A Review of the Best News of the Week on Cybersecurity Management & Strategy

SEC: Companies Must Disclose More Info on Cybersecurity Attacks & Risks (Dark Reading, Feb 22 2018)
New agency guidance statement also says company officials, execs can’t trade stocks if they have unannounced information on a security breach at the company.

Chase ‘Glitch’ Exposed Customer Accounts (Krebs on Security, Feb 22 2018)
Multiple Chase.com customers have reported logging in to their bank accounts, only to be presented with another customer’s bank account details. Chase has acknowledged the incident, saying it was caused by an internal “glitch” Wednesday evening that did not involve any kind of hacking attempt or cyber attack.

Is This The Year of Reckoning for the CISO – Part One (Infosecurity Magazine, Feb 20 2018)
Rather than just focusing on the number of attacks repelled (a statistic), security teams should share a short story, based on observed themes.

Sponsored by LogRhythm
SIEM Magic Quadrant
Gartner Positions LogRhythm in SIEM Leaders Quadrant for 5th Consecutive Year. Get the report

US sets up dedicated office for energy infrastructure cybersecurity (Help Net Security, Feb 19 2018)
The US government is setting up a new Office of Cybersecurity, Energy Security, and Emergency Response (CESER) at the US Department of Energy. The CESER office will focus on energy infrastructure security and enable more coordinated preparedness and response to natural and man-made threats.

C-Suite Divided Over Security Concerns (Dark Reading, Feb 21 2018)
Survey shows 60% of CEOs plan to invest the most resources in malware prevention, but CISOs, CIOs, and CTOs are on a different page.

WhatsApp Co-founder Invests $50 Million in Signal (SecurityWeek, Feb 22 2018)
Open Whisper Systems, the organization behind the privacy-focused messaging app Signal, announced on Wednesday the launch of the Signal Foundation, with an initial investment of $50 million from WhatsApp co-founder Brian Acton.

House Dems push for $1B in grants to secure election systems, introduce legislation (SC Magazine, Feb 15 2018)
A 56-page report from the Congressional Task Force on Election Security and introduced legislation the steps aimed at sewing up holes in U.S. election systems.

The Inconvenient Reality of Law Firm Security Challenges (IBM Security Intelligence, Feb 16 2018)
The American Bar Association’s Center for Professional Responsibility documented its own industry-specific guidance for protecting client information in its “Model Rules of Professional Conduct.” These rules involve not only understanding the technologies you’re using in your law firm, but also demonstrating reasonable efforts to properly handle and secure sensitive information.

Allentown Struggles with $1 Million Cyber-Attack (Infosecurity Magazine, Feb 21 2018)
The city’s critical systems have been hit by the malware known as Emotet, impacting both financial and public safety operations.

Savannah still suffering effects from cyberattack (SC Magazine, Feb 21 2018)
Savannah, Ga., is still in the process of recovering from a malware attack that took place last week that forced the city to shut down part of its computer system in an attempt to limit damage.

32 lawsuits filed against Intel over Spectre and Meltdown flaws (Ars Technica, Feb 16 2018)
Company also accused of failing to act in response to insider trading.

IT Risk Assessments Suffer From Lack of Automation, Planning: KPMG (eWeek, Feb 17 2018)
In assessing IT risks, a “reactive and siloed” approach—along with a lack of analytics and automation—is holding organizations back.

Cybersecurity co Morphisec raises $12m (Globes, Feb 19 2018)
Israel-based cybersecurity company Morphisec, which specializes in Moving Target Defense, has raised $12 million in a Series B round of funding.

Cybersecurity startup Penten scores AU$1.3m from Defence for cryptography (Zdnet, Feb 15 2018)
Australian cybersecurity firm Penten has received AU$1.3 million from the Department of Defence to develop a cryptography solution for the Australian Army.

The four myths hampering cybersecurity maturity (Help Net Security, Feb 20 2018)
Myth #1: Cybersecurity risk can be eliminated, Myth #2: There’s a cybersecurity silver bullet somewhere-we just haven’t found it yet, Myth #3: The security organization effectively operates as a silo, and Myth #4: Regulatory compliance = security

Hacker Detection Firm Vectra Networks Raises $36 Million (SecurityWeek, Feb 21 2018)
Vectra Networks, a cybersecurity firm that helps customers detect “in-progress” cyberattacks, today announced that it has closed a $36 million Series D funding round, bringing the total amount raised to date by the company to $123 million.

Introducing Cloud-based Endpoint Security for Managed Security Service Providers (Cisco Blog, Feb 20 2018)
Cisco announced a portfolio of cloud-based endpoint security solutions built specifically for MSSPs. This portfolio enables you to offer comprehensive security, visibility, and control of customer endpoints without any added hardware or complexity.

Risk and Compliance Management Moves Towards Collaboration (Infosecurity Magazine, Feb 21 2018)
A survey shows a greater need for collaboration on defense, monitoring and recovery across IT, security and compliance functions.

Do Business Leaders Listen to Their Own Security Professionals? (SecurityWeek, Feb 22 2018)
A new research report published this week claims, “A disconnect about cybersecurity is causing tension among leaders in the C-suite — and may be leaving companies vulnerable to breaches as a result.”

Structure of Cyber Risk Perception Survey Could Distort Findings (SecurityWeek, Feb 22 2018)
The purpose of a new report from cyber insurance firm Marsh, supported by Microsoft’s Global Security Strategy and Diplomacy team, is to examine the global state of cyber risk management: “This report provides a lens into the current state of cyber risk management at organizations around the world.”