technology claims.

The study came to this conclusion after an analysing data from a qualitative study on computer users’ perception and their beliefs about cybersecurity and online privacy. (The study can be downloaded here after payment.)

Those interviewed ranged in age from 20s to 60s, and were from urban, suburban and rural areas. They were employed in a variety of jobs.

The study defined security fatigue as a weariness or a reluctance to deal with issues of computer security.

The study, published in the IEEE’s IT Professional, looked at computer use in the workplace and home. There was a specific focus on online activity, including shopping and banking, computer security, security terminology, and security icons and tools.

Cognitive psychologist Brian Stanton, a co-author of the study, said: “The finding that the general public is suffering from security fatigue is important because it has implications in the workplace and in people’s everyday life.

“It is critical because so many people bank online, and since health care and other valuable information is being moved to the internet.”

“If people can’t use security, they are not going to, and then we and our nation won’t be secure.”

The study found that most average computer users felt overwhelmed and bombarded, and got tired of being on constant alert, adopting safe behavior, and trying to understand the nuances of online security issues.

It said that when users were asked to make more computer security decisions than they are able to manage, they experienced decision fatigue, which leads to security fatigue.

The study concluded that this weariness could lead to feelings of resignation and loss of control. This, in turn, could lead to avoiding decisions, choosing the easiest option among alternatives, making decisions influenced by immediate motivations, behaving impulsively, and failing to follow security rules.

The study said there were three ways to ease security fatigue and help users maintain secure online habits and behavior. They are:

  • Limit the number of security decisions users need to make;
  • Make it simple for users to choose the right security action; and
  • Design for consistent decision-making whenever possible.

By: Sam Varghese

Posted on: http://www.itwire.com/home-it/75169-risky-online-behaviour-due-to-security-fatigue-study.html

 

Brisbane Hosting & Website Hosting’s products and services include Website Hosting, Domain Names, DNS Services, Website Development, Website Design, Website Revamps, Website Maintenance, Social Media Campaigns and more.

Contact Brisbane Hosting on (07) 3889 2977 or via email info@brisbanehosting.com.au