CISO View – The Week’s Best News – 2017.12.01

A Review of the Best News of the Week on Cybersecurity Management & Strategy

More Training Won’t Reduce Your Cyber Risk (Harvard Business Review, Nov 27 2017)
Your plans should assume humans will make mistakes.

60 Cybersecurity Predictions For 2018 (Forbes, Nov 27 2017)
2018 cybersecurity predictions about attacks on the US government, authenticity in the age of fake news, privacy and GDPR, IoT and AI, cryptocurrencies and biometrics, the deployment of enterprise IT and cybersecurity, and the cybersecurity skills shortage.

The evil of vanity metrics (Help Net Security, Nov 30 2017)
Simply put, today’s vanity metrics are the “number of alerts” and “events per second.” They are easy to generate. Focusing on finding the sources of data and transitioning to a larger database scheme increases the number of events per second and, in turn, the number of alerts. The limit to these metrics is their inability to scale once capacity of the database ingestion is hit.

Sponsored by LogRhythm
SIEM Magic Quadrant
Gartner Positions LogRhythm in SIEM Leaders Quadrant for 5th Consecutive Year. Get the report

Please! No More GDPR Related Blog Posts! (KuppingerCole, Nov 24 2017)
You have heard it all before: May 25th, 2018, enormous fines, “you have to act now”, the “right to be forgotten”, DPO and breach notification. Every manufacturer whose marketing database contains your data will send you information, whitepapers, webinars, product information and reminders about GDPR. And they of course can “help” you in getting towards compliance. So you have set up a filter in your mail client that sorts GDPR messages directly into spam and #gdpr is muted in your Twitter client.

The future of cybersecurity is in high-speed quantum encryption (Futurism, Nov 27 2017)
A team of researchers has developed a new system that transmits quantum key distribution between five and ten times faster than existing tech.

Who Was the NSA Contractor Arrested for Leaking the ‘Shadow Brokers’ Hacking Tools? (Krebs on Security, Nov 27 2017)
In August 2016, a mysterious entity calling itself “The Shadow Brokers” began releasing the first of several troves of classified documents and hacking tools purportedly stolen from “The Equation Group,” a highly advanced threat actor that is suspected of having ties to the U.S. National Security Agency. According to media reports, at least some of the information was stolen from the computer of an unidentified software developer and NSA contractor who was arrested in 2015 after taking the hacking tools home.

How Facebook’s Annual “Hacktober” Campaign Promotes Cybersecurity to Employees (Harvard Business Review, Nov 29 2017)
With a month of security competitions, games, and T-shirts.

Mr. Robot eps3.7_dont-delete-me.ko – the security review (Naked Security – Sophos, Nov 30 2017)
We examine the latest security happenings in this week’s episode of Mr. Robot…

Thoma Bravo goes fishing, lands a Barracuda (Inorganic Growth, Nov 27 2017)
After four underwhelming years as a public company, Barracuda Networks will step off the NYSE in a $1.6bn take-private with Thoma Bravo.

McAfee Looks to Cloud with Skyhigh Acquisition (Dark Reading, Nov 27 2017)
McAfee agrees to buy CASB provider Skyhigh Networks, demonstrating a strong focus on cloud security.

Trend Micro Buys Immunio (Dark Reading, Nov 28 2017)
The acquisition is aimed at balancing the speed of DevOps with application security.

Qualys Buys NetWatcher Assets for Cloud-based Threat Intel (Dark Reading, Nov 30 2017)
The cloud security company plans to add threat detection, incident response, and compliance management to its platform.

Uber’s Security Slip-ups: What Went Wrong (Dark Reading, Nov 27 2017)
The ride-sharing company’s decisions leading to a 2016 data breach and its handling of the incident should serve as a cautionary tale for enterprises facing a breach.

Uber Data Hack (Schneier on Security, Nov 27 2017)
Uber was hacked, losing data on 57 million driver and rider accounts. The company kept it quiet for over a year. The details are particularly damning…

Why You Need a Cybersecurity Incident Response Plan (And How to Create One) (SC Magazine, Nov 29 2017)
“By failing to prepare, you are preparing to fail.” This simple wisdom from Ben Franklin is as valuable today as it was in the 18th century.

Alleged Chinese Intelligence Officers Indicted by DoJ (Infosecurity Magazine, Nov 28 2017)
Three men accused of hacking Western firms work for ‘security vendor’ Boyusec

Retail and Hospitality Breaches Declined Over Past 2 Years (Dark Reading, Nov 28 2017)
A drop in publicly disclosed breaches for the two industries is due in part to fewer point-of-sale breaches.

Four Important Best Practices for Assessing Cloud Vendors (Cloud Security Alliance Blog, Nov 24 2017)
When it comes to evaluating new vendors, it can be challenging to know how best to communicate the requirements of your vendor assessment process and ultimately select the right partner to help your business move forward — while at the same time avoiding the risk of a third-party security incident.

The modern security landscape is evolving: what you need to know (CSO Online, Nov 29 2017)
The emergence of apps, the cloud and other practices require rethinking security.

First US Federal CISO Shares Security Lessons Learned (Dark Reading, Nov 29 2017)
Greg Touhill’s advice for security leaders includes knowing the value of information, hardening their workforce, and prioritizing security by design.

Share on facebook
Share on twitter
Share on linkedin