Exploring the human factor in the age of cyber conflict and the new healthcare challenge concerning ransomware highlight this edition of the ISMG Security Report.

In the report (click on player beneath image), you'll hear:

ISMG Vice President and Editorial Director Tom Field and Arbor Network's Sam Curry - who spoke at the just-concluded ISMG Fraud and Breach Prevention Summit in Boston - discuss how organizations are rethinking their approach to evolving cyberthreats; HealthcareInfoSecurity Executive Editor Marianne Kolbasuk McGee/> explain why healthcare organizations, as Boston Summit presenter Kate Borten points out, are the top targets of attackers using ransomware; ISMG Managing Editor Jeremy Kirk analyze heists of automatic teller machines in Taiwan that reveal weaknesses in ATM machines worldwide that run the unsupported Microsoft Windows XP operating system; and About hackers targeting computers at the Republican convention in Cleveland.

The ISMG Security Report appears on this and other ISMG websites on Tuesdays and Fridays. Be sure to check out our July 12 and July 15 reports, which respectively analyze President Obama's concerns about the state of federal government IT security and Britain's new Prime Minister Theresa May's record on cybersecurity and online privacy. The next ISMG Security Report will be posted Friday, July 22.

Theme music for the ISMG Security Report by Ithaca Audio under Creative Commons license.

Although experts say it's best for enterprises to assume they've already been breached, rarely does that reality sink in. More often, companies get a ransom notice from a hacker demanding payment in exchange for not publicly dumping their sensitive data.

Organizations are in a tight position when figuring out what to do and if paying a ransom is the best option. The situations are becoming more common: Security firm FireEye has responded to more disruptive breaches over just the past year than since it was founded in 2004, says Charles Carmakal, vice president with FireEye's Mandiant forensics unit, in an interview with Information Security Media Group. He says dealing with hackers and negotiating a potential resolution is a tricky proposition.

"There could be an emotional response based on you not responding, or an emotional response based on you responding in a very maybe condescending or antagonistic way," he says. "You've got to be very careful and script out how you're going to engage with a threat actor."

Some hackers have made good on their threats in instances where the victim did not give into an extortion demand.

"We have seen the threat actors release that information in a very public, very embarrassing way to our clients, and it was a very challenging situation for our clients to have to live through that," he says.

In this interview (see link to audio player below photo), Carmakal discusses:

How carefully engaging the hackers could buy your organization more time and figure out if data has really been stolen or if the attackers are just bluffing; Why paying a ransom may not prevent data from being publicly released; How to recover after a breach and ensure a second breach doesn't occur.

Carmakal joined Mandiant five years ago as a vice president. He was previously a director at PricewaterhouseCoopers. His background includes penetration testing, web application security assessments, social engineering and computer forensic investigations.

Breach Response , Data Breach

GOP Platform Suggests 'Hack Back' a Suitable Cyber Defense Some Cybersecurity Experts Say Plank Encourages 'Cowboy' Justice Eric Chabrow (GovInfoSecurity) • July 19, 2016    

The Republican Party platform seems to endorse the "hack back" concept, or the right of a private enterprise or individual to retaliate against cyberattackers.

See Also: Creating a User-Centric Authentication and Identity Platform for the Healthcare Industry

The platform - adopted this week at the Republican convention in Cleveland that nominated Donald Trump for president - does not specifically mention the term hack back, but states: "We ... make clear that users have a self-defense right to deal with hackers as they see fit."

It shouldn't be surprising that the platform - characterized by The New York Times as "the most extreme Republican platform in memory" - would favor a tactic that has fallen out of favor with the vast majority of cybersecurity experts, lawmakers - including Republicans - and policymakers. Many on the far right that helped shape the platform champion a do-it-yourself attitude toward defense combined with a deep mistrust of government.

"It's crazy," Jody Westby, chief executive of the cyber-risk advisory firm Global Cyber Risk, says of the platform's "as-they-see-fit" provision. "This notion that people could just be cowboys is very risky for them. It can actually deter, defeat investigations because often data is damaged or destroyed in the [hack back] process and very few people are skilled to do this."

Vigilante Justice?

Cybersecurity expert and author Bruce Schneier characterizes the hack back approach as vigilante justice. Though hacking back could "feel so good," Schneier says, it's "truly crazy."

First, he says, attribution for a hacker attack is difficult, and the wrong party could be victimized, such as a business whose computers were secretly commandeered by the hacker. Second, the United States eschews vigilante justice for a good reason: "We actually don't want citizens to deal with criminals as they see fit," he says. "That's called anarchy, and it's bad.

"If you walk by your neighbor's house, look in his window, and see the thing he stole from you yesterday, you're not allowed to break into his house and take it back. That's the law. There's a real reason why we let the police and the justice system handle this."

Schneier also raised several rhetorical questions based on the vagueness of the platform position. Can "as they see fit" include firebombing a building or hacking a car to make it crash to revenge a hack?

Westby contends some forensic security companies advocate the hack back approach to try to "show that they have the cowboy skills. But we're not the Wild West. ... Individuals and companies that try to engage in active defense run a very high risk that they're violating criminal laws themselves and putting great risk on themselves, far more risk than the attackers bring to their organization."

I queried the Republican convention press office, seeking an explanation of why the platform endorses a "self-defense" approach to cybersecurity. But the party did not offer an immediate response.

Compliance , Cybersecurity , Events

Preview: RSA Asia Pacific & Japan Conference 2016 Here's What Not to Miss in Singapore Geetha Nandikotkur (AsiaSecEditor) • July 19, 2016    

The 2016 RSA Conference Asia Pacific & Japan, to be held July 20-22 in Singapore, will offer a security road map, imparting lessons to practitioners to help them navigate through cybersecurity complexities.

See Also: From Authentication to Advanced Attack Vectors: Top Trends in Cybercrime in Q1 2016

Its more than 50 sessions are designed for a variety of audiences, including executives, management, technical teams and newcomers to the field. The event is expected to draw about 5,000 attendees from the region.

At this year's conference, more than 80 percent of the sessions - including keynotes, conference tracks and workshops - are by experts from vendor organizations. Last year's event, in contrast, had more sessions by practitioners. It appears that this year, the conference is showcasing the latest security innovations.

Hot Sessions

The conference encapsulates all aspects of information security - devices, platforms, data science, law enforcement, business strategy, security and attack patterns.

The tracks delve into cloud, mobility, IoT security, and efraud and law enforcement, among other topics, with practical demonstrations of techniques.

The global perspectives track offers insights into best practices and steps organizations can use to understand security risks. A track on security strategy and data security features sessions on policy, planning, enterprise security architecture and business issues. The threat and threat actors track shares insights into new classes of vulnerabilities, the changing threat landscape, the dark web and remediation. And the "learning lab," the most interesting and interactive session, showcases real-time breach or attack incidents.

K. Shanmugam, Singapore's minister for home affairs and minister for law, inaugurates the conference.

Here's a sampling of some of the can't-miss sessions:

Business-Driven Perspectives: Amit Yoran, RSA president, in his keynote speech will highlight today's security challenges and key technologies that can deliver at scale. (Takes place Wednesday, 20 July, 2016 | 15.10 hrs | Roselle-Simpor Ballroom 4700) The Transformation Equation: Defining a New Security Roadmap: The second keynote by Matthew Alderman, vice president, global strategy, Tenable Network Security, will address how to make technologies work to protect your organization by changing your approach. (Takes place Wednesday, 20 July, 2016 | 15.35 hrs | Roselle-Simpor Ballroom 4700) Security in the World-Sized Web: A keynote session by Bruce Schneier, CTO at Resilient Systems, will outline how mobile, cloud computing, the IoT, persistent computing and autonomy together result in a world-sized web with great benefits but vulnerable to new threats. (Takes place Thursday, 21 July, 2016 | 13.30 hrs | Roselle-Simpor Ballroom 4700) The Effects of the Digital Age: Musician, businessman and activist Sir Bob Geldof, a Nobel "Man of Peace" award winner, will discuss the intersection of our digital world with sustainability, resources and political instability. (Takes place Friday, 22 July, 2016 | 14.55 hrs | Roselle-Simpor Ballroom 4700) The Pyramid of Protection: Rethinking Layered Security: Ben Johnson, co-founder and chief security strategist at Carbon Black, will discuss the cybersecurity climate and architecting a cyber strategy around a pyramid of capabilities rather than categories of technologies. (Takes place Wednesday, 20 July, 2016 | 15.55 hrs | Roselle-Simpor Ballroom 4700) Building and Sustaining an Effective Incident Response Center: Sunil Varkey, CISO, Wipro Technologies, will outline the right approach toward an effective incident response center. (Takes place Thursday, 21 July, 2016 | 10.00 - 10.45 hrs | Orchid Room 4301">) Security Awareness Is Not Enough: Build Security Culture Using Science of Habits: Bikash Barai, co-founder, Cigital India, will share insights on behavioural psychology, "habit cycle and formation of a cybersecurity culture. (Takes place Thursday, 21 July, 2016 | 15.15 - 16.00 hrs | Orchid Room) Cyber-Wargame Exercise: Operation Cyber-Monkey 2016: This session will feature the role play of a major corporate breach from the perspectives of different participants. (Takes place Thursday, 21 July, 2016 | 10.00 - 12.00 hrs | Peony Room 4401)

ISMG's Asia team will be at the event bringing you frequent updates, as well as interviews with Schneier of Resilient Systems; Zulfikar Ramzan, CTO of RSA; Alex Holden of Holding Security; Chris Coryea of Lockheed Martin and others.

So stay tuned and feel free to reach out to me to share your perspectives.