A Review of the Best News of the Week on Cybersecurity Management & Strategy

What Cybersecurity Chiefs Can Learn From Warren Buffett (Forbes, Dec 20 2017)
Buffett’s principles of money can be applied to tech more readily than you thought.

How Can CISOs Choose Among Limitless Security Options with a Limited Budget? (SC Magazine, Dec 18 2017)
One of the best practices is to actually set up an environment where they can emulate the hostile threat landscape that’s trying to steal their organizations’ information. They can simulate common attacks such as malware.

Hold North Korea Accountable for WannaCry—and the NSA, Too (Wired, Dec 19 2017)
As the US government points the finger at North Korea for the WannaCry ransomware epidemic, it also needs to acknowledge the role of its leaked hacking tools.

Sponsored by LogRhythm
SIEM Magic Quadrant
Gartner Positions LogRhythm in SIEM Leaders Quadrant for 5th Consecutive Year. Get the report

Letter submitted in lawsuit alleges Uber hacked competitors’ networks (SC Magazine, Dec 18 2017)
Jacobs alleges in the letter that Uber accessed an unnamed competitor’s protected computer database containing driver employee information, for the purpose of luring these drivers to Uber instead.

Keeper Sues Ars Technica Over Reporting on Critical Flaw (SecurityWeek, Dec 21 2017)
Keeper Security has filed a lawsuit against Ars Technica and reporter Dan Goodin over an article covering a serious vulnerability found by a Google researcher in the company’s password manager.

Fixing Data Breaches Part 3: The Ease of Disclosure (Troy Hunt Blog, Dec 20 2017)
“On Monday I talked about the value of education; let’s try and stop the breach from happening in the first place. Then yesterday it was all about reducing the impact of a breach, namely by collecting a lot less data in the first place then recognising that it belongs to the person who provided it and treating with the appropriate respect. Today, I want to focus on the ease of disclosure.”

MSP: Is Your New Digital Service Compliant? (Cloud Security Alliance Blog, Dec 15 2017)
Each managed services provider is likely to be covered by at least one of four compliance standards, based on who they do business with.

Why staging a fake attack is only real thing to keep you secure (CSO Online, Dec 21 2017)
How the Napa County fires opened my eyes to the readiness – or lack thereof – most of us are to a real disaster, physical or digital.

Be a More Effective CISO by Aligning Security to the Business (Dark Reading, Dec 21 2017)
These five steps will you help marshal the internal resources you need to reduce risk, break down barriers, and thwart cyber attacks.

Train your employees — before someone else does (CSO Online, Dec 18 2017)
Slashing overhead often means cutting training budgets, but unintended side effects often include employee attrition, poor performance, or even breach of your organization and loss of intellectual property.

Businesses Fail in Risk Modeling and Management (Dark Reading, Dec 18 2017)
Businesses struggle to quantify and manage risk, leading to wasted resources and oversight of major problems.

To 2018 and Beyond! A Look at Five Future Cyber Threats (SC Magazine, Dec 20 2017)
It’s that time of year when security professionals around the globe pontificate on what’s to come in 2018…

LinkedIn accused of chilling access to information online (Naked Security – Sophos, Dec 19 2017)
It’s an epic legal battle for the future of the internet, and it’s not net neutrality.

Amazon (AMZN) Plans to Snap Up Cybersecurity Startup Sqrrl (NASDAQ, Dec 20 2017)
Founded in 2012, Sqrrl makes secure database software for companies and institutions in all sectors, including finance and healthcare, among others. The company analyzes big data to hunt cyber-threats and help companies identify and address them at a faster pace.

Security Pros Waste 40 Hours Per Month Thanks to Inefficient Systems (Infosecurity Magazine, Dec 20 2017)
More than one-third of them also say their teams spend at least three hours a day on tasks that could be handled by better software.

Why incident response is the best cybersecurity ROI (CSO Online, Dec 18 2017)
Former White House CIO Theresa Payton says unexpected breaches can wreak havoc on a company’s bottom line. Proper IR planning can mitigate damage costs.

Ingram Micro Acquires Cloud Harmonics, Accelerates Cybersecurity Push – ChannelE2E (ChannelE2E, Dec 20 2017)
Ingram Micro has shifted its cybersecurity push into overdrive, acquiring Cloud Harmonics to “accelerate the security sales cycle and establish the company’s solution provider partners as trusted advisors in the security market,” the companies said today.

8 in 10 healthcare organizations lack chief cybersecurity officer (Healthcare Dive, Dec 20 2017)
…and just 11% plan to get a cybersecurity chief in 2018. Only 15% of respondents reported said they currently have a chief information security officer.