Russian President Vladimir PutinVladimir Vladimirovich PutinPutin: 'Thank God' election interference accusations have stopped amid US 'political battles' Live coverage: Impeachment spotlight shifts to Fiona Hill, David Holmes As Buttigieg rises, Biden is still the target MORE said Wednesday that he was thankful "internal political battles" in the United States were putting an end to accusations that Moscow interfered in the 2016 presidential election.

"We see what is going on there in the U.S. now," Putin said while speaking during an economic forum in the Russian capital, according to an English translation of his comments. "Thank God nobody is accusing us anymore of interfering in the U.S. elections. Now theyre accusing Ukraine."

Here's how Putin feels about the impeachment hearings: "Thank God nobody is accusing us any more of interfering in the U.S. elections."

"Now they're accusing Ukraine" pic.twitter.com/zQ14uRgWKG

Putin's comments appeared to reference allegations at the center of the House impeachment inquiry into President TrumpDonald John TrumpWatergate prosecutor says that Sondland testimony was 'tipping point' for Trump In private moment with Trump, Justice Kennedy pushed for Kavanaugh Supreme Court nomination: book Obama: 'Everybody needs to chill out' about differences between 2020 candidates MORE's dealings with Ukraine. During a July 25 phone call, Trumpurged Ukrainian President Volodymyr Zelensky toinvestigate former Vice President Joe BidenJoe BidenKamala Harris receives new Iowa endorsements after debate performance Watergate prosecutor says that Sondland testimony was 'tipping point' for Trump Overnight Defense Presented by Boeing Deal on defense bill proves elusive | Hill, Holmes offer damaging testimony | Trump vows to block Navy from ousting officer from SEALs MORE, who is running for president, and a conspiracy theory related to the 2016 election.

Trump called on the Ukrainian leader tolook into matters related to CrowdStrike, a U.S.-based internet security company that initiallyexaminedthe breach of the Democratic National Committee (DNC) servers in 2016. The request was an apparent reference to a conspiracy theory that casts doubt on the assessment that Russians were responsible for hacking the DNC.

There is no evidence to suggest that Ukraine was involved in any 2016 election interference. The U.S. intelligence community has also concluded that Russia sought to interfere in the election to harm Democratic nominee Hillary ClintonHillary Diane Rodham ClintonDemocratic strategist laments 'low bar' for Biden debate performance Wasserman Schultz makes bid for House Appropriations Committee gavel Trump to hold campaign rally in Pennsylvania next month MORE's candidacy and help Trump.

Trump's promotion of the theory has gained attention amid the House impeachment inquiry, with some Republicans defending the president's motives.

Once you understand that Ukrainian officials were cooperating directly with President Trump's political opponents to undermine his candidacy, it's easy to understand why the president would want to learn the full truth about these operations and why he would be skeptical of Ukraine," Rep. Devin NunesDevin Gerald NunesHill, Holmes offer damaging impeachment testimony: Five takeaways Putin: 'Thank God' election interference accusations have stopped amid US 'political battles' The Hill's 12:30 Report Presented by Johnson & Johnson Witness dismisses 'fictional' GOP claims of Ukraine meddling MORE (R-Calif.), the ranking member of the House Intelligence Committee, said during the fifth day of public impeachment hearings.

Nunes's comments came afterFiona Hill, a former top Russia analyst for the White House, strongly disputed the narrative that Ukraine interfered in the 2016 election.

Based on questions and statements I have heard, some of you on this committee appear to believe that Russia and its security services did not conduct a campaign against our country, and that perhaps, somehow, for some reason, Ukraine did, Hillsaid in heropening statementThursday.

This is a fictional narrative that has been perpetrated and propagated by the Russian security services themselves," she continued.

Hill isn't the first former administration official to dismiss the theory that Ukraine interfered in the 2016 election; Tom Bossert, a former White House homeland security adviser, said in late Septemberthat the allegation was a "completely debunked" conspiracy theory.

He added that he communicated that to Trump during his time working in the administration.

Read more:
Putin: 'Thank God' election interference accusations have stopped amid US 'political battles' | TheHill - The Hill

INDIANAPOLIS, Ind. The education industry is a target for cyber security attacks. Indiana school districts and universities are constantly detecting attackers trying to get your personal information.

Last week, a school district in northern Indiana had to restore its servers. Thats after a ransomware attack knocked out all of their internal systems district wide. The hackers wanted money to restore their service.

Thousands of students, staff and faculty make up a district or university. In moments, personal information can be compromised.

Our job is to stay one step ahead of that, said Andrew Korty, the Chief Information Security Officer at IUPUI, These groups are sophisticated groups, the attack groups that were talking about. Its organized crime.

He says hes dealt with his share of challenges.

Theres money that can be made out of identity theft, extortion, ransomware. So, theyre going to try and pick off the easiest targets, said Korty.

The education industry is one of those easy targets.

Weve always been faced with a fairly substantial level of attack attempts against us, said Korty.

Korty says personal information that school districts and universities require has value on the black market. IUPUI has had to add multiple safe guards to block hackers.

We have what we call two-step login, Korty explained, Which you may have seen with your bank, Facebook and things.

Maya Levine, a Security Engineer with Check Point Software says its more challenging for school districts because of funding.

I think a big portion of that is funding. Schools dont have money for textbooks, for overcrowded classrooms, not enough money to pay for teachers, things like that. That same concept is going to apply to technology and security, said Levine.

Other than adding two-step logins, Levine says everyone needs to learn the tricks hackers try to pull.

Really educate your users because humans are going to be the weakest point in anybodys cybersecurity defense posture. Thats just the way it goes, said Levine.

Staying a step ahead to protect our schools online.

Something bad could happen in the next 10 minutes and we just have to be ready for that, said Korty.

IUPUI has partnered with four other universities to form a security operations center. That way if an attack is detected at one of the institutions, IUPUI can know about it, before it hits.

There are some ways you can protect yourself against cyber crimes.

First, use a full-service internet security site to protect against hackers.

Then, youll want to create strong passwords. Experts recommend a combination of 10 letters, numbers and symbols.

Finally, keep your software updated, doing so can prevent hackers from exploiting known flaws.

Visit link:
Expert: Education industry ranks one of the worst when it comes to cyber security - FOX 59 Indianapolis

At a Thursday hearing in the impeachment inquiry into President Donald Trump, Fiona Hill, a former National Security Council senior director, won an outpouring of support for her powerful testimony slamming sexist double standards.

Hill, one of the nation's leading experts on Russian and Eastern European issues, left the White House earlier this year and testified about the efforts of certain members of the Trump administration to leverage the release of a nearly $400 million military-aid package to Ukraine in exchange for the Ukrainian government announcing investigations that would be favorable to Trump.

In particular, Hill testified that officials including Gordon Sondland, the US ambassador to the European Union, circumvented the interagency processes for conducting diplomacy with Ukraine and got in the way of the NSC's efforts, sidestepping the council and leaving its staff in the dark.

Hill holds multiple degrees in foreign affairs and history from Harvard University and has worked on Russian and Eastern European issues for decades. Sondland is a wealthy hotel executive who had no significant diplomatic experience when he was appointed in 2018 after donating $1 million to Trump's inaugural committee.

Hill recounted that in a July 10 meeting at the White House, she had to intercept Sondland and make clear to him that there should be no discussion of investigations with Ukrainian officials without first going through the proper diplomatic channels.

"I was actually, to be honest, angry with him," Hill said. "And I hate to say it, but often when women show anger it's not fully appreciated it's often pushed onto emotional issues, perhaps, or deflected onto other people."

Hill's measured, confident demeanor before the committee and her powerful testimony of being pushed aside and outflanked by a far less qualified male diplomat resonated with people across the internet. Many tweeted their support for Hill and made her name a trending topic.

Hill and David Holmes, a US diplomat in Ukraine, are sworn in to testify before the House Intelligence Committee on Thursday. Andrew Harnik/AP

Later in her testimony, Hill said that she believed the smear campaign and eventual ousting of Marie Yovanovitch, the former US ambassador to Ukraine, were also motivated by sexism and that Yovanovitch's gender made her a target for attacks.

Go here to see the original:
The internet loved Fiona Hill blasting sexism in impeachment testimony - INSIDER

Share

Share

Share

Email

In a world where cyberattacks have become the norm, organisations have no other option but to make cybersecurity a top priority. Cyberattacks can affect the very ability of an organisation to fulfill its mandate.Many cybersecurity leaders and teams voice concern around lack of funding and minimal executive support at all levels of the organisation (including the CISOs). However, this is just a reality and not the root cause. Therefore it is critical to understand and introspect the root causes, which organisations can easily miss out, as a result of which the companys true security risk reduction suffers. While many companies have understood the implications of cyberattacks but they are still lagging behind implementing the security measures.

Here are the top five cybersecurity pitfalls organisations face and what they should do to overcome them:

Today a number of cybersecurity programs are attempting to boil the ocean instead of focusing on whatsmostimportant for the business.Enterprises must know which business process and information are of the utmost importance and make efforts to protect them.

Some organisations which have made attempts to identify the most critical data and assets to protect, though it often tends to leave integrity and availability concerns and focus solely on data theft (confidentiality). Business continuity and IT disaster recovery programs and plans traditionally work to ensure that they are able to react to availability issues from any type of outage.In many cases, these efforts are disjointed and data integrity risks are largely left to be managed by the quality or compliance department.

Chief Information Security Officers(CISOs) can helptheir companies connect deeply with their business. They can understand worst-case scenarios for information theft, manipulation, which is not limiting thinking to IT systems. Once the company plans to focus on the most critical elements of business, they can easily build speed and depth to protect them. For example: If acompany has 1,000 IT systems and 10 different functional areas, comprising 500 business processes, then where does the company start to protect its system?Is everything critical? We have seencompanies fail to answer this question and significantly slow their efforts on a critical control or focus only on one risk dimension (e.g. compliance, or data theft).

One can easily identify the most critical to business elements by just imagining what a CEO would be most concerned about if a cyberattack hit at 3 a.m. The CEO wont be concerned about the technical details but he would rather focus on business riskandoperational impact. When you keep this in mind you would be able to focus on your information security program.

Today, themedia plays a key role in educating people about cybersecurity breaches. At the same time, the media distracts the enterprise. This is mainly due to privacy-driven data breach reporting laws,and media attentiontends to focus more on customer breaches and exposed personal information rather than the pitfalls or reasons for such an event.

This reporting bias doesnt account for all of the internal and external attack types and the companies true risk impact profile. Employees might end up reading media stories on security breaches, they may get into a reactive mindset or start exhibitingconfirmation biasthat may or may not be applicable to the particular situation of your company. This kind of thinking can distract you from your organisations biggest risks.

One cannot control the kind of articles your employees read but thereis a strategy to avoid knee-jerk reactions to specific vulnerability and breach-related news. The company can leverage news media in a way that provides isolated value instead of creating a distraction by getting deeply involved in threat intelligence and sharing with other companies. One can evaluate the inputs from the media so that you can rationalise what you should react too and act upon.

Judging from the social media backlash about the vendor circus at major security conferences and events, there is some recognition and reflection about the cyber tool sprawl. When it comes to technologies like AI, machine learning and blockchain, we are often promised silver bullets and told that these tools would be implemented as soon as possible. This creates a sense that, if these are not deployed, then they would face an imminent failure in protecting the company.

We recently learned about a smaller organisations security leader who was proud to have acquired seven marquee threat detection tools. When we asked him about howhe had the ability to leverage them all effectively, his reply was that he focused on one thing which gave him the most actionable data. He was using only one threat detection tool at a time. The other six were still running and producing logs and alerts, but no one was looking at them.

It is a known fact that the companys strategic architecture practices may not yield full potential at the beginning. But bybringing adeeply experienced, big-picture security architect on board to develop an ecosystem of cybersecurity tools will help it scale appropriately. CISOs need to look past the initial funding for cool tools towards the more comprehensive total cost of ownership (for both internal and external resources), linkages to business scope, ability to drive down risk and plans for appropriate scale.

One should know the basics as these matters the most to any organisation. According to theCenter for Internet Security Critical Security Controls(CIS CSC), there are the top four basic controls, which include inventory and control of hardware, inventory, and control of software, continuous vulnerability management and controlled use of administrative privileges. However, many organisations report ineffective or incomplete efforts in all four of these fundamental efforts. Meanwhile, investments may be focused more on toolsand controlsthat are popular in the market.

The solution is to prioritize some core efforts and basics in order to ensure that your team isnt spread so thin working on shiny new tools that it obstructs progress on critical building blocks.

The CIS CSC provides a robust and periodically updated playbook that includeshardware and software inventory, vulnerability management, controlling admin privileges, secure configuration (hardware/software) and maintenance and monitoring of logs.While they all seem essential for any security program, not many companies have solid progress and maturity towards these.

While connecting the dots betweenprioritizing business riskandsolidifying the basics,companies should leverage business risk to drive privileged access security programs.

Many a time it happens that a company buys a tool but does not implement it fully and then moves on to the next new thing or realises that they dont have the resources to execute, scale up or support after the initial investment money runs out. This does not help in reducing risk in the organisation.

Getting to theappropriatescale with these efforts is the only way to fully achieve the risk reduction efforts that your money, time and effort would have costed you. Scaling is hard but it is where the magic happens with risk reduction. The appropriate scale connects directly back to the business risks where you plan to reduce.

Companies that achieve appropriate scale leverage solid and consistent project management and measurement methodologies. They think proactively about the total cost to achieve the desired risk reduction. They dont run after new tools when they see their peers implementing in their companies. Since many CISOs have a maximum of two years of tenure in the role, they may not be focusing on long-haul solutions at scale.

(Views expressed above are the personal opinion of Rohan Vaidya, Regional Director of Sales India, CyberArk)

Visit link:
Cybersecurity perils: What CISOs must bear in mind - Elets

Not all Internet isolation solutions are created equal. Just ask our customers. One of them learned the hard way.

With millions of customers worldwide and trillions of dollars in assets, a leading global investment firm was a high-profile target for cybercriminals. A layered defense protected the organization against a broad variety of threats, but email phishing attacks were becoming an increasingly serious threat. Something had to be done.

To combat email threats, the organization deployed multiple layers of security. The architecture included cloud and on-premises versions of anti-spam, anti-virus, data security, encryption, and sandboxing solutions, but spearphishing attacks and drive-by malware exploits were still a significant risk. It would take only one successful attack to cause billions of dollars worth of damage.

Knowing that this was an unacceptable risk, the organization worked with Menlo Security to implement a Zero Trust Internet cybersecurity strategy. Today, all of the organizations web sessions pass through the Menlo Security Internet Isolation Cloud, isolating all web traffic. When users do click on malicious links, all sites are already safely isolated and have input-field restrictions. By isolating all email links and attachments, Menlo Security Email Isolation protects the firm against credential theft, while eliminating 100 percent of drive-by malware exploits.

Here are 5 out of 10 must-have features to look for when evaluating an Internet isolation cloud, you will need to download the ebook to see the others:

Web Isolation Technology

Protection Against Phishing

Should include and integrate email security, including automatically isolating the links and attachments from email

Prevents users from filling out suspicious web form

Native-Like User Experience

Advanced Threat Protection

Should assume that all content originating from the Internet is risky, including content that was previously benign

Provides 100 percent protection against all web- and document-borne threats, including zero-day malware

Additional Cybersecurity Features

Should go beyond just isolation to provide AV, URL filtering, DLP, reporting, policy and authentication, encrypted traffic management, cloud access security broker, and email link and attachment protection

Dont wait until your organization suffers a devastating breach or until you reach the tipping point when cybersecurity becomes cost prohibitive as a result of inefficiencies. Look for an Internet isolation cloud that has these 10 features. You wont be sorry.

Go here to see the original:
Evaluating Internet Isolation Clouds: Must-Have Features - Security Boulevard