A Review of the Best News of the Week on Cybersecurity Management & Strategy
Crypto-Mining Attacks Emerge as the New Big Threat to Enterprises (Dark Reading, Feb 01 2018)
Attackers looking to hijack systems for illegally mining digital currencies have begun eyeing business systems, security vendors say.
This Security Shit’s Hard and It Ain’t Gonna Get Any Easier (Securosis Blog, Jan 30 2018)
“Microsoft released a patch to roll back a patch that fixed the slightly-unpatchable Intel hardware bug because the patch causes reboots and potential data loss. Specifically, Intel’s Spectre 2 variant microcode patch is buggy. Just when we were getting a decent handle on endpoint security with well secured operating systems and six-figure-plus bug bounties, this shit happened. Plus, we probably can’t ever fully trust our silicone or operating systems in the first place. Information security is hard. Information security is wonderful. Working in security is magical… if you have the proper state of mind”
Tenable, Cylance Disclose Revenue Metrics (SecurityWeek, Jan 30 2018)
Cylance reported revenue of more than $100 million last year, which the company says represents a year-over-year growth of 177 percent. Tenable announced record billings of more than $250 million in 2017, which it says represents a 45 percent growth.
Sponsored by LogRhythm
SIEM Magic Quadrant
Gartner Positions LogRhythm in SIEM Leaders Quadrant for 5th Consecutive Year. Get the report
Estimating the Cost of Internet Insecurity (Schneier on Security, Jan 29 2018)
“It’s really hard to estimate the cost of an insecure Internet. Studies are all over the map. A methodical study by RAND is the best work I’ve seen at trying to put a number on this. The results are, well, all over the map”
The “working with an MSSP” Tome Is Here (Gartner Blog Network, Jan 30 2018)
Among lots of exciting new content (this is indeed a looooong document :-)), a new guidance framework for those looking for (and eventually hiring) an MSSP:
Wrangling Backoffice Security in the Cloud Age: Part 2 (Securosis Blog, Jan 26 2018)
This is the second part in a two-part series (later paper) on managing increased use and reliance on SaaS for traditional back-office applications.
Security Explorations Launches New Research Program (SecurityWeek, Jan 30 2018)
After 10 years of conducting complex research often without expecting any monetary rewards, Poland-based Security Explorations has now decided to launch a commercial offering that gives organizations the chance to gain exclusive or non-exclusive access to the company’s most interesting and unique projects.
4 things CISOs should stress to the board of directors about cloud security (CSO Online, Jan 31 2018)
1. The cloud is just another risk
2. Native public cloud security is not enough
3. Cloud security is not a different type of security
4. A prevention philosophy includes securing the cloud
The Check Point 2017 Global Threat Intelligence Trends Report (Check Point Blog, Jan 31 2018)
An increase in the use of Cryptocurrency Miners.
A decrease in exploit kits.
An increase in scam operations and Malspam.
The Mobile malware trend towards enterprises.
British businesses could face huge fines if they don’t shape up on cyber security (CNBC, Jan 29 2018)
Firms dealing with critical infrastructure could face heavy fines if they don’t put thorough safeguards in place to deal with cyber-attacks.
Israeli cybersecurity co Hysolate raises $8m (Globes, Jan 29 2018)
The Tel Aviv-based Team8 portfolio company has developed disruptive hybrid endpoint architecture.
Building a coping mechanism for data breaches (Help Net Security, Jan 31 2018)
“Data breaches may be daily news, but they will always be a significant worry for business stakeholders. It is the IT team, however, that have to deal with the technical side of breaches. Here’s my view on establishing a coping mechanism.”
Cryptomining – is it the new ransomware? (Naked Security – Sophos, Feb 01 2018)
SophosLabs just published a technical report about cryptomining – on your Android device, via apps from Google Play, no less.
2018 Industry Analyst Cybersecurity Predictions (SecureWorks Blog, Jan 31 2018)
According to Gartner, “By 2021, at least half of small and midsize enterprises will use managed services to secure their infrastructure, up from less than 20% today.”
The New Cyber Landscape: More Threats, But Fewer Security Professionals (The Akamai Blog, Jan 26 2018)
ISACA predicts that by 2019 there will be a shortage of two million cyber security professionals globally. And in a survey released by ESG and ISSA in November 2017, 70% of respondents stated that security skills shortages were impacting their organization.
Lieberman Software Acquired by Bomgar (Dark Reading, Feb 01 2018)
Secure access vendor Bomgar has acquired identity management firm Lieberman Software in the latest in a string of cybersecurity consolidation moves over the past few weeks.
Does The U.S. Need a National Cybersecurity Safety Board? (SecurityWeek, Feb 02 2018)
It is time, suggest two academics from Indiana University-Bloomington, for Congress to establish a National Cybersecurity Safety Board (NCSB) as an analogue of the National Transportation Safety Board (NTSB), to improve the level of cybersecurity in the U.S.