A Review of the Best News of the Week for CISOs and Security Pros

The Equifax Breach: What You Should Know (Krebs on Security, Sep 11 2017)
Here’s what you need to know and what you should do in response to this unprecedented breach…

What Are The Biggest Challenges Facing The Cybersecurity Industry? (Forbes, Sep 15 2017)
Two megatrends: (1) the exponential growth in data from business systems and the security sensors meant to protect those businesses and (2) the extreme and growing shortage of skilled cybersecurity personnel to analyze and respond to incidents illuminated by this data.

Rapid7 CEO: Rethink IT and security organizational structures (CSO Online, Sep 13 2017)
Corey Thomas sees siloed operations as a root cause of security vulnerabilities and a barrier to innovation and better user experience.

Sponsored by LogRhythm
SIEM Magic Quadrant
Gartner Positions LogRhythm in SIEM Leaders Quadrant for 5th Consecutive Year. Get the report

The Equifax Breach Was Entirely Preventable (Wired, Sep 14 2017)
The credit-reporting giant had more than two months to take precautions that would have defended the personal data of 143 million people from being exposed. It didn’t.

38% of Attorneys Fail to Disclose Cybersecurity Issues to Board (Dark Reading, Sep 08 2017)
Despite a movement to hold company directors responsible for security breaches at their organization, nearly 40% of in-house attorneys and general counsel fail to disclose security issues to their board, according to a survey…

Measuring security: Part 1 – Things that make money (Sober Security, Sep 11 2017)
For security software product managers, “Make sure you track time as part of your costs. Money is easy to measure, but people and time are often just as important.”

The CISO’s Guide to Managing Insider Threats (Security Intelligence, Sep 11 2017)
75 percent of survey respondents estimated insider threats cost their companies at least $500,000 in 2016, while 25 percent reported costs could exceed that amount.

Paul Vixie: How CISOs Can Use DNS to Up Security (Dark Reading, Sep 11 2017)
FarSight CEO and DNS master Paul Vixie visits the Dark Reading News Desk to explain how enterprises, not just telecoms and infrastructure providers, can use DNS to improve cybersecurity.

HHS CISO: 3 things hospitals should do right now to strengthen cybersecurity (Healthcare IT News, Sep 12 2017)
Health and Human Services chief information security officer Christopher Wlaschin said there are three steps that hospitals should be taking: 1) jump into the NH-ISAC, 2) treat your patching report like a P&L, 3) deploy multi-factor authentication….

Trump administration orders purge of Kaspersky products from U.S. government (Reuters, Sep 14 2017)
The Trump administration on Wednesday told U.S. government agencies to remove Kaspersky Lab products from their networks, saying it was concerned the Moscow-based cyber security firm was vulnerable to Kremlin influence and that using its anti-virus software could jeopardize national security.

A Deeper Dive Into GDPR: Due Diligence and Risk Mitigation (Gemalto blog, Sep 13 2017)
Breach notification should be, for all of us, the scenario of last resort. Fortunately, GDPR treats it as such and emphasizes preventative steps that protect data privacy. One of these steps is the expectation that organizations conduct due diligence to mitigate the organizational and technical risks to their data.