A Review of the Best News of the Week on Cybersecurity Management & Strategy

Alleged Spam Kingpin ‘Severa’ Extradited to US (Krebs on Security, Feb 05 2018)
Peter Yuryevich Levashov, a 37-year-old Russian computer programmer thought to be one of the world’s most notorious spam kingpins, has been extradited to the United States to face federal hacking and spamming charges.

Businesses with Apple and Cisco products may now pay less for cybersecurity insurance (TechCrunch, Feb 05 2018)
Apple and Cisco announced this morning a new deal with insurer Allianz that will allow businesses with their technology products to receive better terms on their cyber insurance coverage, including lower deductibles – or even no deductibles, in some cases.

Why companies need to implement a ‘zero trust’ approach to their cybersecurity model (TechRepublic, Feb 06 2018)
Instead of implicitly trusting, SMBs and enterprises must start explicitly trusting if they want to improve their security.

Sponsored by LogRhythm
SIEM Magic Quadrant
Gartner Positions LogRhythm in SIEM Leaders Quadrant for 5th Consecutive Year. Get the report

Why cybersecurity skills should be taught at business schools (TechRepublic, Feb 06 2018)
To be more secure, organizations need leaders who understand cybersecurity. If they want to accomplish either of those goals, companies and business schools need to become more tech and cyber savvy.

Researchers showcase automated cyber threat anticipation system (Help Net Security, Feb 06 2018)
A group of researchers is trying to develop an automatic early warning system that should help defenders take preventative action before specific cyber attacks start unfolding.

Best Practices, Unintended Consequences, and Negative Outcomes (Securosis Blog, Feb 08 2018)
“Requiring someone to come up with a password with a bunch of strange characters and rotate it every 90 days no longer improves security. Blocking password managers from filling in password fields? Beyond inane.”

8 trends in government tech for an enterprise-focused approach to IT (Help Net Security, Feb 06 2018)
Deloitte examined emerging trends in government technology, and highlighted eight trends that are shaping strategic and operational transformations and redefining IT’s role within the enterprise.

Uber’s Response to 2016 Data Breach Was ‘Legally Reprehensible,’ Lawmaker Says (Dark Reading, Feb 06 2018)
In Senate hearing, Uber CISO admits company messed up in not quickly disclosing breach that exposed data on 57 million people.

The Maddening thing about Metrics (Gartner Blog Network, Feb 05 2018)
“Don’t even talk about data and analytics as that is getting over-used abused, and mistaken for AI and ML (just the latest silver bullet). Focus on decision making and outcomes first. Data, and analytics, will follow.”

Home Network Cybersecurity Startup SAM Raises $3.5 Million (CTECH, Feb 07 2018)
Home network cybersecurity startup Securing SAM Ltd. has raised $3.5 Million in a seed round led by venture capital firm Blumberg Capital, the company announced Tuesday, coming out of stealth mode.

Maryland startup studio DataTribe launches cybersecurity funding competition (Baltimore Business Journal, Feb 09 2018)
“This is an opportunity to identify our next big thing,” said Bob Ackerman, co-founder of DataTribe and managing director of AllegisCyber.

Understanding Gartner, and its limitations (CSO Online, Feb 04 2018)
Using a Gartner MQ is a great way to get an initial list of some of the products in the particular space. But it is not the definitive list by any stretch of the imagination.

CISOs map out their cybersecurity plan for 2018 (SearchSecurity, Feb 05 2018)
Heading into 2018, CISOs recognize that implementing a successful cybersecurity plan isn’t about increased spending for the latest technologies.

What Should Businesses Expect in 2018? Five Data Breach Predictions for the New Year (SC Magazine, Feb 06 2018)
…some top challenges facing the cybersecurity industry in the year to come.

Every NHS trust tested for cyber security has failed, officials admit (the Guardian, Feb 06 2018)
The UK National Cyber Security Centre [NCSC] has said it was “highly likely” the attack was carried out by a North Korea cyber organisation known as the Lazarus Group.

Why developing an internal cybersecurity culture is essential for organizations (Help Net Security, Feb 07 2018)
ENISA published a report providing organisations with practical tools and guidance to develop and maintain an internal cybersecurity culture.

Organizations Spend a Whopping $16M per Year on Detection Tools (Infosecurity Magazine, Feb 06 2018)
Upfront costs are dwarfed by the human costs of managing and assessing the millions of alerts and false-positives these tools generate.

Proofpoint to Acquire Security Awareness Training Firm Wombat Security for $225 Million (SecurityWeek, Feb 06 2018)
Cybersecurity firm Proofpoint on Tuesday announced that it has agreed to acquire Wombat Security Technologies for $255 million in cash.

Risky Business (Part 3): The Beauty of Risk Transfer (SecurityWeek, Feb 07 2018)
Previously, I’ve talked about four primary risk treatment options: mitigate, avoid, accept, and transfer. Over the history of the security industry, we’ve tended to focus on mitigation. Implementing controls is where the action is.

Why Next-Gen Firewalls Can’t Replace CASBs (Cloud Security Alliance Blog, Feb 07 2018)
Providing security beyond the firewall typically requires a data-centric approach rather than a control-oriented approach. After all, with cloud and BYOD, the organization neither controls the applications nor the underlying infrastructure on which those applications reside.