Here’s the thing about malware and cyber criminals who propagate it: they don’t play by the rules. Or any rules at all, which presents a particular challenge for people like you and me―the security experts who need to stop them. That’s because many of the methodologies we might use to protect our data and the infrastructures are designed to blindly follow a defined process.

They’re defined by what I call “The Compliance Audit Mentality”―thinking like a manager and going through the motions like a sleepwalker. Successfully completing a compliance audit with a pre-defined selection of security criteria doesn’t always reduce risk. It’s more like just ticking off the boxes and then moving on.

The problem is, cyber criminals know very well what those boxes are too.

It’s easy for them to work out where “compliant” systems will still be vulnerable―and therefore, launch attacks with a high likelihood of success.

It’s a crazy situation which means that organisations may still be susceptible to a security breach after they’ve gone through a successful audit. That’s why I urge CIOs and CISOs to put the “Compliance Audit Mentality” to one side, and radically change your mind set.

We need to break our own rules.

If you’re serious about security, stop thinking like a manager.

Start acting like a leader. Leaders don’t tick boxes; they think outside of them. They share a vision. They inspire confidence and belief in their teams. Today’s visionary security leaders know that compliance audit is only one part of the picture, and that without further security measures, the likelihood is that at some point their networks will be breached.

According to the 2016 Symantec Internet Security Threat Report, Vol 21 (ISTR), in 2015 the number of zero-day vulnerabilities discovered increased by 125% compared to the year before. Sophisticated malware and targeted attacks from outside sources or even employees are also constantly increasing in size and scale. Proliferation on this scale is almost impossible to defend against at the perimeter by treating your security like another exercise.

Instead, the visionary CIO leads their organisation through sound, constant risk management and data security controls.

Here are four recommendations on how to respond:

Look at threats in a new way. We can’t block everything, so use advanced threat and adversary intelligence solutions to help you find indicators of compromise and respond faster to incidents.
Ensure your security is solid. Implement multi-layered endpoint security, network security, encryption, strong authentication and reputation-based technologies. Partner with a managed security service provider to extend your IT team.
Be ready for incidents. Incident management ensures your security framework is optimized, measureable, and repeatable, and that lessons learned improve your security posture. Consider adding a retainer with a third-party expert to help manage crises.
Ensure security is part of your culture. Provide ongoing education and training to help your staff do the right thing; don’t just follow your policies. Regularly assess internal investigation teams—and run practice drills—to ensure you have the skills necessary to effectively combat cyber threats.

If you’re ready to lead your own organisation in that direction, then I urge you to take a look at the ISTR Vol 21 report. It includes some great statistics around the prevalence of ransomware and growth in different types of attack.

↧

Finding Talent in All the Right Places

August 12, 2016, 10:37 am

≫ Next: Ho To install Symantec in Ubuntu

≪ Previous: Stop Thinking Like a Manager

Symantec Hosts Two TeenForce Interns

Talent comes from many different places and backgrounds. For the first time, Symantec hosted two high school foster youth interns at the Mountain View, California headquarters.

At age 18, 75% of foster youth have little to no work experience (Child Welfare Initiative) and any experience they may have is not in the tech sector. Therefore, the need to provide specific work readiness training and science, technology, engineering, or math (STEM) skills training to foster youth early in high school is crucial in order to help them succeed academically and in the workforce.

Fortunately, two San Francisco Bay Area nonprofits, TeenForce and the Silicon Valley Children’s Fund, recognized this concern and did something to change it. Launched in 2014 through a Clinton Global Foundation America commitment, the two partnered to bring STEM education, work readiness training, and paid STEM internships to 100% of the high school foster youth in Santa Clara County.

Since the program launch, Symantec has financially supported the Foster Youth STEM and Work Readiness Training Program and this summer, we were honored to host two brave teenaged interns in our Corporate Responsibility and Human Resource departments.

Symantec’s TeenForce interns completed a variety of projects for both the Corporate Responsibility and Human Resources teams.

Can you describe your role as an intern at Symantec?

Intern 1: I spent the summer interning with the Corporate Responsibility (CR) department, which manages Symantec’s employee engagement, philanthropic investment, environmental initiatives, and diversity and inclusion efforts. My job was to provide project support to the CR team. My projects ranged from organizing our volunteer apparel to building project trackers in Excel to making a recruiting guide on veterans for Symantec recruiters.

Intern 2: I worked in Human Resources (HR) Services, supporting teams all over HR from University Relations to Benefits. I recently built an internal Wiki for University Relations and planned a company event in partnership with our café and our near-site health clinic for Mountain View employees. I also conducted research for the Diversity and Inclusion team.

What were you hoping to gain from your internship?

Intern 1: I came into this internship to gain work experience and to better understand what a job looks like. I had never previously held an official job before so this was an exciting and new experience. This internship was everything I expected and more.

Intern 2: Through TeenForce, I had the opportunity to intern at SanDisk for the Information Technology team last year and had a great experience. However, I’ve become more interested in going into business, and wanted the chance to interact and collaborate with more people in the corporate world. I definitely did just that and have made many new connections during my time here.

What were your biggest takeaways from this experience?

Intern 1: My biggest takeaway is that work is fun with the right group of people and I was very fortunate to serve under a very welcoming group. Not only did I gain more work experience but I also had a lot of fun. I learned how to work in both a corporate field and a tech field. I loved that I had experience in two fields for the price of one.

Intern 2: The most memorable moments of my internship so far just have to be the many great interactions I’ve had with other employees. I’ve learned so much about working with others in order to get tasks done.

How would you describe your overall experience in the TeenForce & Silicon Valley Children’s Fund program?

Intern 1: The program was very interesting and I learned a lot from the instructors. I do wish more people would be interested in STEM especially more foster kids. It really is fun and very easy to get the basics.

Intern 2: I was part of their flagship STEM program that launched in January 2015 so this was my second year in the program. The staff at TeenForce is amazing and the program has provided me with experience and opportunities that have truly helped me grow as a person.

Our philanthropy program at Symantec focuses on introducing students to computer science and cybersecurity careers, emphasizing youth with diverse backgrounds. The ongoing partnership with TeenForce is one example, you can read more on our website.

Jaime Barclay is Symantec’s Corporate Philanthropy Manager.

Click to Tweet:

At age 18, 75% of foster youth have little to no work experience. @TeenJobsProgram & @symantec are working to change this! #SYMTERN #CSR

↧

Ho To install Symantec in Ubuntu

August 13, 2016, 10:01 pm

≫ Next: Instagram アカウントのハッキング、アダルト系出会いスパムの拡散に方向転換

≪ Previous: Finding Talent in All the Right Places

Ho To install Symantec in Ubuntu

For installing Symantec client in Ubuntu we should download jdk-8u92-linux-x64.ta , jce_policy-8 files and SymantecEndpointProtection.tar.sh

Use below links for download the java files

JDK 1u92

http://www.oracle.com/technetwork/java/javase/downloads/jdk8-downloads-2133151.html

JCE policy files

http://www.oracle.com/technetwork/java/javase/down...

Create a java folder in home path using terminal.

cd /usr
sudo mkdir java

copy jdk-8u92-linux-x64.tar.gz and jce_policy-8 .zip files in java folder using terminal.

sudo cp jce_policy-8 files.zip jdk-8u92-linux-x64.tar /usr/java

unzip jdk-8u92-linux-x64.tar and jce_policy-8 .zip

sudo unzip jce_policy-8 .zip
sudo tar –xvf jdk-8u92-linux-x64.tar.gz

Delete US_export_policy.jar and local_policy.jar files in usr/java/jdk1.8.0.92/jre/lib/security path using terminal.

Change path directory to usr/java/jdk1.8.0.92/jre/lib/security

sudo rm US_export_policy.jar local_policy.jar

Copy US_export_policy.jar and local_policy.jar files from usr/java/jce_policy-8/ UnlimitedJCEPolicyJDK8 to usr/java/jdk1.8.0.92/jre/lib/security using command.

Change path directory to usr/java/ jce_policy-8/UnlimitedJCEPolicyJDK8 and enter below command.

sudo cp US_export_policy.jar local_policy.jar usr/java/jdk1.8.0.92/jre/lib/security

Give owner permission for java folder using command.

sudo chown –R root:root /usr/java

Install linux kernel files by using command.

sudo apt-get install gcc
sudo apt-get source linux-image-$(uname -r)
sudo apt-get install dpkg-dev
sudo apt-get install libc6:i386 libX11-6:i386 libncurses5:i386 libstdc++6:i386
sudo apt-get install sharutils
sudo apt-get install ncompress

Go to Symantec folder directory and install SEP using command.

sudo chmod +x install.sh ==è (for modifying the file permission)

sudo ./install.sh –i

↧

Instagram アカウントのハッキング、アダルト系出会いスパムの拡散に方向転換

August 14, 2016, 9:29 pm

≫ Next: Ghost Solution Suite 3.x ASDK

≪ Previous: Ho To install Symantec in Ubuntu

Instagram アカウントをハッキングしてプロフィールを改変する詐欺師が、いかがわしい画像を追加して、アダルト系出会いスパムやポルノスパムをユーザーに送り付けています。

↧

Ghost Solution Suite 3.x ASDK

August 15, 2016, 4:31 am

≫ Next: Ghost Solution Suite 3.1 - Maintenance Pack 3 released

≪ Previous: Instagram アカウントのハッキング、アダルト系出会いスパムの拡散に方向転換

Due to high demand we have recompiled the ASDK from Deployment Solution 6.9 so that it can be installed on top of a new GSS 3.x installation. It has also been recompiled using an updated version of .NET so it can be installed on newer operating systems. The required files, installation instructions and help file are attached.

The actual functions of the ASDK has not been modified and remain the same as they have been as part of DS 6.9. At this time we have done some basic testing and haven't found any issues, although it is important to note that the ASDK does not come with any support.

↧

Ghost Solution Suite 3.1 - Maintenance Pack 3 released

August 15, 2016, 4:36 am

≫ Next: Shark: New Ransomware-as-a-Service threat takes bite of proceeds

≪ Previous: Ghost Solution Suite 3.x ASDK

We are pleased to announce the release of GSS 3.1 MP3. This can be downloaded from FileConnect using your serial number or from the trialware site (link can be found at www.ghost.com)

Please review the release notes here: https://support.symantec.com/en_US/article.DOC9360.html

↧

Shark: New Ransomware-as-a-Service threat takes bite of proceeds

August 15, 2016, 11:03 am

≫ Next: ISTR Insights: What Small & Medium Businesses Need to Know

≪ Previous: Ghost Solution Suite 3.1 - Maintenance Pack 3 released

The creators of Shark have made it freely available, but demand a 20 percent cut of its profits.

↧

ISTR Insights: What Small & Medium Businesses Need to Know

August 15, 2016, 2:53 pm

≫ Next: Shark：收取一部分相关非法收入的新型服务类勒索软件

≪ Previous: Shark: New Ransomware-as-a-Service threat takes bite of proceeds

Attend the free webinar Wednesday, August 17, 10:00 am Pacific

Blog Feature Image:

SmallBusinessWebcast.png

Twitter カードのスタイル:

summary

According to the Symantec 2016 Internet Security Threat Report, Vol 21 (ISTR), the last five years have shown a steady increase in attacks targeting business with less than 250 employees.

It seems that cyber attackers are playing the long game against large companies, but businesses of all sizes are vulnerable to targeted attacks. The ISTR Vol 21 found that spear-phishing campaigns targeted employees increased 55% in 2015.

Join Kevin Haley, Director, Security Response, Symantec for a compelling webcast that will focus on cyber threats targeting small and medium sized businesses.

Get the latest research on cyber threats including:

Why cyber criminals target small and medium business at a higher rate than larger businesses.
How ransomware is expanding to new targets and how to protect yourself.
Why 78% of all legitimate websites are putting your end users at risk.

Here’s webcast information:

What: What Small & Medium Businesses Need to Know
When: Wednesday, August 17 at 10:00 am Pacific
Duration: 60 minutes
Cost: Free

What are you waiting for? Don’t miss out!

↧

Shark：收取一部分相关非法收入的新型服务类勒索软件

August 15, 2016, 9:14 pm

≫ Next: Shark: 身代金の一部を配当として受け取る新しい Ransomware-as-a-Service

≪ Previous: ISTR Insights: What Small & Medium Businesses Need to Know

Shark的开发者使该软件能够免费获取，但需要收取20%的相关非法收入

↧

Shark: 身代金の一部を配当として受け取る新しい Ransomware-as-a-Service

August 16, 2016, 12:28 am

≫ Next: How Can Student Clubs Transform Tech?

≪ Previous: Shark：收取一部分相关非法收入的新型服务类勒索软件

ランサムウェア Shark の作成者は、無料で Shark を公開するかわりに、利益の 20% を配当として要求します。

↧

How Can Student Clubs Transform Tech?

August 16, 2016, 10:45 am

≫ Next: Equation: Has secretive cyberespionage group been breached?

≪ Previous: Shark: 身代金の一部を配当として受け取る新しい Ransomware-as-a-Service

This article was originally posted on Symantec's Medium publication #iamtech, by Pranam Lipinski, CEO, co-founder at @DoorofClubs. The #iamtech series explores the experience of minorities and women in tech through engaging personal stories within and outside of Symantec.

You have likely heard of student clubs or may have even been a member of one during high school or college. When I started my investment club in college, I could have never imagined that it would one day inspire me to create a solution for helping diverse students receive outstanding career opportunities.

I serve as the co-founder and CEO of a startup that provides companies targeted recruitment through student clubs at over 140 top colleges across the country. Our platform helps over 500 student clubs receive job and internship opportunities from Fortune 100's to non-profits.

The core foundation of our solution stems from my own unique background. I grew up in a diverse family and have benefited greatly from the valuable resource that is a student club.

Background:

My story begins in rural Massachusetts, where my family was one of a few who did not look like everyone else. I am the son of a Nepalese immigrant mother and an American Peace Corps father. I was the only kid in town with a different name and one of four students in my high school (including my brother) whose skin was any shade darker than white. However, being a three-sport athlete, I learned the value of working together beyond our differences and developed lifelong relationships with teammates that I now call best friends.

Founding a Club:

When I became a business major at Endicott College, I found myself surrounded by like-minded individuals with a passion for investing. We would get together regularly to discuss investment topics from Wall Street to Main Street and how we could potentially contribute. As the meetings became more frequent, we decided to start the Investment Club with a diverse founding group of men and women, and gained our college’s official support.

Read Pranam's full story on Medium here.

↧