A Review of the Best News of the Week on Cybersecurity Management & Strategy

Cybersecurity professionals aren’t keeping up with training (CSO Online, Dec 05 2017)
While information security professionals agree that continuous training is important, they are too busy to keep up.

Gartner Says CIOs Can Use 2017 Hype Cycle for IT in GCC to Re-evaluate IT Spend (Gartner, Dec 07 2017)
CIOs in the Gulf Cooperation Council (GCC) can use Gartner, Inc.s 2017 Hype Cycle for IT in GCC to identify the most compelling emerging technologies as IT budgets are squeezed. The GCC is an alliance of six Middle Eastern countries Saudi Arabia, Kuwait, the United Arab Emirates, Qatar, Bahrain and Oman.

Quantum Computing Is the Next Big Security Risk (Wired, Dec 07 2017)
The 20th century gave birth to the Nuclear Age as the power of the atom was harnessed and unleashed. Today, we are on the cusp of an equally momentous and irrevocable breakthrough: the advent of computers that draw their computational capability from quantum mechanics.

Sponsored by LogRhythm
SIEM Magic Quadrant
Gartner Positions LogRhythm in SIEM Leaders Quadrant for 5th Consecutive Year. Get the report

Morrisons Supermarket held liable after employee leaks data (SC Magazine, Dec 01 2017)
U.K. Supermarket chain Morrison’s was found liable, in a first of its kind data leak class action suit, for the actions of a former employee who stole and leaked company data.

Man blocks employer’s tracking with chip packet, plays 140 rounds of golf (Naked Security – Sophos, Dec 04 2017)
Colella had a junk food habit. In particular, he liked Twisties – corn-based, cheese curl crunchy snacks, available mainly in Australia. Like most chips, Twisties are packaged in shiny foil bags that combine aluminum and mylar plastic. In other words, the bags are electrically conductive and thus make excellent Faraday cages for mobile devices.

Study: Simulated Attacks Uncover Real-World Problems in IT Security (Dark Reading, Dec 05 2017)
Some 70% of simulated attacks on real networks were able to move laterally within the network, while more than half infiltrated the perimeter and exfiltrated data.

NIST Releases New Cybersecurity Framework Draft (Dark Reading, Dec 06 2017)
Updated version includes changes to some existing guidelines – and adds some new ones.

NIST 1.1 tackles cybersecurity metrics, supply chain (SC Magazine, Dec 06 2017)
The second draft update of the landmark NIST CSF ups its value and ease of use.

Phishers Are Upping Their Game. So Should You. (Krebs on Security, Dec 07 2017)
“Not long ago, phishing attacks were fairly easy for the average Internet user to spot: Full of grammatical and spelling errors, and linking to phony bank or email logins at unencrypted (http:// vs. https://) Web pages. Increasingly, however, phishers are upping their game, polishing their copy and hosting scam pages over https:// connections — complete with the green lock icon in the browser address bar to make the fake sites appear more legitimate.”

“Crypto” Is Being Redefined as Cryptocurrencies (Schneier on Security, Dec 04 2017)
Lately on the internet, people in the world of Bitcoin and other digital currencies are starting to use the word “crypto” as a catch-all term for the lightly regulated and burgeoning world of digital currencies in general, or for the word “cryptocurrency” — which probably shouldn’t even be called “currency,” by the way.

The Trouble with Politicians Sharing Passwords (Troy Hunt, Dec 04 2017)
A UK politician’s tweeted about how she shares her credentials. Troy Hunt dug into her tweets (and those supporting her), and it became apparent this was becoming somewhat of a larger issue.

FCA: Banks Are Under-Reporting Cyber-Attacks (Infosecurity Magazine, Dec 07 2017)
UK regulator urges more openness for the good of the industry

Bitcoin Exchange NiceHash Hacked as Crypto-Currency Hits New Highs (eWEEK, Dec 08 2017)
As Bitcoin reaches all-time highs, concerns grow about the security and availability of online crypto-currency exchange sites.

Global security spending to reach $96 billion in 2018 (Help Net Security, Dec 07 2017)
Gartner forecasts worldwide enterprise security spending to total $96.3 billion in 2018, an increase of 8 percent from 2017. Organizations are spending more on security as a result of regulations, shifting buyer mindset, awareness of emerging threats and the evolution to a digital business strategy.

What’s on the horizon for security and risk management leaders? (Help Net Security, Dec 07 2017)
By 2022, cybersecurity ratings will become as important as credit ratings when assessing the risk of business relationships, Gartner analysts believe.

Uber’s Use of Wickr Raises Questions About Ephemeral Messaging Apps (Wired, Dec 07 2017)
According to pre-trial testimony, intelligence gathering teams at Uber used Wickr and another app called Telegram to discuss sensitive information.

Uber disguised $100,000 hacker payoff as bug bounty, claims Reuters (Naked Security – Sophos, Dec 07 2017)
Can a hacker’s extortion demand ever be paid off as though it were a bug bounty? Or is that a step too far?

Senate Dems Propose Jail Time for Execs for Concealing Breaches (Infosecurity Magazine, Dec 01 2017)
Anyone convicted of “intentionally and willfully” concealing a data breach would face fines and up to five years in prison.

Germany Preparing Backdoor Law (Schneier on Security, Dec 06 2017)
The German Interior Minister is preparing a bill that allows the government to mandate backdoors in encryption.

Anti-Phishing Firm IRONSCALES Raises $6.5 Million (SecurityWeek, Dec 05 2017)
An Israel-based startup that specializes in automated phishing prevention, detection and response, announced on Tuesday that it has raised $6.5 million in a Series A funding round.