Month: September 2017

The CYBERSEC Forum is a two-day event engaging 130 speakers and more than 1,000 delegates from all over the world.

On 9–10 October 2017 ICE Krakow Congress Centre will welcome delegates to the 3rd European Cybersecurity Forum – CYBERSEC 2017, one of the most important conferences of this kind in Europe. The event will gather policy-makers, leading industry experts, global private sector leaders, investors and technology startups. The aim of the Forum is to develop practical and innovative solutions to strengthen cybersecurity in the European Union and NATO.

Strengthening the capacity to prevent cyber attacks is becoming one of the growing problems within the European Union. Only in the last four years, the economic impact of cybercrime has risen fivefold.

According to the European Commission President, Jean-Claude Juncker, despite the progress Europe have made in recent years, we are still not prepared enough to face growing cyber threats and it is imperative to create new tools to increase network security.

Cooperation at the international level is crucial in order to tackle cybercrime. The solutions proposed by the European Commission are enclosed in the new Cybersecurity Act (includes new EU Cyber Security Agency, new European certification scheme). They will become also the main topic for the discussion taking place in the coming months in Brussels.

The CYBERSEC Forum Conference is gathering the largest number of top cybersecurity professionals in the world and is becoming an important part of the debate on the key challenges and cyber threats facing the European Union.

The conference organised by the Kosciuszko Institute will gather professionals for drafting government and corporate cybersecurity policies. Among the conformed conference speakers are Melissa Hathaway – former cybersecurity advisor in two U.S. presidential administrations of George W. Bush and Barack Obama; Sir Julian King – European Commissioner for the Security Union; Michael Chertoff – former Secretary of the U.S. Homeland Security; Ambassador Sorin Ducaru – NATO Assistant Secretary General for Emerging Security Challenges; Marietje Schaake – member of the European Parliament (ALDE), founder and member of the Digital Agenda Intergroup in the EP; Ambassador Marina Kaljurand – Chair of the Global Commission on the Stability of Cyberspace and former Minister of Foreign Affairs of Estonia; J?nis S?rts– Director of the NATO Strategic Communications Centre of Excellence; Jan Neutze – Director of Cybersecurity Policy at Microsoft EMEA; Alastair Teare – CEO of Deloitte Central Europe.

The organisers of CYBERSEC Forum have scheduled more than 80 panel discussions, workshops, presentations and special events. As in previous years, the debates will be held around four thematic streams: State, Defence, Future, and Business. This year, invited experts will discuss the main challenges of digital transformation and its impact on the key social, political, and economic processes related to national security. The main takeaway points of these debates will be used to formulate recommendations aimed at fostering Europe’s economic development and strengthening the EU’s position in the global cybersecurity market.

The main topic of discussions in the State Stream will be activities carried out in cyberspace such as disinformation, manipulation, or provocation, which constitute a growing threat to the foundations of democracy, such as election processes.

The Defence Stream will focus on issues related to the building of NATO’s cyber defence capabilities, including the deployment of new technologies in the defence sector and robotization of the battlefield.

The leading theme of the Business Stream, which end consumers should find particularly relevant, will be the cybersecurity of the Internet of Things and the question of responsibility for user safety that rests with the suppliers of IoT solutions. The discussions will also address the security of key sectors comprising critical infrastructures, particularly the healthcare sector, and the challenges arising from the implementation of the NIS Directive.

The Future Stream will concentrate on the opportunities and risks resulting from the increasingly widespread use of new technologies such as artificial intelligence, as well as numerous discussions on improving business innovation. The problem of privacy of network users will also be given attention.

CYBERSEC Forum will also have a special startup zone – Innovation Stage. The space will be open for business to hold debates, networking sessions and interviews with investors, innovators and business leaders throughout the two-day conference. Innovation Stage is part of the CYBERSEC HUB project initiated by the Kosciuszko Institute during last year’s CYBERSEC Forum edition. The initiative reflects the think-tank’s long-term commitment and its integrated approach to strengthening the sector of cybersecurity products and services and supporting the most innovative startups in their expansion into foreign markets.

During the conference,  an international agreement will be signed between centres of innovation in cybersecurity. It will mark the launch of first of its kind, global collaborative platform of 14 centres called Global Ecosystem of Ecosystems Platform in Innovation and Cybersecurity (EPIC). Representatives of cyber innovation ecosystems from 10 countries will take part in a joint press conference accompanying the inauguration of the EPIC dedicated portal. The Kosciuszko Institute is one of the parties to the agreement.

The CYBERSEC Forum is an annual conference dedicated to strategic aspects of cybersecurity in Europe. The event acts as a collaborative platform for governments, international organisations, and key private sector organisations. Concise Courses has honoured the first edition of the CYBERSEC Forum by ranking it among the top five cybersecurity conferences to attend in Europe.

Watch the preview of the upcoming event: https://www.youtube.com/watch?time_continue=2&v=pNzpJIowGJ4

Find out more here: https://cybersecforum.eu/en

(72)

InfoSecurity Russia 2017 held on September 19-21 in Moscow, Russia has been a smashing success with 6445 visitor registrations and over 11500 pre-arranged meetings!

Our team was pleased to gather a professional club of executives and technical specialists, manufacturers of profile products and developers of unique software, representatives of state regulatory bodies and leading enterprises of the country under one roof.

Who was with us?

The festive atmosphere of communication and business cooperation was created by our sponsors and partners: CROC, Norilsk Nickel, RNT, Rostelecom, UTsSB, FinCERT of The Russian Central Bank, Aquarius, Avast Software, Cisco, Citrix, Hewlett Packard Enterprise, Radware, STEP LOGIC, SuperWave.

What was discussed throughout these days?

InfoSecurity Russia conference sessions have been extremely popular these three days! An outstanding line-up of experts addressed the industry’s hottest challenges and topics.

The program featured various conferences, round tables, plenary sessions, workshops and seminars in four different conference rooms.

Industrial sector day was devoted to the protection of infrastructure of the critically important facilities, industrial Internet of things, modern processing infrastructures and data protection.

Among the hottest topics and discussions of the Financial security day were: the suppression and investigation of incidents in the credit and financial sphere, the counteraction to DDoS attacks, the evolution of security: from natural exchange to blockage, the Internet of things on financial markets, information security at retail enterprises & biometric technologies.

At the Technology Day professional society spoke about investment in technology, SOC vs SIEM and modern firewalls.

New at InfoSecurity Russia: leading manufacturers from China demonstrated innovative solutions and shared the experience of Asian brands!

Workshops from global experts:

Pseudonymisation, Easier Said than Done?  Simon Keates, THALES

Cybersecurity Getting the Business Engaged, Allan Boardman

Analytics of cybercrime: algorithms, Manjula Sridhar, ArgByte

Live Hacking: how hackers hack your systems, Sebastian Schreiber, SySS

DDoS-attacks and cybercrime Allan Guillen, Level 3 Communications

Video interviews with the industry’s leading specialists and thought-leaders will be available very soon!

Thank you so much for making the show a fabulous event this year. We hope you’ve had a fun, informative and productive time. See you at InfoSecurity Russia 2018!

(83)

Cyber Security Challenge UK has launched a brand new charity, the Cyber Challenge Foundation, which aims to support accessibility and diversity in cyber security, with an emphasis in supporting those from a disadvantaged background.

Launched in memory of Cyber Security Challenge UK’s late chief executive, Stephanie Daman, the Foundation aims to fulfil her vision of creating a support system for individuals across the UK who may be looking to learn cyber security but do not have the means to do so. The Foundation will provide grants towards the provision of education, training, mentoring and hardship relief across the country.

With a predicted shortfall of 1.8 million skilled cyber security workers by 2022, the industry is crying out for talented individuals to consider cyber security as a viable career path. Yet, in the UK, there are still millions of adults who do not have even the most basic digital skills, through the absence of technology and internet access, lack of education and insufficient funds. Earlier this year the Government’s Digital Skills Strategy Report highlighted that one in ten adults have in the UK have never even used the Internet.

By providing better accessibility to the industry, the Cyber Challenge Foundation seeks to promote better diversity within the cyber security profession. According to industry association (ISC)², only 11% of the UK cyber security workforce is female (7% global average) and only 12% are from ethnic minorities. There are also clear correlations with geographical location and the likelihood of possessing digital skills, according to a report by Ipsos Mori.

Nigel Harrison, acting Chief Executive at Cyber Security Challenge UK said: “At the Challenge we are continually working to encourage diversity throughout the cyber security industry. It was Stephanie’s vision to expand this work and provide real help to those who struggle to find support in the usual places. Diversity increases creativity, productivity and culture, and at a time when the cyber security threat continues to grow, making this sector more accessible is a logical and much-needed step.”

Cyber Security Challenge UK will raise capital for the Foundation through corporate sponsorship, fundraising events and private donations with the first fundraising evening, in partnership with BT, taking place during the Challenge’s Masterclass competition on Monday 13^th November.

For more information about the charity, applications to grants and how to donate please contact foundation@cybersecuritychallenge.org.uk.

(83)

The security of biometrics technology is in the spotlight and stakeholders must take a balanced view on its strengths and vulnerabilities, says Isabelle Moeller, Chief Executive, Biometrics Institute. As deployments proliferate, the technology’s credibility rests on the industry’s will to collaborate globally.  

The Oxford English Dictionary offers two definitions for the verb ‘spoof’: ‘To make (something) appear foolish by means of parody; to send up’ and ‘To render a system useless by providing it with false information.’

Sadly, where the spoofing of biometric security technologies is concerned only the latter applies and there is little to laugh about. The recent rise of biometrics deployments in consumer services has confirmed spoofing as a vulnerability that needs careful management. A wide variety of specialist interest groups, friendly and otherwise, make it their mission to expose the limitations of each solution brought to market. Indeed, detractors routinely use high profile failures to suggest that biometrics as a mode of security is just too risky a business to be worthwhile. They are wrong.

It’s the system, man

As with all flavours of security technologies, the weak points in biometrics have spawned a race between those creating and applying the solutions and those seeking to undermine them. As new solutions are launched weaknesses are identified, and countermeasures developed.

In May, a BBC reporter, with the aid of his twin brother, ‘cracked’ a high street bank’s voice recognition system, proving the insecurity of the system. The weak point here, however, stemmed more from how the solution was implemented than from a failing of the recognition technology itself. All biometric systems have some vulnerabilities (it’s worth noting that the iPhone’s fingerprint sensor was successfully hacked just a week after launch). What matters is how these vulnerabilities are mitigated.

In general, there are two factors that determine how effective a biometric solution is, and both require some trade-offs to before a useable solution can be reached.

Firstly, the solution is only as good as the biometric data it enrols and then recaptures each time the user authenticates. The recaptured ‘image’ can be impacted by myriad factors depending on the mode being used. Ambient noise can interfere with voice recognition, for example, eyelashes can obscure an iris image, varying skin conditions can impact fingerprints and so on.

Secondly, the matching process also depends on how tightly the solution’s parameters are set. Insisting on too high a degree of similarity between the stored and presented image creates too many ‘false negatives’, where the genuine user is denied access, and the system rendered unusable.

It’s also worth remembering that a hacker never needs to replicate an individual’s biometric image absolutely, they need only replicate enough of it to fool the system. So, if the matching process isn’t rigorous enough then ‘false positives’ result, where fraudulent users are granted access and the point of the system is defeated.

There is always a balance to be struck. How should the system conclude that it has sufficient verifiable data to confirm the user’s identity?

Horses for courses

The choice of biometric modality has a big impact here. The variations between different biometrics mean that some are better suited to particular use-cases than others. Fingerprints, for example, leave a latent image on the data capture surface, which make them excellent for criminal identification. That said, the latent image itself can be copied, replicated and used in a spoof attack. Irises, on the other hand, leave no replicable trace making them far less useful in criminal applications. Thanks to the social sharing revolution, digital pictures of people’s faces are in very easy supply, particularly in developed countries, meaning that facial biometric solutions have to work harder than ever to verify their subject, using 3D mapping and liveness detection techniques.

The technologies are responding. In the near future, the use of new, cheaper multispectral sensors (which simultaneously capture multiple biometric images within a narrow spectrum) will greatly improve the industry’s ability to detect false biometrics. In automated border control systems that use face recognition, for example, infrared sensors can now determine if a mask is being used.

High stakes, getting higher

The growing popularity of iris and voice recognition systems present fresh challenges. Siri, Cortana and Alexa are all gaining serious traction, and when banking and payment apps start to use iris recognition to grant access to the user’s account, the stakes rise significantly, and the motivations of the thieves will surely step up accordingly.

Although improving spoof detection is important, trying to chase a perfect anti-spoofing technique for any biometric is a fool’s errand. Try as the industry might, it cannot prove a negative; it can never say that a capture device is completely fool proof, simply because it can’t be tested against the unlimited universe of current and future spoofing techniques.

With facility comes responsibility

In terms of the end-user experience, biometrics are terrific; they are fast, convenient, reliable and, arguably, are untouchable by any other consumer-facing security technology today. Indeed, the facility enabled by biometrics is driving mass deployments across a host of devices and services; something that is bound to continue, despite its vulnerabilities.

This all adds up to an important point. A single biometric solution is not a ‘silver bullet’ and, in many cases, should be deployed as a factor in a multifactor authentication solution – one that is carefully designed and parameterised to mitigate the risks of failure associated with the use-case to which it is applied.

To this end, biometrics’ credibility, together with the security of those that use its technologies, will be determined by the industry’s ability to identify – and adhere to – best practice.

While the legal framework and policy creation for biometric data privacy remains a matter for lawmakers, commercially independent guiding principles for the design, deployment and operation of biometric technologies already exist. They are the product of international collaboration between academics, governments, vendors and other key stakeholders at the Biometrics Institute.

Only by sharing live deployment experiences, establishing guiding principles, creating best practice guidelines and promoting the responsible use of biometrics globally, can the industry truly claim to be representing the interests of end-users. Biometrics may be perfect, but our use of them is not. As the adoption of biometric technologies continues to accelerate, it is our collective responsibility to ensure we strike the right balance between delivering a great user-experience and mitigating security risks along the way.

(120)

New research by data security company, Clearswift, has shown that year on year cyber security incidents, particularly insider threats; continue to rise, but that companies are able to spot suspicious activity significantly quicker than two years previous.

The research, which surveyed 600 senior business decision makers and 1,200 employees across the UK, US, Germany and Australia, has revealed that threats from an employee – inadvertent or malicious – make up 42% of incidents, a number that has increased from 2015 when 39% of incidents originated from inside an organisation’s network.

When looking at the extended enterprise – employees, customers, suppliers, and ex-employees – this number reaches 74%, compared to 26% of attacks from parties unknown to the organisation. In 2015, 33% of attacks were carried out by unknown parties, so this proportion is falling, which may seem surprising given the recent swathe of high profile attacks, such as WannaCry, which affected over 230,000 computers.

While it is more likely that an incident will occur internally, large-scale external threats are more likely to encourage companies to add cyber security to the boardroom agenda, with 29% of UK businesses now adding cyber security to the boardroom agenda following the high profile attacks in recent months.

Although internal threats pose the biggest threat to most organisations, employers believe that the majority (65%) of incidents are accidental or inadvertent rather than deliberate in intent; this remains unchanged over the past three years and highlights a critical need for better security education within most organisations. This is particularly relevant, as most businesses believe their critical data predominantly lies in non-technical departments, such as finance (55%), HR (45%) and legal or compliance (43%).

Dr Guy Bunker, SVP Products at Clearswift, said: “As GDPR approaches, every department in a business will need to recognise the potential security dangers associated with the data they use. Businesses may fall victim to the frenzy around high profile attacks and organisations may be quick to look at threats outside the business but, in reality, the danger exists closer to home. The blurring lines between personal and work-based technologies has led to an unabated rise in the insider threat.

“A reactive policy of blocking technologies may prove futile as users will inevitably find a work-around. Educating employees about how to safeguard critical information, motivating employees to care more about the ramifications of a breach, and increasing investment in Data Loss Prevention (DLP) tools are the biggest priorities needed to minimise the risk of internal security breaches.

“Being a responsible data citizen will also require organisations to look at the way in which partners or suppliers hold and share information, as breaches within the extended enterprise could also lead to heavy fines for the originating business.”

40% of organisations state that they have seen the frequency of security incidents increase in the last 12 months, however, the increase is happening at a slower rate than the previous two years. Despite the risks, organisations are becoming quicker at spotting incidents on the network, with more than half (52%) spotting an issue within an hour, compared to only a third (34%) two years ago.

(209)

Amateur ethical hackers take over CCTV cameras and internet connected toys in cyber contest

On Friday evening, NCC Group and Cyber Security Challenge UK ran a competition which saw 25 extraordinary codebreaking amateurs from across the UK battle each other to ethically hack common Internet of Things (IoT) devices, including remote controlled cars, CCTV cameras and even children’s dolls.

The competition was designed to find and nurture the UK’s best hidden cyber security talent and help them secure careers in cyber security; plugging a critical skills gap in the information security industry. (ISC)², the world’s largest independent body of information security professionals, predicts a global shortfall of 1.8 million workers by 2022 if current employment trends continue.

Created by NCC Group, the competition saw contestants hacking into real security flaws that NCC Group’s team have exposed in these products during its world-leading research. This scenario demonstrates how hackers could use everyday consumer IoT products as a gateway to steal personal information and even turn them into spying and eavesdropping devices.

The 25 contestants played the part of a cyber security consultancy team, hired by a fictitious global media company following the appointment of a new Chief Executive Officer. Known for his divisive media persona, the company’s cyber security team were concerned that he may be the target of criminal hacking gangs looking to gain access to data and information that could be used against him and his company.

Contestants were asked to adopt the role of ethical hackers and break into IoT devices within his home, documenting they ways in which hackers could use them to access his private data. Assessing the candidates were professionals from security organisations across the country. They monitored the strength of their technical skills, including penetration testing and network analysis, as well as their soft skills, such as communication and teamwork. These are all traits that are highly sought after in the cyber security profession.

The winning team was team Tommy Flowers, named after the man who built the world’s first programmable computer, which consisted of: Steven Eccles, Syed Hasan, Waldo Woch, Michael Yonli and Kajusz Dykiel.

The individuals who have qualified for Masterclass include: Arran Thomson, Josh Hadland, Justin Rowley, Harvey Stocks, Michael Yonli and Buster Parr.

The competition was the fourth of five face-to-face semi-final rounds in Cyber Security Challenge UK’s 2017 programme. This year’s competitions have mirrored cyber threats in the Internet of Things, which resemble real-life threats and incidents. In October last year for example, millions of IoT devices like cameras and routers were hacked and turned into a large botnet that took down popular services like Twitter and Netflix, highlighting how vulnerable these devices can be and the disastrous that these vulnerabilities can have, far beyond the home, or business environment in which they are operating.

The top performers from NCC Group’s competition have been invited to the Masterclass grand final in November where they could be offered highly lucrative jobs that average around £60,000 per year after training and experience. For those looking to secure a coveted place in the competition, there is still an opportunity, with the final qualifiers of the year open on the Challenge’s CyPhinx (Play on Demand) system until 15^th September.

Colin Gillingham, Associate Director at NCC Group said:

“Our research shows that several IoT devices have found their way to market with inherent cyber security flaws in them, opening the door for hackers to target individuals and their private information. Our competition was designed to show that these devices can be used by hackers to get access to not only homes but businesses as well. By supporting the Challenge, we’re committed to growing the next generation of cyber security professionals, protecting society from potential cyber threats both now and in the future.”

Nigel Harrison, acting Chief Executive of Cyber Security Challenge UK said:

“As our homes and daily lives become more internet connected, we open ourselves up to an extraordinary number of potentially damaging vulnerabilities. With an estimated 80 billion devices connected to the internet by 2025, we need more people than ever to protect our personal and professional data, and to keep our country safe and secure. The Challenge is working with partners such as NCC Group to inspire talented individuals to choose this career path and to ensure that our competition scenarios mirror those tasks professionals face each day.”

(231)

11-12th October 2017

Chicago, USA.

The Manusec summit will bridge the gap between the process control and corporate IT senior level professionals, allowing them to discuss challenges, critical issues and debate best practice guidelines. 

As the manufacturing sector continues to embrace innovation in technology, it exposes itself to a widening array of cyber threats. To properly face cyber risk in the 21st century, organisations must engage all levels from the executive board down, to collaborate and establish best policies to protect key assets.

It will be these policy frameworks and best practice case studies that form a key part of this years agenda. Returning to Chicago this fall, this innovative summit comes at a critical juncture for American manufacturers, who are suffering heavy losses through frequent cyber attacks and increasingly complex phishing schemes.

ManuSec Summit 2017 will bring together a senior delegation of 120+ manufacturing leaders from across the United States and further afield for a packed agenda. Exclusive keynote sessions from top industry leaders present new ideas and different perspectives, whilst interactive panel debates offer delegates the chance to benchmark and discuss differing approaches to today’s challenges. 

For more information please visit: https://www.manusecevent.com/usa 

Or register online for 20% Off with Discount code: DFM20

(88)

9-10 October 2017

Abu Dhabi, UAE

www.digitalforensicsgcc.com

Digital Forensics & Analysis Summit GCC is a specialized summit that will take place on 9-10 October 2017 in Abu Dhabi, UAE. This event will provide a GCC based platform for law enforcement, defense, border authorities, regulators, government and the private sector to meet and discuss best practice and leading-edge solutions for acquisition, examination, analysis and reporting for digital forensics and digital forensic evidence.

(137)

LOCATION Hamburg,Germany                     

DATE September 27th-29th,2017        

D3 digital, design and development exhibition (2017) bases on the background of the G20 Summit held successfully and having brought a series of business opportunities and development to organize domestic large quantities of strong enterprises and show high-grade series of products in order to promote bilateral economic and trade. D3 will be the best platform in trade through which Chinese electronic technology, digital products, intelligent manufacturing industry lead enterprises to Europe. 

The latest data from the Federal Statistical Office of Germany shows that the trade volume between China and Germany in 2016 reached 170 billion euros, hitting a historical high in the record of bilateral trade between the two countries. China has for the first time surpassed the U.S. and France to become Germany’s largest trading partner. 

The growing trade volume between China and Germany is a sign of strong economic cooperation–especially notable given the current global economic slowdown, as well as the trends of anti-globalization and protectionism. 

Germany has made great gains in its exports over the last year, with a favorable balance of trade settled at 252.9 billion euros. The country has maintained a healthy development of trade with other nations in the European Union, while its exports to countries outside the region have shrunk due to the sluggish global economy and regional political instability. 

China-Germany trade has experienced rapid development since China’s entrance to the WTO. China’s economic transition toward sustainability, as well as a consumption- and innovation-driven growth pattern, means huge opportunity for German enterprises, Germany’s Federal Foreign Office previously said in a statement. 

Hao believes that Germany and China are both beneficiaries of free trade. Enhancing trade and investment in an equal business environment will create more jobs for the two countries, bringing new opportunities to small and medium sized enterprises especially, he stressed.

2017 Digital,Design and Development Fair as a pioneer team of overseas exhibition we response to accelerate the development of trade and committed to building national exhibition platform by State Council. We are committed to promote “Made-in-China” trend towards the world. 

To strengthen international exchanges and cooperation and improve their innovative capacity and technology. 

With exhibits, profile covers, Digital products, Design&Design products, Development products, Display Technology category, PV electronics,The key components of the smart device category etc. 

Exhibition Hall 

New HMC- onto the world stage 

Hamburg international exhibition center – in the center of Hamburg. Hamburg has perfect 

infrastructure, and the geographical position is superior. It is located in the heart of Hamburg. 

Hamburg exhibition center has convenient traffic two main railway station, three S – Bahn and 

U light rail station and highway connection point. Only a few minutes to walk to port. Hamburg, 

is widely considered to be “the door to the world”. The total area of the pavilion is 107000 

square meters, and indoor area is 87000 square meters. 

This fair will be held at the Hamburg Messe Congress und Gmhb on September 27th-29th,2017. 

For exhibition registration go to http://www.d3fair.com/en/questionnaire.asp  

TIME: 27th-29th September,2017 

VENUE:Hamburg·Germany 

HALL:Hamburg Messe und Congress GmbH 

ORGANIZER: China Association of Trade in Services 

Shanghai Bellitas exhibition Co.,Ltd 

China Electronic Instrument Industry Association 

SUPPORT:HWF Hamburg Business Development Corporation 

Website: http://www.d3fair.com/en/ 

(47)

Credit checking company Equifax admitted it was the victim of a large scale cyber attack, where personal details of 143 million customers, including British citizens, were compromised. Aside from the data loss, Equifax will have to address the cost of fixing the breach, which according to my client EfficientIP, a provider of network and security technology, will be north of $2 million.

Hervé Dhelin, VP Strategy at EfficientIP believes the lack of basic planning is set to cause more breaches. He said:

“It’s troubling to hear personal data belonging to 143 million people were compromised by the Equifax cyber attack. Our trust in the security is being questioned because an organisation who prides itself on protecting sensitive data has been brought down. From our research, we know a large organisation on average spends over $2 million per year fixing the damage caused by cyber breaches and it looks like the cost for Equifax will be higher than that. Enterprises are still missing out on the basics when it comes to protecting their networks and data, almost all US organizations (98%) we spoke did not apply the necessary security patches (compared to 83% globally) and only 86 percent applied half of the required patches on their DNS servers.”

(148)