DNeX, the multi-million-dollar technology giant, acquires the exclusive rights to offer EC-Council Global Services (EGS) cyber security services in Malaysia

In a landmark deal, Dagang NeXchange Bhd (DNeX) has through its wholly-owned subsidiary, DNeX Technology Sdn Bhd., signed an exclusive brand license agreement with EC-Council International Ltd to provide consultancy and advisory services based on the delivery model, methodology, and brand of EGS. EC-Council Global Services (EGS), the consulting arm of EC-Council group, recently signed an exclusive brand license agreement with DNeX Technologies, a publicly traded Kuala Lumpur based technology company. The agreement will allow, to provide consultancy and advisory services based on the delivery model, methodology, and brand of EGS. The RM 900 million-valued Dagang NeXchange Bhd, which has interest in oil and gas, power, and technology, is one of the prominent names in Malaysia. As of January 2, 11:37 AM, shares in DNeX were up 3 sen or 6.91% at 51.5 sen, giving it a market capitalization of RM912.79 million. The deal (and the applause from investors of DNeX) proves that the brand of EC-Council has power beyond the cybersecurity certification market and can compete globally in the consultancy industry. The an exclusive brand license agreement with EGS is to provide consultancy and advisory services based on the delivery model, methodology, and brand of EGS. EGS is a division of EC-Council that offers comprehensive services using a four-phased methodology to assess, block, correct, and defend the cyber security of its clients. DNeX Executive Deputy Chairman Datuk Samsul Husin said in a statement today “We are pleased to be working together with EC-Council to provide top notch cyber security consultancy and advisory in an increasingly growing market in the country.” The agreement will give DNeX access to EC-Council’s methodologies, enabling it to learn from cyber security implementation in key global economies. “With this licensing deal, DNeX will offer the holistic approach to cyber security of EGS and develop a cyber security framework that helps in identification, protection, detection, response, and recovery to cyber threats to clients in Malaysia,” said Jay Bavisi, group president of EC-Council. The positive response to the deal not only underlines the potential EC-Council has in other markets, but also indicates an increasingly positive attitude markets have towards the importance of cybersecurity. This turnaround is especially important in Malaysia, which experienced a leak of 46 million mobile users’ data, some leading to the creation of fraudulent profiles to make online purchases back in Oct 2017. Media Coverage: https://www.theedgemarkets.com/article/dnex-acquires-rights-offer-eccouncil-global-services-cyber-security-services-malaysia https://www.thestar.com.my/business/business-news/2018/01/03/dnex-shares-warrants-actively-traded/ https://www.theedgemarkets.com/article/dnex-offer-eccouncil-cybersecurity-services-malaysia https://www.utusan.com.my/bisnes/ekonomi/dnex-ec-council-kerjasama-tingkat-keselamatan-siber-1.583606 https://www.theedgemarkets.com/article/mpcorp-t7-global-mb-world-dnex-rhone-ma-mct-dnonce-bmedia-paramount-alcom-and-prestariang

Western Nevada College Joins Forces with EC-Council to Transform Cybersecurity in Northern Nevada

Western Nevada College (WNC) has joined forces with the International Council of E-Commerce Consultants (EC-Council) to strengthen the cybersecurity community in Northern Nevada by implementing the EC-Council | Academia series. EC-Council’s Academic channel supports the most prestigious colleges and universities throughout the US and around the world with the most robust cybersecurity programs and offerings. More corporations, individuals, and governments are experiencing cyber-attacks worldwide, boosting high salary career opportunities and demand for skilled professionals. This prompted the college to integrate EC-Council’s certification courses, including: Certified Network Defender (CND), Certified Ethical Hacker (CEH), and Computer Hacking Forensics Investigator (CHFI) into their program. The WNC Cybersecurity degree track now incorporates industry-recognized, stackable credentials, preparing students for both degree completion and to join the workforce post-graduation. EC-Council’s job-focused certifications are known as the most challenging in the industry and they map to the widely recognized National Initiative for Cybersecurity Education (NICE) framework. “We are very excited to partner with Western Nevada College and play a role in strengthening the cybersecurity community in Northern Nevada. Combating the growing cybersecurity threat landscape often starts with higher education communities developing skilled professionals who are ready to make an impact and start their careers. We are confident our partnership with Western Nevada College will highly impact the local community in Northern Nevada” said Wesley Alvarez, Director of Academics, U.S. Anthem, Equifax, Home Depot, and Target are just some of the corporations violated by hackers in recent years, receiving negative press while compromising consumers’ social security, driver’s license, and credit card numbers, as well as other personal information such as birthdates and addresses. Now more than ever there is a need for businesses to protect their customers. That protection comes from information and technology professionals trained in hands-on, tactical cybersecurity. WNC will be able to fill that need in Northern Nevada with plans to launch a robust cybersecurity program using the EC-Council | Academia series. “As we become more technologically bound, securing and defending the critical infrastructure of IT becomes of primary significance,” said Dave Riske, a Computer Information Technology/CISCO Technology/IS instructor at WNC. “Western Nevada College IT Advisory Board members have identified the need for instilling a security mindset in technical employees. Board members have expressed concerns from businesses throughout Nevada.” Through this partnership, Western Nevada College will become the first college in Northern Nevada to offer tactical cybersecurity training and education, helping bridge the wide skill-gap in the area and give their students an added advantage over others in the region. “The goal of this project is to prepare IT professionals for applied security positions able to effect change in their networked computer environment and services,” Riske said. “Current training opportunities in the Northern Nevada area for these skills rely on ‘boot camp’-style training seminars provided by commercial organizations. These training camps are often far more expensive than a college course and focus primarily on certification and less on acquisition of skills and knowledge. By offering an industry-sanctioned curriculum leading to industry certifications recognized by the National Security Agency and the Department of Defense, as well as meeting the Committee on National Security Systems training standards, WNC will be providing a vital training opportunity to today’s IT workforce. This makes EC-Council an ideal partner, providing reputation, longevity, currency and relevance in the Cybersecurity/Information Assurance field,” Riske says. Students who complete this proposed program will be prepared to work in the industry as computer user support specialists, computer network support specialists, forensics analysts, security analysts, network defenders, computer repairers, and many more positions, all priority STEM occupations. Currently, WNC offers Information Technology training leading to IT industry certification opportunities with Cisco, Microsoft, TestOut, Linux Professional Institute, and the Project Management Institute, many of which are on the Nevada Eligible Industry Credentialing List as provided by Office of Workforce Innovation for a New Nevada. These certification opportunities prepare students to demonstrate competence in numerous technical areas. These existing courses and certification programs will provide the foundational background to ensure students are prepared for advanced certifications in cybersecurity and information assurance. Individuals interested in studying cybersecurity at WNC may contact Riske at [email protected]. About WNC Western Nevada College is a comprehensive community college that serves more than 5,000 students each year within a five-county area, spanning more than 10,000 square miles. Since 1971, Western Nevada College has helped students embark on the road to success by preparing them for a variety of careers through associate and bachelor degrees, industry certifications and workforce training. WNC offers exemplary academics, small classes, affordability and student satisfaction. Many Western grads become leaders in their communities and excel in their professions. With campuses in Carson City, Minden, and Fallon, and multiple online degrees and classes, Western is able to meet many students’ needs, whether they are residing in remote parts of Nevada or trying to fit in their education while balancing their commitments to work and family. For more information visit https://www.wnc.edu/. About EC-Council EC-Council has been the world’s leading information security certification body since 2002. EC-Council is a member-based organization that certifies individuals with various information security and e-business skills. It is the owner and creator of the world famous Certified Ethical Hacker (CEH), Computer Hacking Forensics Investigator (CHFI), EC-Council Certified Security Analyst (ECSA), and Licensed Penetration Tester (LPT) programs, and as well as many others programs. EC-Council Foundation, the nonprofit branch of EC-Council, created Global CyberLympics, the world’s first global hacking competition. For more information, https://staging-new.eccouncil.org/academia.

27 of the Biggest Data Breaches in 2017

4 Factors Influencing the Penetration-Testing Skill Gap

The skill gap in the cybersecurity industry is at an all-time high, much like a race against time. To combat this persistent issue, organizations are searching for various new ways to help bridge the skill gap through implementing courses and programs in cybersecurity. A report by Indeed revealed that the cybersecurity skill gap is worst in Israel, where only 28.4% of the demand for cybersecurity professionals is met. Only in Canada and the U.S. does the supply of cybersecurity job seekers exceed 50% of employer demand. Nowhere does the job seeker supply meet the demand of the employers. Not keeping up with an organization’s skill requirements could lead to a significant skill gap in the industry. This has led to an excess workload for existing staff, the hiring and training of junior level employees, and the inability to fully utilize security technologies to their complete potential. These skill gaps can be injurious to an organization’s cybersecurity and to a penetration-tester’s profession. Take a look at some of the factors increasing the penetration-testing skill gap and learn what you can do to safeguard your future. 1. Lack of First-Hand Experience Extraordinary penetration testers who have no prior experience in the field are very few and far between. This makes penetration testing a very tough line to get into because no organization approves of hiring a penetration tester who has zero prior experience. In fact, most organizations suggest that having prior penetration-testing experience gives the penetration tester an advantage over those who have none. Penetration testers should have a deep knowledge of how networks work and should be able to navigate through a system’s network, compromise it, and provide a concise report––with solutions––without any help from prompters. This skill set is only acquired through hours of system or network administration work experience. 2. Lack of Proper Methodology and Skill Development It is important to remember that penetration testing is a strategically planned test that depends on various methodologies and not just an activity based on fortune and fate. With hands-on experience, penetration testers ought to be able to use the right methodologies to compromise a system. Companies often look for candidates with knowledge of various methodologies and skills, including: Web Application, Information Gathering, Denial of Service, Networking Protocols, Pivoting, Port Forwarding, MiTM, Scripting, Coding, and many more. Penetration Test Report Writing is one of the most crucial roles of a penetration tester. Quite often, if an organization finds that a report does not contain clear details about the tests conducted, information obtained, and suggestions on how to alleviate vulnerabilities exposed, then it can result in a misinterpretation of the danger at hand, leaving the organization exposed and vulnerable. 3. Lack of Qualifications The key element that 51% of hiring managers look for in a candidate’s resume is one or more hands-on and credible penetration-testing certifications that confirm the applicant is qualified in penetration testing. Sixty-one percent (61%) have a minimum requirement of a Bachelor’s Degree and 23% prefer those with a Master’s Degree. Organizations are also prone to favor applicants who demonstrate an understanding of advanced concepts and tools, as well as possess an advanced skill set––which includes knowledge of networking and network protocols, mastering an operation system, and the ability to code or script. A certification with a realistic approach will provide the organization with the confidence that the penetration test will be carried out by individuals who are up to date with the latest knowledge, skills, and abilities that real attackers use to compromise systems. 4. Lack of Strategizing While some penetration tests have a set target, others require ample amounts of information gathering and strategizing. Many penetration testers often rely on tools to carry through an assessment. However, a great penetration tester is able to strategize beyond the use of tools through the initiation of a strong methodological plan that is followed throughout the test. Implementing self-learning methods to stay abreast of the latest hacking trends is one way to bridge the skill gap in the industry. With approximately 200,000 malware attacks per day, organizations are moving toward cybersecurity professionals, like penetration testers, to strengthen their Information Security. The solution to bridging the penetration-testing skill gap lies in the fact that penetration testing is more of a commodity to current and future digital enterprises, where security and privacy are concerned. With the right education and opportunities, more individuals will join the cybersecurity industry, thus alleviating the gap in the industry. Join us on 14 March 2018 to learn more about what EC-Council’s plan is to help individuals scale the unscalable mountain of cyber capability. Book your seat to be a part of our biggest announcement! Sources:http://blog.indeed.com/2017/01/17/cybersecurity-skills-gap-report/http://burning-glass.com/wp-content/uploads/Cybersecurity_Jobs_Report_2015.pdfhttp://burning-glass.com/wp-content/uploads/Burning-Glass-Report-on-Cybersecurity-Jobs.pdfhttps://www.cybrary.it/forums/topic/digital-organizations-face-a-huge-cybersecurity-skills-gap/https://www.mcafee.com/ca/resources/reports/rp-hacking-skills-shortage.pdfhttps://blog.barkly.com/cyber-security-statistics-2017

5 Reasons Why Penetration Testing is Imperative for Your Organization

Cybersecurity is of utmost importance, especially in today’s world. Our world is connected through a fragile network that deals with internet banking and government infrastructure as DoS attacks, website defacement, and other cyber-attacks are on the rise. Global cybercrime costs saw an increase of approximately 27.4% in the last year alone. Of late, 85% of the companies in the UK and the U.S. have fallen victim to phishing attacks (9 out of 10 phishing emails carried malicious ransomware). The number of newly evolved ransomware attacks in 2017 is over 4 times more than in 2016. An organization is hit with a ransomware attack every 40 seconds; at least 71% of these attacks are successful. The time taken, on an average, for a company to resolve even one of these attacks is 23 days. Penetration Testing (or Pen Testing) is a method of evaluating the security of an information system by simulating an attack from a malicious source. In simple terms, it is an authorized test to establish how weak your organization’s cybersecurity is and what you can do to strengthen it. Sadly, not many companies are comfortable with the idea of reassessing their security budgets. It is time for organizations to re-think the security of their cyberspace with the help of penetration testers. Here are a few reasons why you should hire a penetration tester: 1. Security Tools vs. Penetration Testers Every company has their own set of cybersecurity tools––like encryption codes, anti-virus software, and vulnerability scanning––but how sure are you that these tools will be able to protect you in a live attack? Penetration testers are trained to think beyond the normal and navigate their way through even the toughest of barriers using a base of open-source methodologies like Open Web Application Security Project (OWASP), PTES, NIST800-115, PCI DSS, Information Systems Security Assessment Framework (ISSAF), Open Source Security Testing Methodology Manual (OSSTMM), etc. as basic road-map. They go one step beyond a vulnerability assessment by providing defense in depth; this also includes exploiting the vulnerabilities identified during Perimeter Testing, Database Penetration Testing, Log-Management Penetration Testing, Cloud Penetration Assessment, Network Security Assessment, Wireless/ RAS Assessment, Telephony Security Assessment, File Integrity Checking, and other assessments. 2. A Fresh and Advanced Opinion Often, a person falls into a set pattern of performing tasks when completed on a day-to-day basis. This is also the case with ethical hackers employed in a company. While following a schedule is generally a great advantage for an organization, it is not the case with penetration testing. A penetration tester is trained to identify the threats through a new approach, as well as determine the probability of an attack on information assets, ensuring a better Return on Investment (RoI) for IT Security. They provide assurance that the company is operating with an acceptable limit of information security risks, and are to do so in compliance with the regulations and industry standards. 3. Attacks a Single Target as a Whole You have just learned the various tools and techniques of ethical hacking, but is that enough to carry you through a full-scale penetration test? It is in a moment like this that the penetration tester’s skills and hands-on experience to stimulate a real-life cyber-attack is important. By using various methodologies to perform advanced attacks they can identify Structured Query Language (SQL) injections, Cross-Site Scripting (XSS), LFI, and RFI vulnerabilities in the organization’s web applications and infrastructure. It is through hands-on experience and hours of implementing knowledge and skill into practice that a penetration tester is able to expose several vulnerabilities for a single target by aiming a combination of methodologies at the organization’s cybersecurity. Very often, a single attack will not show the penetration tester any vulnerabilities in the organization’s cybersecurity. However, when a single target is obtained and attacked by various simultaneous attacks, it could lead to a breach in an organization’s cybersecurity; thus, exposing a vulnerability. 4. Penetration-Testing Report Writing Every penetration tester is trained to provide in-detail, industry-level approved documentation of their findings. This report generally includes a detailed usage of methodologies: an attack narrative, evidence and corroboration of any successful penetration findings, and documentation of any security flaws. Apart from the findings, the report also includes remediation details to prevent any possible future malicious attacks on the organization. The penetration tester will also be able to advise you on what risks must be addressed first based on the amount of risk exposure it involves. This report will enable the organization to make decisions on implementing security controls in the organization and patch any flaws. This also enables the organization and the penetration testers to keep track of the exploits performed and the information accumulated. 5. White-Box vs. Black-Box Testing White-box testing is the method in which the penetration tester has an authorized view of the internal structure of the organization; black-box testing provides the penetration tester with little-to-no information about the organization’s infrastructure. While white-box testing is certainly a cheaper option, it may not be the best option for your company––where security is concerned––as it is highly possible that many threats can go unnoticed. Black-box testing gives the company the perfect “real-life” perspective from an unauthorized hacker’s point of view. This enables the penetration tester to conduct an unbiased test, as they will be working independently. It also tests the environment the program is running in and is perfect for large applications. Test cases can also be designed immediately, as the tester does not have to wait for the development to be completed. The penetration testers who follow black-box methodology use various application scanners––such as Boundary Value Analysis (BVA), equivalence partitioning, error guessing, domain analysis, and many more techniques––to find and exploit vulnerabilities. Only 38% of global organizations claim they are prepared to handle a sophisticated cyber-attack––while the estimated average cost of a data breach in 2020 is said to exceed $150 million. This makes penetration testing a boardroom agenda. Apart from the aforementioned reasons, a trained penetration tester is considered one of the…

Penetration Testing Career Track – Addressing the Skills Gap

With the rise of ransomware, social engineering, and identity theft, organizations are no longer surprised that the biggest threat to them is literally right under their nose. According to the latest Data Breach Investigations Report that analyzed 2,260 breaches globally, it took attackers just minutes or less to compromise systems in more than 93 percent of breaches. Against this backdrop, digital enterprises have a choice: either ignore the risks, and face the eventuality of a serious cyber-attack or take informed, proactive steps to protect the business and brand. The benchmark for a successful security strategy has gone beyond simply relying on robust testing tools that only skim the surface of the complicated problem Today, organizations can improve their security programs in several ways, including black-box Penetration Testing, threat modeling, code reviews, etc. but these efforts are hampered by constraints such as time, cost, and the reluctance (or legal obligation not) to share information with third parties. Regardless of the challenges, security teams must strive to achieve a high level of security assurance while working within these constraints. While remaining compliant to industry standards and frameworks, organizations today need certified and highly skilled Penetration Testing resources and fewer false positives to continuously innovate and focus on the core business, without compromising their security. When it comes to top tier penetration testers, companies require qualified individuals with up-to-date knowledge of the latest vulnerabilities and techniques used by real attackers. Given this, organizations have a choice to either have penetration testers following checklists and using automated tools without the innate ability and skills to defend organizations, or address this lack of Penetration Testing skills by investing in training. Much has been written about the cybersecurity skills gap, and employers play a role in this problem, as pointed by the recent survey by conducted by Vera code and DevOps.com. Source: Tripwire, Security Skills Gap Survey As a part of its continuous effort to align the skills of Penetration Testers to the abilities and techniques of an advanced attacker, EC-Council has a range of programs to build better penetration testers. The Certified Ethical Hacker Program (CEH) program teaches students the fundamental knowledge they need to understand how hackers think and operate. The EC-Council Certified Security Analyst (ECSA) Program requires that candidates to demonstrate their skills based on the penetration testing framework methodology. LPT Exam Challenges Represent the Current Threat Scenario The LPT (Master) learning track ensures that successful candidates have the knowledge of advanced tools and techniques used by hackers, the skills to apply critical penetration testing methodologies, and finally, the ability to use attacking techniques against a real world enterprise network. Candidates prove their abilities in an environment with multiple network segments, firewalls, Demilitarized Zones (DMZ), various operating systems, access control policies, and layers of security controls. The successful LPT (Master) candidate proves that they have the ability to follow a standard, repeatable penetration testing methodology to achieve a consistent result i.e.  skills they can immediately put to use to protect their organization.

Arnhem, Netherlands, September 2017 – Icttrainingen.nl named the first official Dutch provider of EC-Council online security training.

EC-Council is proud to announce its first official partnership agreement for online training in The Netherlands with Icttrainingen.nl. This partner agreement means that security professionals can now benefit from the high-quality IT security training of EC-Council at Icttrainingen.nl via their online delivery platforms. These trainings use extensive videos with instructions, practice lab environments, and knowledge tests. They are available at multiple levels of knowledge and are fully online. Online students are able to follow the same curriculum as students taking in-person training for less cost and more convenience and are fully prepared and associated certifications. Patrick Kieviet, Director of icttrainingen.nl, is pleased with the collaboration, saying “Security is an issue of growing importance and the need to properly protect your business infrastructure is growing. Many organizations need to train their staff on cybersecurity skills and EC-Council offers a wonderful addition to our existing range of security training. As a result security specialists can even better prepare for the complex issues of modern IT organizations with icttrainingen.nl.” EC-Council is hopeful the partnership will help train the next generation of security experts and leaders in the region as cybersecurity laws and requirements gain more complexity in Europe. Jay Bavisi, CEO of EC-Council, said “We are proud to announce this partnership with Icttrainingen.nl, a leading training center in The Netherlands, and we foresee a bright future working together to train cybersecurity professionals of all levels.” About icttrainingen.nl Icttrainingen.nl is the IT elearning specialist in the Netherlands. At www.icttrainingen.nl, IT professionals and professional users of IT applications can already have a wide range of high-quality online trainings, liveLabs and trial exams for over five years. Icttrainingen.nl combines these online trainings with a knowledge community for and by IT professionals. Through this unique online learning concept, IT professionals can work on their personal development in a flexible and cost-effective manner. There are training courses offered for Microsoft, Cisco, Oracle, Microsoft Office, Linux and IT Security. For more information, please contact: Patrick Kieviet: 026-840 29 41. E: [email protected] W: www.icttrainingen.nl

MOU Signed with World’s Largest Cybersecurity Technical Certification Body.

PSB Academy’s School of Engineering and Technology signed a Memorandum of Understanding with the International Council of E-Commerce Consultants (EC-Council) , the world’s largest cybersecurity technical certification body , to launch skills-based training programmes targeted at enhancing cybersecurity awareness and capabilities among professionals in the information and communications technology (ICT) sector in Singapore. According to Communications and Information Minister Yaacob Ibrahim , there were 15,000 vacancies in the sector last year.