A man looks at the computer screen with the twitter page of Russian Prime Minister Dmitry Medvedev displayed, in Moscow on August 14, 2014

Russian MPs pass ‘right to be forgotten’ Internet law

Russian lawmakers Friday passed a bill allowing people to force Internet search engines to remove links to data about them, overriding objections from the country’s largest search provider.

The legislation — broader than the European Union’s “right to be forgotten” initiative — was passed by overwhelming majority in Russia’s Kremlin-loyal parliament.

President Vladimir Putin still needs to sign the law for it to come into effect. The proposed legislation could be implemented as early as January next year.

The bill allows people to force Internet search engines to remove links to data they claim is inaccurate, outdated or published unlawfully, and has sparked fears that it could be used to delete information critical of the authorities.

An earlier version of the bill was tweaked after opposition from Russia’s main search engine Yandex, but the company said it still had major objections to the final version of the law.

“Our attempts to introduce some crucial amendments to this bill have unfortunately been unsuccessful,” Yandex said in a statement.

“Our point has always been that a search engine cannot take on the role of a regulatory body and act as a court or law enforcement agency,” it said.

“We believe that information control should not limit access to information that serves the public interest. The private interest and the public interest should exist in balance,” the firm said.

The bill was rushed through parliament after being submitted on May 29. Its authors are a cross-party group of MPs.

The text requires search engines to serve as a monitoring body.

They would have 10 days to decide whether to delete the information, according to the text of the law. Refusal to delete the information would empower the complainant to take them to court. There is no mention of a penalty for non-compliance.

Russia’s bill comes after a series of rulings around the world on what search engines can tell users, raising concerns over the potential for censorship.

Under the EU’s “right to be forgotten,” citizens have the right to require search engines to erase results involving them under certain conditions.

The move has been opposed by Internet giants like Google, with critics arguing it would be copied by autocratic regimes around the globe who want to censor the Internet.

This article was from Agence France Presse and was legally licensed through the NewsCred publisher network.

An illustration picture shows projection of binary code on man holding aptop computer in Warsaw

GAO sees room for improvement in bank cyber security exams

(Reuters) – U.S. banking regulators must hire and train more examiners with technology expertise so they can give more useful cyber security recommendations to small and mid-sized banks, a federal watchdog agency has warned.

A new report from the U.S. Government Accountability Office identified the issue as one of several that banking regulators need to address as cyber security threats become more prevalent and sophisticated.

For example, the names, addresses, phone numbers and email addresses of some 83 million household and small business account holders were exposed last year when computer systems at JPMorgan Chase & Co were compromised by hackers, one of the biggest data breaches in history.

Multiple U.S. regulators, including the Federal Deposit Insurance Corporation (FDIC) and the Federal Reserve, examine banks and other financial institutions that take deposits. Examiners’ findings may include how the institutions can improve their cyber security practices.

Each of the regulators employs dozens of examiners with specialized technology expertise, but typically assigns those examiners to the largest banking institutions, the GAO said.

Examiners with “little to no” information technology expertise generally examine small and mid-sized banks. Their findings may not be as “specific or useful” as those from more experienced counterparts, the GAO said.

The various regulators have been trying to improve their oversight of bank technology, the GAO noted. For example, the FDIC imposed a four-course training requirement for examiners in 2010 to boost their technology know-how. Three-quarters of examiners had completed between one and three courses as of the end of 2014.

Among the GAO’s other concerns: regulators are not collecting and storing technology exam findings in a way that makes it easy to search industry-wide trends.

The regulators, in letters to the GAO, said they are ramping up their systems for categorizing the data.

Many U.S. credit unions are also vulnerable to cyber threats from outside vendors that help run their businesses because their overseer, the National Credit Union Administration (NCUA) lacks authority to review technology practices of those companies, the GAO said.

The GAO has long been pushing to expand the NCUA’s authority. But credit unions themselves and their vendors have been resistant to the idea, calling it a regulatory overreach.

The NCUA is the only federal banking regulator that does not have the power to examine third-party vendors, which range from large companies such as Fiserv or Diebold, to small companies that only serve credit unions.

(Reporting by Suzanne Barlyn; Editing by David Gregorio)

This article was written by Suzanne Barlyn from Reuters and was legally licensed through the NewsCred publisher network.

The cybersecurity industry’s billion dollar scam

The cybersecurity industry’s billion dollar scam

This article originally appeared on The Next Web

hacking

The cybersecurity industry can be romanticized as a crime-fighting cabal of protectors facing off against hackers to keep the Internet safe. In this version of the story, there are good guys and bad guys, and the good guys do everything they can to keep their adversaries at bay.

Unfortunately, this is just a story. The reality is that cybersecurity is a corrupt industry that needs bad guys to stay lucrative. Major security technology vendors are running a billion dollar con by selling software that they know won’t work. This scam makes them arguably more corrupt than the hackers themselves.

Broken Windows

First, let’s establish that the security industry is, in fact, broken. The global cybersecurity market is set to be worth $75 billion in 2015 and experts estimate it will more than double to $155.74 billion by 2019. Companies are spending billions and billions of dollars on cybersecurity technology to protect themselves against security incidents, which are rising rapidly.


mobile security laptop fingerprint

According to Price Waterhouse Coopers, the total number of security incidents has increased 66 percent year-over-year since 2009. In 2014, there were 117,339 incoming attacks a day, an increase of 48 percent over the year before, accompanied by a rise in financial losses. Not only are these attacks more frequent and expensive, but they are also happening on a larger scale – 77 million records stolen from JPMorgan, 80 million records stolen from Anthem, Target, Home Depot, Sony, and the list goes on.

The connection between more cybercrime and more spending is clear. What is not clear is that more spending on security technology has actually done anything to curb the crime. Most of the security products out there use 20th century technology against 21st century foes, and they are obviously failing.

Stale Bread

Tools from mainstream security vendors are primarily based on an outdated, antivirus approach that relies on having prior knowledge of an attack. Threats are detected by comparing a program’s software to known malware in a virus dictionary. If a piece of code matches an entry in the dictionary, this raises the red flag. 

Most of the security products available on the market are just a half-step better than old antivirus products. This method fails today because it only works if an attack has been seen before. Modern cybercriminals are more sophisticated than that. We are no longer looking at kids in a dorm room coming up with annoying little hacks.


0903_key

We are looking at professionals with the support of well-resourced crime syndicates and nation states who put millions of dollars into research and development. If you put a hundred million items on your security software’s blacklist, hackers will come up with an engineered attack that is the hundred millionth and one.

These approaches to security do not really protect anyone because what happened a day ago is not necessarily relevant to what is happening today. So beware of threat intelligence clouds, sandboxing, containerization, and white listing.  They are all based on stale information and don’t work.  

An Unholy Alliance

The companies that make these products sell them for millions of dollars, knowing that they won’t work. Then when they fail, the vendors ask for millions more dollars to tell their clients why they failed. It is a racket. Without the “robbers,” the “cops” have no business; the more breaches occur, the more money the cybersecurity companies make.

Why hasn’t this Unholy Alliance between hackers and cybersecurity vendors received more attention? And why do organizations keep buying their products? One factor is secrecy – the security industry is not transparent in an alleged effort to protect security, and this means that these inadequate products continue to sell and continue to fail. Marketing is another factor. It’s not the best product that wins, but the best marketed product.


EGYPT-POLITICS-ANNIVERSARY-DEMO

A handful of large security companies are spending vast amounts of money in a marketing land grab for customers. They are succeeding in confusing the marketplace and convincing CSOs to go with them, because no-one ever got in trouble for going with an established and respected security vendor.

A Better Way 

In order to be effective, security software can’t rely on prior knowledge. It has to somehow figure out what is happening without looking at a list, because that list is inevitably going to be stale and incomplete. A better approach is to use Big Data and machine learning, which make it possible to identify patterns and predict discrepancies in real-time based on actual circumstances, not old or useless information.

 The major security vendors are not taking this approach because it is in their best interest to keep the breaches happening. For this, they are just as culpable as the hackers themselves. In addition to developing new, better approaches for preventing attacks, startups also have an opportunity to realign the goals of the security industry to put customers’ best interest at the core.

Read Next: Superfish-style vulnerabilities in common security software could leave you open to cyberattacks

Image credit: Shutterstock

This article was written by John Prisco from The Next Web and was legally licensed through the NewsCred publisher network.

Security threats, hackers and shadow IT still plague health IT

Security threats, hackers and shadow IT still plague health IT

Security has long been a primary challenge in the health IT market, and two new reports help illustrate the vulnerabilities surrounding some of the most sensitive consumer data.

The health IT group HIMSS on Tuesday released its 2015 cybersecurity survey, finding that 87 percent of healthcare officials and information security workers polled identify cybersecurity as an increasing business priority within their organizations, but still report an alarming rate of intrusions.

Two-thirds of the nearly 300 respondents report that their organization had recently experience a “significant” cyber event, and many express little confidence in their ability to defend against zero-day attacks.

In a statement, HIMSS Vice President Lisa Gallagher calls the recent breaches in the healthcare sector a “wake-up call” that should remind the industry that the information held in medical systems is a high-value target, and that many firms need to take security more seriously.

“Healthcare organizations need to rapidly adjust their strategies to defend against cyberattacks,” Gallagher says. “This means implementing threat data, incorporating new tools and sophisticated analysis into their security process.”

Shadow IT is a big threat in healthcare

In a separate study, the security-software vendor Skyhigh Networks offers a sobering assessment of the extent of unauthorized applications and services running within healthcare organizations. As a result of that so-called shadow IT, the average healthcare firm is running 928 cloud services, more than 10 times the number that IT departments know to be in use, according to Skyhigh’s analysis.

In most cases, employees have no malicious intent when they use unauthorized tools to collaborate, develop software or share content, but in doing so they nonetheless introduce new security vulnerabilities — only 7 percent of the cloud services Skyhigh detected meet its standards for acceptable enterprise security and compliance.

As a starting point, Hopfer suggests that CIOs take an inventory of the cloud services running within their organizations to assess their security posture. The exercise of evaluating what types of applications employees are running can shed light on the tools they need to support the business objectives of the enterprise.

Safe cloud adoption in healthcare is crucial

“You don’t know what you don’t know, so the first thing CIOs can do to help their employees adopt the cloud safely is to discover all the services in use across the organization,” Rick Hopfer, CIO at Molina Healthcare, writes in an email. “Employees rarely have the information to determine whether a particular cloud application complies with organization’s security and compliance policies.”

The average healthcare employee uses 26 different cloud services, Skyhigh found. And those applications often have very different levels of security protections, highlighting the importance of the IT department working with the business units to ensure that cloud services are deployed safely and managed by the CIO’s team.

“We educate employees on which services are high-risk and provide them with cloud services that have best-in-class security capabilities and a great user experience,” Hopfer says.

[ Related: CIOs seek cybersecurity solutions, bigger voice in C-suite ]

As hackers grow more sophisticated and attacks mount, security is a primary concern for CIOs in all industries, but it carries a special importance in healthcare owing to the sensitivity of the data involved. Moreover, much of the information contained in health records is unalterable, and, taken in composite, makes for a remarkably full profile that criminals can put to use for all manner of fraudulent ends.

“It’s a social engineer’s dream,” says Mark Sander, a health IT veteran who co-founded the North Jersey CIO Roundtable. “You can change your driver’s license information. You can change your banking information. How do you change your biometric data? You can’t.”

This article was written by Kenneth Corbin from CIO and was legally licensed through the NewsCred publisher network.

The Trump Soho Hotel is seen in New York

Donald Trump’s hotel collection under possible credit card breach: blog

(Reuters) – Real estate developer Donald Trump’s string of luxury hotel properties, The Trump Hotel Collection, could be the latest victim of credit card breach, KrebsonSecurity reported, citing data shared by several U.S.-based banks.

Sources at the U.S. banks traced a pattern of fraudulent debit and credit card charges to accounts that had all been used at Trump hotels, the cyber crime and internet security blog said. (http://bit.ly/1ejWzzh)

Credit card data at various Trump properties in the United States, including those in Chicago, Honolulu, Las Vegas, Los Angeles, Miami and New York, could have been compromised, according to the report.

The attack “appears to extend back to at least February,” the blog said.

Hard Rock Hotel & Casino Las Vegas said in May that a malware attack may have allowed hackers to steal information of credit cards used at its locations.

This article was from Reuters and was legally licensed through the NewsCred publisher network.

Why the HealthCare.gov breach matters

Team GhostShell hacktivists dump data from US universities and hundreds of sites

It’s been some time since Team GhostShell was active, but the hacker group kicked into high gear, referenced “dark hacktivism” and started tweeting about hundreds of hacked sites and linking to dumps with plundered data. The group should sound familiar as back in 2012 the hacktivists pounded on government agencies such as the Pentagon, NASA, ESA, the Federal Reserve and Interpol before dumping 1.6 million records.

Who knows precisely why, but Team GhostShell tweeted numerous potential reasons for a new season of hacking such as:

@TeamGhostShell

GhostShell allegedly hopes hacks will raise awareness.

@TeamGhostShell

In other words, Team GhostShell is proving that the cybersecurity of many sites still stinks. 

@TeamGhostShell

According to Symantec:

Reports say that the data dumps reveal compromised account details numbering in the thousands at the lower estimate; however, this number is probably much higher. Information contained in the dumps supposedly includes emails, user names, addresses, telephone numbers, Skype names, dates of birth, and other personally identifiable information. Reports also say that some passwords were salted and hashed, while others were just hashed. Some passwords, however, were apparently stored in plain text. Unsurprisingly, there were several examples of the infamously weak “123456” password found in the data dumps.

Some of the hacks seem hard to explain, take the Smithsonian photo contest as an example, other than the group was just looking for any vulnerable site which can be exploited. Other “why-in-the-world-hack-it” sites included Socialblade, which was big into Digg by ranking the top 1,000 users, The Church of Jesus Christ of Latter-day Saints scripture citation and the Exploratorium in San Francisco. Symantec suggested the group previously liked to compromise “databases by way of SQL injection attacks and poorly configured PHP scripts.” The reason to dump the data from other sites might be for spite as Team GhostShell taunted @TrendMicro and @BoozAllen.

@TeamGhostShell

Governments allegedly won’t escape unscathed either as GhostShell mocked the US government in several tweets before adding:

@TeamGhostShell

The dumps are not focused on one country as the hacktivists tweeted “picking countries at random since you’re most likely not gonna find a single one well-protected.” Many tweets about hacked sites were from education institutions, but that is supposedly because the group “didn’t feel like copy/pasting gov databases all day.”

@TeamGhostShell

Regarding those educational institutions, the group said it was “leaking the most active edu sites on the net from (Alexa’s) top one million.”

Hacked by Team GhostShell

I’m not linking to the dumps as you can find them yourselves by scanning @TeamGhostShell’s tweets; you might not even want to click on the educational institutions listed as several of the specific URLs are down, result in a 403 forbidden access denied error, or a warning such as that on the University of Texas at San Antonio Office of Information Technology, which states “Access to the Web page you were attempting to visit has been blocked due to the reported presence of malware on the website.”

The hacks are not exclusive the US, but the following are a few US universities and colleges Team GhostShell claimed to have hacked and tweeted links to data dumps.

Universities and colleges:

Princeton University; University of Southern California; UCLA Electrical Engineering Department; University of Maryland “outlook” and its Department of Visual Arts in Baltimore; Texas A&M University’s science division; University of North Dakota; University of California with a weird URL starting with senate; Wittenberg University in Springfield, Ohio; Clemson University in Clemson, South Carolina; University of Wisconsin UWMilwaukee; Columbus State University (Georgia) Financial Aid site; California State University at Sacramento Engineering and Computer Science Department; University of Texas at San Antonio Office of Information Technology; Clarkson University Potsdam in New York; University of Miami College of Engineering; Portland State University in Oregon; University of Indianapolis Department of Music; Northern Arizona University in Flagstaff; University of South Carolina School of Medicine in Greenville; Idaho State University College of Pharmacy; Rice University Alumni at Houston, Texas; Old Dominion University in Norfolk, Virginia; the admission page for Bradley University in Peoria, Illinois; California Lutheran University; Deaf Studies Digital Journal Department of Gallaudet University in Washington, DC; Drury University in Springfield, Missouri; Florida International University Health Department; Saint Mary’s University of Minnesota “Graduate Professional Development for Educators;” Valdosta State University in Georgia and its Herbarium; another link led to a site asking asks users to pick either Southern University or A&M College in Baton Rouge, Louisiana; University of West Georgia in Carrollton; University of Nevada, Las Vegas, photo services; and Webster University in St. Louis, Missouri.

Links leading to hacks of the University of Michigan go to several different pages such as the University of Michigan initiative, its Surveys of Consumers, Michigan Channel and the University of Michigan’s Center for Education Outreach. A couple other links led to media servers for the University of Alabama in Huntsville and the media server for the Florida Institute of Technology in Melbourne.

Math departments: The hackers have been pwning math departments, tweeting links that lead to the University of Massachusetts’ Math Department; the University of Wisconsin Whitewater’s Department of Mathematics; and Montclair State University’s Teaching Information System for its Department of Mathematical Sciences Montclair in New Jersey.

Other colleges: Team GhostShell also said it hacked the New York Academy of Art; Illinois Institute of Technology; Chaffey College in Rancho Cucamonga, CA; Lanier Technical College in Oakwood, Georgia; The Scripps Research Institute which has campuses in California and Florida; Bevill State Community College in Alabama; Del Mar College; Metropolitan Community College in Omaha, Nebraska; and Mott Community College in Flint, Michigan.

Libraries: US college libraries thus far mentioned include Cornell University Library; the Mercer College of Medicine Library; Vassar College Library in Poughkeepsie, NY; the Moody Bible Institute’s Moody Library; and the Paul V. Galvin Library at the Illinois Institute of Technology in Chicago.

Other: Here are a few others linked to as hacked by GhostShell. State of New Jersey Department of Education; The Oregonian “your government” site; Minnesota State Colleges & Universities Academic & Student Affairs; and Arianna Huffington at The Huffington Post.

So far the hacks have been from all over the world, spanning numerous industries. The Fidelity Group is mentioned as is the Alliance for Coastal Technologies; another potential big ouchie the group claimed to have hacked is Los Alamos National Laboratory. But when looking at the link tweeted, it takes you to page that suggests visiting another site “if you are looking for the Supercomputing Challenge.”

I can’t guarantee those sites have been hacked, but Team GhostShell links to them as well to dumps allegedly from those US sites. As mentioned previously, the hacktivists mentioned governments, taunted FireEye and sneered at security products the group must not respect.

@TeamGhostShell

Team GhostShell’s Twitter account is on fire as the dumps continue on poorly secured sites; for Americans about to celebrate July Fourth, the bang of fireworks may not just be in sky but also in the cloud as GhostShell claims it will bring the pain to cloud providers too.

@TeamGhostShell

 

Rami Malek is Hollywood's Mr. Robot, but to Egypt he's Mr. Pride!

Rami Malek is Hollywood’s Mr. Robot, but to Egypt he’s Mr. Pride!

What’s hot in the US right now? Rami Malek!

Egyptian by ethnicity, American by nationality, the 34-year-old actor was born in Los Angeles and went on to make a name for himself in Hollywood after starring in guest-roles on several television shows before making his feature film debut in Night at the Museum.

With his big blue eyes, handsome features and brilliant acting skills, it’s no wonder that Malek is quickly rising to stardom in Tinseltown.

But what’s this heartthrob keeping his fans hooked on right now? His award-winning TV series “Mr. Robot,” alongside actors Christian Slater and Portia Doubleday. 

The show, created by Sam Esmail, revolves around a young, anti-social computer programmer (Malek), who works as a cybersecurity engineer during the day, but at night he is a vigilante hacker. He is recruited by the mysterious leader of an underground group of hackers to join their organization.

Malek’s task? Help bring down corporate America, including the company he is paid to protect, which presents him with a moral dilemma. Although he works for a corporation, his personal beliefs make it hard to resist the urge to take down the heads of multinational companies that he believes are running — and ruining — the world.

Mr. Robot racked up 2.7 million online views of the pilot episode, which was made available online four weeks prior to its cable debut. When the hit show finally had its USA Network debut last Wednesday, 3.7 million tuned in to watch Malek kick ass, reported The Hollywood Reporter.

© 2000 – 2015 Al Bawaba (www.albawaba.com) Provided by SyndiGate Media Inc. (Syndigate.info).

This article was from Albawaba.com and was legally licensed through the NewsCred publisher network.

China adopts national security law: Xinhua

BEIJING (Reuters) – China’s legislature adopted a national security law on Wednesday that covers everything from cyber security to activities in space, state news agency Xinhua said.

President Xi Jinping, who heads a newly established national security commission, has said China’s security covers a wide range of areas, including politics, culture, the military, the economy, technology and the environment.

The law would “protect people’s fundamental interests”, Xinhua said in a brief one-line statement.

Foreign business groups and diplomats have argued that the broadness of the national security law, passed by the standing committee of the National People’s Congress, constitutes a national security overreach.

(Reporting by Sui-Lee Wee; Editing by Paul Tait)

This article was from Reuters and was legally licensed through the NewsCred publisher network.

Search me: Google's 'Mobilegeddon' is good news

Compromised encryption is a threat to national security

Following recent security breaches that exposed the personnel records of as many as 14 million U.S. government employees, Federal officials launched a “30-day cybersecurity sprint” to beef up information security controls. The effort includes a mandate for the use of strong encryption on all U.S. government “public websites and web services by the end of 2016.”

So the government appears to get it. Encryption is needed to protect sensitive information on government websites. Of course, encryption is not always needed to provide good data security — it is a risk-based decision, whether to use encryption or not. But when it is needed it has to be strong and effective in order to secure data, prevent cyber-attacks and make us safer.

Unfortunately, the politics of security and surveillance is never quite that simple. In recent testimony before Congress, an Obama administration official asked tech companies to work with them to “prevent encryption above all else.” He urged companies to weaken the security of their products and services so that the government can access encrypted material without the knowledge of the user. The administration is floating a trial balloon suggesting that national security requires giving up the protection provided by strong encryption.

This approach gets the issue wrong. When the situation calls for encryption, using strong encryption strengthens our national security. Using weak encryption weakens us.

The tech industry understands this, and companies are continually working to provide products and services with the highest level of security protection, including, when needed, strong encryption. For instance, Google announced in 2014 that it would encrypt its email traffic with the same strong encryption that the administration has mandated for its websites by 2016. And Apple provides end-to-end encryption for their users’ communications and information stored on its devices. 

The industry is united in rejecting any proposal to deliberately weaken product security.  Companies are supportive of efforts in Congress to move legislation that would “ban the government from forcing tech companies to build weaknesses into their security systems.”

A coalition of industry and civil liberties groups recently endorsed the advantages of strong encryption, saying it “protects billions of people every day against countless threats—be they street criminals trying to steal our phones and laptops, computer criminals trying to defraud us, corporate spies trying to obtain our companies’ most valuable trade secrets, repressive governments trying to stifle dissent, or foreign intelligence agencies trying to compromise our and our allies’ most sensitive national security secrets.”

Despite this, Michael Hayden, who previously led the National Security Administration (NSA), says the agency feels “legally and ethically” free to exploit security vulnerabilities when “nobody but us” knows about them. But vulnerabilities intended for the U.S. government’s use will sooner or later be used by others. Inserting vulnerabilities into a secure system makes it less secure.

As a recent United Nation’s report says, “compromised encryption cannot be kept secret from those with the skill to find and exploit the weak points… …States should avoid all measures that weaken the security that individuals may enjoy online, such as back doors, weak encryption standards and key escrows.”

The current head of the NSA argues that a “split-key” proposal to require technology companies to create a digital key with separate pieces that could be held by different agencies is a “front door, not a back door.” But, as the Center for Democracy and Technology notes, this split-key proposal is just a different way to introduce vulnerabilities into a secure system. 

Any requirement to provide the government with technical access to otherwise secure systems would harm our national interest not only by reducing security, but also by pushing international customers of U.S. businesses to look to foreign providers. The Information Technology & Innovation Foundation (ITIF) recently reported that “the economic impact of U.S. surveillance practices will likely far exceed ITIF’s initial $35 billion estimate.”  A new mandate to ensure U.S. government access to U.S. technology products and services would only accelerate the flight of international customers to alternative providers.

The proposal could also harm the nation by equalizing security down. Once the U.S. government legitimizes a mandate for weakened encryption, other countries will follow, resulting in a security nightmare in which encryption keys for all ICT products and services are held by all major countries, including the most repressive regimes.

Computer and information networks and devices cannot provide perfect security. Indeed, today’s Internet still contains security vulnerabilities from the misguided policies of the last century. But our information infrastructure is far more secure than it would be in the absence of the availability of strong encryption. 

Rather than seeking to undermine data security for everyone except itself, the administration should ask companies to follow its own example — use strong encryption when it is needed.

The Cisco Systems logo is seen as part of a display at the Microsoft Ignite technology conference in Chicago

Cisco to buy OpenDNS for $635 million to boost security business

(Reuters) – Cisco Systems Inc <CSCO.O> said on Tuesday it would buy OpenDNS, a privately held cloud-based security company, for $635 million in cash and equity awards to beef up its security business.

Cisco has been buying a number of security companies to boost the business in the face of fast-growing, sophisticated cyber attacks.

OpenDNS provides network security service that block attacks, as well as malware, botnets and phishing threats. Cisco was part of a group that invested $35 million in OpenDNS in May last year.

The acquisition of San Francisco, California-based OpenDNS is expected to close in the first quarter of fiscal year 2016, Cisco said in a statement.

Cisco bought security advisory firm Neohapsis for an undisclosed sum this year and malware analysis company ThreatGRID in 2014.

The global cybersecurity market is estimated to grow to $170.21 billion by 2020 from $106.32 billion in 2015, according to market research firm MarketsandMarket.

Cisco’s shares were up 0.76 percent at $27.75 in premarket trading.

(Reporting by Abhirup Roy and Anya George Tharakan in Bengaluru; Editing by Savio D’Souza)

This article was from Reuters and was legally licensed through the NewsCred publisher network.