A Review of the Best News of the Week on Cybersecurity Management & Strategy

Equifax Names New CISO (Dark Reading, Feb 13 2018)
Former Home Depot CISO takes the reins in the wake of Equifax’s massive data breach and fallout.

Gartner Provides Seven Steps Security Leaders Can Take to Deal With Spectre and Meltdown (Gartner, Feb 15 2018)
Security and Risk Management Leaders Need to Take a Balanced Approach to Tackling a New Class of Vulnerabilities

Cybersecurity job fatigue affects many security professionals (CSO Online, Feb 12 2018)
Infosec professionals face occupational hazards such as long hours, high stress levels, and career frustration that can lead to mental health issues.

Sponsored by LogRhythm
SIEM Magic Quadrant
Gartner Positions LogRhythm in SIEM Leaders Quadrant for 5th Consecutive Year. Get the report

Stealth Security reels in $8 million investment from Shasta Ventures to root out bad bots (TechCrunch, Feb 14 2018)
The 4-year old startup wants to help you defend against automated bot attacks. Today, the company announced an $8 million Series A investment, funded by Shasta Ventures. Today’s round brings the total raised to $12.5 million, according to Crunchbase.

Endpoint security suites must have these features (CSO Online, Feb 13 2018)
Endpoint security vendors must be a one-stop endpoint security shop — providing such things as anti-malware, anti-exploit, EDR and hybrid deployment options — if they want to compete.

One in Three SOC Analysts Now Job-Hunting (Dark Reading, Feb 12 2018)
The more experienced a SOC analyst gets, the more his or her job satisfaction declines, a new survey of security operations center staffers shows.

BAS and Red Teams Will Kill The Pentest (Gartner Blog Network, Feb 14 2018)
With our research on testing security methods and Breach and Attack Simulation tools (BAS), we ended up with an interesting discussion about the role of the pentest. I think we can risk saying that pentesting, as it is today, will cease to exist (I’ll avoid the trap to say “pentesting is dead”, ok? :-)).

Top Federal Government Security Trends for 2018 (Axiomatics, Feb 12 2018)
Secure data sharing remains a challenge among intelligence agencies and many other federal departments when dealing with highly sensitive information. Data sharing across departments, agencies, as well as state/local governments must meet the requirements of each agency, while ensuring that overall mission objectives are met.

Eight Technical Tips for CISOs Racing Against the GDPR Clock (eWEEK, Feb 11 2018)
The EU’s GDPR is the most sweeping change to data protection in the past 20 years. C-level executives everywhere are scrambling to get a handle on what it means to their organizations and how they are going achieve compliance.

Worldwide spending on blockchain services to reach $8.1 billion in 2021 (Help Net Security, Feb 12 2018)
A new forecast from IDC shows worldwide spending on blockchain services growing from $1.8 billion in 2018 to $8.1 billion in 2021, achieving a compound annual growth rate (CAGR) of 80%.

Facebook Increases Bug Bounty Payout After Audit (SecurityWeek, Feb 09 2018)
Facebook decided to increase a researcher’s bug bounty payout after discovering that that a bug he reported could lead to account takeover.

A UMD alum’s cybersecurity company is setting up shop in College Park (The Diamondback, Feb 12 2018)
The company, which helps other businesses protect themselves from cyber attacks, was formed in August and has raised more than $125 million from investors since.

What CISOs prioritize in order to improve cybersecurity practices (Help Net Security, Feb 13 2018)
35 percent of CISOs surveyed said that employee training is a top priority for improving security posture in the financial sector.

MSSPs Waste Hours of Time on False Alerts (Infosecurity Magazine, Feb 12 2018)
A full 44% of respondents report a 50% or higher false-positive rate on security alerts.

Here’s what keeps your CISO up at night (Help Net Security, Feb 14 2018)
Currently, 37 percent of firms have engaged a managed security services provider (MSSP) to help monitor and manage cyberthreats.

Filing Deadline for New Infosec Law Hits NY Finance Firms (Dark Reading, Feb 14 2018)
Endpoint security vendors must be a one-stop endpoint security shop — providing such things as anti-malware, anti-exploit, EDR and hybrid deployment options — if they want to compete.

Intel Expands Bug Bounty Program, Offers up to $250K (Dark Reading, Feb 14 2018)
Microprocessor giant adds vulnerability-finding category for Meltdown, Spectre-type flaws.

Kaspersky Files New Lawsuit Over U.S. Government Software Ban (SecurityWeek, Feb 14 2018)
Kaspersky Lab has filed a new lawsuit over the U.S. government’s decision to ban its products in federal agencies, this time challenging the National Defense Authorization Act (NDAA).

Data breach fatigue requires better response planning (CSO Online, Feb 13 2018)
Customers may view data breaches as common, but companies have to nail the response, or risk a consumer backlash.