A Review of the Best News of the Week on Cybersecurity Management & Strategy

How the Mimikatz Hacker Tool Stole the World’s Passwords (Wired, Nov 09 2017)
How a program called Mimikatz became one of the world’s most widespread and powerful hacking tools.

Twitter employee deleting POTUS account is a lesson for all companies (CSO Online, Nov 08 2017)
A trusted insider turned the lights out on Twitter account of President Donald Trump, reminding us all how superuser access can be abused.

Merck reveals losses in sales due to cyber-attack (EPM Magazine, Nov 06 2017)
Merck has revealed, in its third quarter earnings report, that the manufacturing disruptions related to the cyber-attack that happened earlier in the year led to $135 million in lost sales.


Sponsored by LogRhythm
SIEM Magic Quadrant
Gartner Positions LogRhythm in SIEM Leaders Quadrant for 5th Consecutive Year. Get the report


4 Ways the Next Generation of Security Is Changing (Dark Reading, Nov 03 2017)
The CISO’s job will get easier because of trends in the industry. Here are the four ways the security analyst role, and the forces around it, are evolving.

Big Brother isn’t just watching: workplace surveillance can track your every move (The Guardian, Nov 07 2017)
Employers are using a range of technologies to monitor their staff’s web-browsing patterns, keystrokes, social media posts and even private messaging apps

How a Tiny Error Caused Internet Outages Across the US (Wired, Nov 08 2017)
A simple misconfiguration spiraled into outages for internet service providers and large internet platforms around the US.

How GDPR affects your organization (Help Net Security, Nov 08 2017)
If your do business in Europe or if you have any electronic data associated with EU citizens, you will be required to have “State of the Art” security.

Hiring Outside the Box in Cybersecurity (Dark Reading, Nov 07 2017)
Candidates without years of experience can still be great hires, as long as they are ready, willing, and able.

How To Lower Cyber Insurance Premiums (Secure Thinking by Centrify, Nov 08 2017)
According to Lloyd’s of London, a massive global cyberattack could result in economic losses as high as $53 billion. But as businesses rush to insure, what exactly these policies cover, as well as the cost of premiums, is coming under scrutiny. A key question is whether or not non-malicious human activity is covered.

The military reportedly used a fake news story on Edward Snowden’s death to test its cybersecurity (Business Insider, Nov 10 2017)
The military reportedly used a fake news story of Edward Snowden’s death to test out the military’s cybersecurity — and it was “too successful.”

Global CISOs Unprepared for Evolving Threats (Infosecurity Magazine, Nov 07 2017)
According to 60% of CISOs, data breaches and exploits are driving change in organizations’ attitudes to security programs.

Department of Defense’s ‘Hack the Pentagon’ Bug Bounty Program Helps Fix Thousands of Bugs (Wired, Nov 10 2017)
The Department of Defense’s bug bounty program was a smashing success. And other government agencies have taken notice.

Virtual Reality Could Serve as a Cybersecurity Recruiting Tool (Dark Reading, Nov 06 2017)
A recent study finds 74% of millennials and post-millennials agree VR use in cybersecurity tools may entice them into an IT security career.

What is the cyber kill chain? Why it’s not always the right approach to cyber attacks (CSO Online, Nov 07 2017)
Lockheed Martin’s cyber kill chain approach breaks down each stage of a malware attack where you can identify and stop it, but be aware of how attack strategies are changing.

Top Ten: Cybersecurity M&A Deals (Infosecurity Magazine, Nov 08 2017)
Money is the blood in the veins of the M&A merry-go-round

Women in Cybersecurity: Things are changing… slowly (SC Magazine, Nov 08 2017)
“Last September, I attended a conference on cybersecurity and innovation, and I was impressed by the unusually strong energy and vibe in the room. For sure, one of the amazing things about this event was the glimpse it gave of the future of cybersecurity technologies, but equally striking to many who attended (including me) was the fact that about half of the speakers were women.”

Proofpoint acquires Cloudmark for $110M in cybersecurity consolidation play (TechCrunch, Nov 08 2017)
Proofpoint — which provides SaaS products to protect businesses’ email, social media and other services — announced that it would pay $110 million to acquire Cloudmark, another firm that provides security protection for messaging services, focusing specifically on serving the ISP and mobile carrier markets.

How Law Firms Can Make Information Security a Higher Priority (Dark Reading, Nov 08 2017)
Lawyers always have been responsible for protecting their clients’ information, but that was a lot easier to do when everything was on paper. Here are four best practices to follow.

Burnout, Culture Drive Security Talent Out the Door (Dark Reading, Nov 07 2017)
Security’s efforts to bridge the talent gap mean little when workers don’t want to stay in the industry.

Thinking Outside the Suite: Adding Anti-Evasive Strategies to Endpoint Security (Infosec Island, Nov 03 2017)
Given the recent surge of virulent, global malware and ransomware, anti-evasion defenses are a smart place to start augmenting existing endpoint security by layering on innovative, focused solutions.