A Review of the Best News of the Week on CISO Views

Equifax CIO, CSO Step Down (Dark Reading, Sep 15 2017)
Embattled credit-monitoring company names interim replacements for both positions and outlines more details about the massive breach.

The CCleaner Malware Fiasco Targeted at Least 20 Specific Tech Firms (Wired, Sep 20 2017)
The backdooring of security software CCleaner now appears to have been more of a targeted spying operation than a mere cybercrime scheme.

U.S. SEC says hackers may have traded using stolen insider information (Reuters, Sep 22 2017)
The top U.S. markets regulator said on Wednesday that hackers accessed its corporate disclosure database and may have illegally profited by trading on the insider information stolen.

Sponsored by LogRhythm
SIEM Magic Quadrant
Gartner Positions LogRhythm in SIEM Leaders Quadrant for 5th Consecutive Year. Get the report

OPM Data Breach Lawsuit Tossed, Fed Plaintiffs will Appeal (Dark Reading, Sep 21 2017)
A judge ruled federal employees cannot sue for damages from the 2015 Office of Personnel Management data breach.

Symantec’s Play for Splunk Ends After Review (Bloomberg, Sep 22 2017)
Symantec Corp. held talks to acquire Splunk Inc. but called them off after reviewing the analytics software company’s finances, people familiar with the matter said.

20 Questions to Help Achieve Security Program Goals (Dark Reading, Sep 13 2017)
There are always projects, maturity improvements, and risk mitigation endeavors on the horizon. Here’s how to keep them from drifting into the sunset.

Detection, Prevention & the Single-Vendor Syndrome (Dark Reading, Sep 13 2017)
Why security teams need to integrate ‘Defense in Depth’ principles into traditional solutions designed with integration and continuity in mind.

4 ways CISOs can improve security operations, increase ROI (CSO Online Network Security, Sep 13 2017)
Organizations will spend more on security operations, but CISOs need metrics to demonstrate ROI.

10 Hot Cybersecurity Funding Rounds in Q3 (Dark Reading, Sep 20 2017)
The first two quarters of 2017 have been the most active ever in five years from a cybersecurity investment standpoint. Here’s how the third quarter has shaped up.

GDPR & the Rise of the Automated Data Protection Officer (Dark Reading, Sep 19 2017)
Can artificial intelligence and machine learning solve the skills shortage as the EU’s General Data Protection Regulation deadline approaches?

ISO Rejects NSA Encryption Algorithms (Schneier on Security, Sep 21 2017)
The ISO has decided not to approve two NSA-designed block encryption algorithms: Speck and Simon. It’s because the NSA is not trusted to put security ahead of surveillance.

Equifax Breach: Setting the Record Straight (Krebs on Security, Sep 21 2017)
Bloomberg published a story this week citing three unnamed sources who told the publication that Equifax experienced a breach earlier this year which predated the intrusion that the big-three credit bureau announced on Sept. 7. To be clear, this earlier breach at Equifax is not a new finding and has been a matter of public record for months. Furthermore, it was first reported on this Web site in May 2017.

Equifax has been sending customers to a fake phishing site for weeks (Naked Security – Sophos, Sep 22 2017)
For years, we’ve known, and warned, about the dangers of typosquatting—domains that take advantage of misspelled company names—and cybersquatting—domains that borrow names of companies, public figures or other terms that exploit public interest in searching for those names.

DHS offers new details on Kaspersky ban — FCW (FCW, Sep 22 2017)
The Department of Homeland Security published the full text of its Kaspersky ban in the Federal Register just as the Senate voted to ban the company from federal networks as an amendment to the defense bill.

Securonix Raises $29M in Series A Funding (FinSMEs, Sep 22 2017)
Securonix, a Redwood Shores, CA-based big data security analytics provider, raised $29M in Series A funding.