If you are having trouble viewing this email, click here to view this online



   ISSUE 43

13 February 2015

Article of the Month  Around the World

A Report on 2014 Global Security Data Breaches



The Online Trust Alliance (OTA) has analyzed more than 1,000 data breaches from 2014 and concluded that as many as 90% of them could have been easily prevented.

The OTA studied data breaches from 2014 that involved the loss of personally identifiable information (PII) and found that those breaches could be attributed to one of four causes: 40% by external intrusions; 29% by employees, either accidentally or maliciously; 18% by lost or stolen devices or documents; and 11% by social engineering or fraud. According to the OTA, 90% of these data breaches could have been easily avoided by strengthening internal controls. "Businesses are overwhelmed with the increasing risks and threats, yet all too often fail to adopt security basics," said Craig Spiezle, executive director and president of OTA. To help organizations with those security basics, OTA has released two companion guides: one covering security best practices and controls, and one for security risk assessment. One pixelInsider threat prevention controls to thwart data breach incidents The best practices suggestions include detailed tips for 12 "critical yet achievable" security items, like enforcing effective password management policies, conducting regular penetration tests and vulnerability scans, implementing a mobile device management system (MDM), and developing, testing and refining a data breach response plan.

The guide for security risk assessment aims to help organizations follow industry and regulatory best practices, and follow the four general steps to risk assessment: threat assessment, vulnerability identification, risk determination and control recommendation. OTA plans to present these guides and research findings in a series of three "town hall" meetings scheduled in Silicon Valley, Calif., on Jan. 28; New York on Feb. 3; and Washington D.C. on Feb. 5. The events will include sessions featuring leaders from the FBI, Secret Service, the New York and California Attorney General's office, Twitter and more, and will cover major data breaches from the past year, including those impacting Sony and Home Depot.



2015 Statistics so far

Abuse Distribution by Categories

Overview for ITU Regions


Monthly Overview


























�..Human attention isn�t stable, ever, and it costs us: lives lost when drivers space out, billions of dollars wasted on inefficient work, and mental disorders that hijack focus. Much of the time, people don�t realize they�ve stopped paying attention until it�s too late. This �flight of the mind,� as Virginia Woolf called it, is often beyond conscious control...�

  Whodunit? In cybercrime, attribution is not easy

'..�Whodunit� is essential to solving crimes. You can�t make an arrest or prosecute a crime if you don�t even know who committed it. That makes �attribution� one of the major challenges of law enforcement. But while identifying perpetrators is difficult enough in the physical world, it is even tougher in the cyber world, where the ways for perpetrators to cover their tracks or make it look like a breach was committed by someone else are both sophisticated and practically limitless....'




'...As drones become cheaper and more capable, more police departments across the country are asking for and getting federal approval to use them for law enforcement.

But the Federal Aviation Administration only takes safety into consideration when it grants a law enforcement agency approval to use drones, leaving privacy protections to legislation�which, depending on the state in question, may or may not exist....'



'...Cellular carriers spent nearly $45 billion in an auction of wireless frequencies, blowing past even the highest estimates, the Federal Communications Commission announced Thursday....'


'...There�s a new cloud service offering that has met the government�s standardized cloud computing security requirements, and it�s one every major federal agency IT official will recognize.

VMware, already a known name in virtualization, announced today its VMware vCloud Government Service has achieved compliance under the Federal Risk and Authorization Management Program....�

Month in Brief
Facebook Incidents Reported to Sri Lanka CERT|CC in January 2015
 Statistics - Sri Lanka CERT|CC

Enabler of Data Agility

'....Enabler of Data Agility How much time does it take between collecting data and taking meaningful action based upon the insight you are able to glean from those data? Depending on the technology, it might take a week to a month or more. Today, of course, we can do better than a week.....'


Cambridge University turns to Intel Xeon Phi chips to meet growing high performance computing demands

'...The University of Cambridge plans to transition high performance computing (HPC) workloads to Intel�s Xeon Phi co-processors to meet growing demands for parallel processing application, but will also continue to rely on its Nvidia GPU cluster for certain requirements.....'

IT Management Suite 7.6 and Ghost Solution Suite 3.0 Launch Webcast - March 3

'...The releases of Symantec IT Management Suite 7.6 and Symantec Ghost Solution Suite 3.0 are rapidly approaching. Please join us for a special webcast on Tuesday, March 3 to learn about these new solutions and how they will make your life easier.....'

iOS 9: Apple�s desktop-class smartphones



'.....It makes sense for Apple to decelerate the pace of regular feature introductions and take the time to optimize and improve the many it already has. It is interesting (and informative) to reflect that the last time it chose to decelerate feature improvements was when it launched OS X Snow Leopard in 2009, which introduced a range of under-the-hood improvements, the biggest being 64-bit support.....'


Chinese Hacking Group Codoso Team Uses Forbes.com As Watering Hole



'....Another day, another cyberespionage campaign attributed to a Chinese hacking group. Today's newly identified hacking push is a watering hole attack against Forbes and other targets last November that's been attributed by iSIGHT Partners and Invincea to likely be the handiwork of a long-running group they call Codoso Team, but which has also been named as Sunshop Group. The campaign was made possible by a zero-day attack that strung together a now-patched Adobe vulnerability with a bypass vulnerability in Microsoft's ASLR technology for Internet Explorer that the company patched today.SS...'

Notice Board
  Training and Awareness Programmes - February 2015
- 10th � 13th Feb Updating Learning Management System with news e- contact Education leadership Development Center Meepe
10th � 13th Feb Updating Learning Management System with news e- contact National Institute of education , Maharagama
23rd -27th Feb Java Training Programme E-soft � Colombo 4
- 24th � 27th Feb IPICT Instructor Training IPICT Center � Colombo 8

Brought to you by: