A Review of the Best News of the Week on Cybersecurity Management & Strategy

Just One-Third of Execs Have Heard of WannaCry (Infosecurity Magazine, Dec 13 2017)
CA Veracode claims execs are funding app splurge but ignoring security

Secrecy Is Dead. Here’s What Happens Next. (Wired, Dec 15 2017)
In the new world order, any information or data will be public information. Now we have to figure out how to live in a world without privacy.

One-third of IT Pros Plan to Switch Jobs in 2018 (Infosecurity Magazine, Dec 11 2017)
81% of respondents said it’s critical to have cybersecurity expertise, but only 19% have advanced cybersecurity knowledge.

Sponsored by LogRhythm
SIEM Magic Quadrant
Gartner Positions LogRhythm in SIEM Leaders Quadrant for 5th Consecutive Year. Get the report

WannaCry and NotPetya Had Little Impact on Security Spend (Infosecurity Magazine, Dec 11 2017)
Security teams still underfunded and under-appreciated, says AlienVault

Massive Uber data scraping and secret servers exposed in Waymo suit (Naked Security – Sophos, Dec 13 2017)
It’s old news that Uber has legal troubles on its plate – but the plot has thickened considerably in recent weeks.

2017 Forrester Wave: DDoS Mitigation Solutions report (Help Net Security, Dec 14 2017)
In their 36-criteria evaluation of DDoS mitigation providers, Forrester identified 11 of the most significant ones — Akamai Technologies, Arbor Networks, Cloudflare, F5 Networks, Fortinet, Huawei Technologies, Imperva, Neustar, Nexusguard, Radware, and Verisign — and researched, analyzed, and scored them.

Mirai botnet authors plead guilty (Naked Security – Sophos, Dec 14 2017)
The authors of the infamous Mirai botnet – used to launch record-breaking Distributed Denial of Service (DDoS) attacks last year that knocked major segments of the internet offline – have pleaded guilty to federal cybercrime charges.

Donna Dodson says changing infrastructure is among the biggest challenges in cybersecurity – Fedscoop (Fedscoop, Dec 15 2017)
As the chief cybersecurity adviser at the National Institute of Standards and Technology, Dodson is tasked with thinking about security at a standards and practices level. What does good cybersecurity practice look like? And how will this change as more and more devices come online?

MSSP is/and/or/vs MDR? (Gartner Blog Network, Dec 14 2017)
An astute reader may observe that even people without much imagination will notice that these overlap … a lot. On the other hand, a cynical [but perhaps no less astute!] reader may quip that “an MDR is simply an MSSP that knows how to detect actual threats and not just to monkey around with compliance.”

Former Botmaster, ‘Darkode’ Founder is CTO of Hacked Bitcoin Mining Firm ‘NiceHash’ (Krebs on Security, Dec 15 2017)
On Dec. 6, 2017, approximately USD $52 million worth of Bitcoin mysteriously disappeared from the coffers of NiceHash, a Slovenian company that lets users sell their computing power to help others mine virtual currencies. As the investigation into the heist nears the end of its second week, many Nice-Hash users have expressed surprise to learn that the company’s chief technology officer recently served several years in prison for operating and reselling a massive botnet, and for creating and running ‘Darkode,” until recently the world’s most bustling English-language cybercrime forum.

Creating a Meaningful Security Awareness Training Program Is a 12-Month Commitment (Infosec Island, Dec 11 2017)
You don’t see McDonald’s having burger month once a year, instead they hit you with information, ideas and promotions as often as they can afford to. Why? They want to integrate into the everyday decision-making process, they want you to have immediate brand recognition and immediate relevance. The security industry has a lot to learn from people who know how to make ideas stick and know how to influence behavior.

Automation Could Be Widening the Cybersecurity Skills Gap (Dark Reading, Dec 13 2017)
Sticking workers with tedious jobs that AI can’t do leads to burnout, but there is a way to achieve balance.

Netflix is developing its own cybersecurity products (Silicon Valley Business Journal, Dec 15 2017)
Netflix is developing its own security products in response to unique risks to its business.

Only 5% of Business Leaders Rethought Security After Equifax (Dark Reading, Dec 12 2017)
Corporate leaders know little about common security threats like ransomware and phishing, driving their risk for attack.

Cloud Security Startup ShieldX Networks Raises $25 Million (SecurityWeek, Dec 12 2017)
ShieldX Networks, a San Jose, Calif.-based cloud security company, announced that it has closed a $25 million Series B round of funding with participation from new investors including FireEye founder Ashar Aziz, Dimension Data and Symantec Ventures.

Synopsys Completes $550 Million Acquisition of Black Duck Software (SecurityWeek, Dec 11 2017)
Synopsys, a company that provides tools and services for designing chips and electronic systems, has completed its acquisition of Black Duck Software, a privately held company that offers solutions for securing and managing open source software.

Upstream Security Raises $9 Million to Protect Connected Cars Through the Cloud (SecurityWeek, Dec 13 2017)
Upstream Security, a Herzliya, Israel-based cybersecurity company that helps protect connected cars and autonomous vehicles from cyber threats, today announced that it has raised $9 million through a Series A funding round.

U.S. House passes legislation to create Cybersecurity and Infrastructure Security Agency (SC Magazine, Dec 12 2017)
The U.S. House of Representatives on Monday unanimously passed H.R. 3359, a legislation that would redesignate the Department of Homeland Security’s National Protection and Programs Directorate (NPPD) as the Cybersecurity and Infrastructure Security Agency (CISA).

Mr. Robot season 3 finale: shutdown -r (Naked Security – Sophos, Dec 14 2017)
This season’s final instalment of the Mr. Robot security review.

Cyber attack surface facts, figures and statistics for 2017 to 2022 (CSO Online, Dec 13 2017)
We’re seeing a massive expansion of internet-connected people, places and things — and securing all of them is a problem.