A Review of the Best News of the Week on Cybersecurity Management & Strategy

Equifax Finds 2.4 Million Additional US Victims of its Data Breach (Dark Reading, Mar 01 2018)
Total of victims now at 147.9 million customers.

Intel tells committee it followed industry standards with Spectre/Meltdown reveal (SC Magazine, Feb 23 2018)
Intel is stating the reason behind its decision to not inform industry organizations and the federal government of crucial flaws in its processors is it was following established industry reporting standards designed to protect users until a fix is developed.

Here’s Why Splunk Is Buying Phantom for $350 Million (Fortune, Feb 28 2018)
For Splunk, the acquisition is a no-brainer. Phantom’s products help automate the work of IT security staff, many of whom use Splunk’s software to triage incidents within their security operations centers.

Sponsored by LogRhythm
SIEM Magic Quadrant
Gartner Positions LogRhythm in SIEM Leaders Quadrant for 5th Consecutive Year. Get the report

PhishMe Rebrands as Cofense After Acquisition (eWEEK, Feb 26 2018)
Phishing security vendor Cofense aims to provide a collaborative defense, enabling humans to become a stronger link in helping to improve email security.

A view of the global threat landscape: Cybercrime and intrusion trends (Help Net Security, Feb 26 2018)
Based on observed incidents, the 2018 CrowdStrike Global Threat Report established that the average “breakout time” in 2017 was one hour and 58 minutes. Breakout time indicates how long it takes for an intruder to jump off the initial system they had compromised and move laterally to other machines within the network.

Nearly Half of Cybersecurity Pros Solicited Weekly by Recruiters (Dark Reading, Feb 28 2018)
More than 80% say they are ‘open’ to new job offers, while 15% are actively on the search, a new (ISC)2 survey shows.

Bugcrowd Raises $26M to Expand Bug Bounty Platform (eWEEK, Mar 01 2018)
Managed bug bounty platform vendor looks to grow its business beyond vulnerability disclosures, to help organizations meet security compliance objectives.

Thales Data Threat Report: Increased security spend – in the wrong place (SC Magazine, Feb 23 2018)
Some 78 percent of organisations polled The Thales 2018 Data Threat Report plan on increasing their IT security spending in 2018, up from 73 percent globally in 2017, and including nearly 86 percent of US organisations.

New York is quietly working to prevent a major cyber attack that could bring down the financial system (Business Insider, Feb 27 2018)
With a lack of leadership from the federal government, New York is one of the first states to implement new cyber regulations. The state is quietly working to prevent a major cyber attack that could bring down Wall Street’s financial system.

Evaluating an Intelligence Vendor: Key Questions to Consider (SecurityWeek, Feb 25 2018)
There are virtually countless vendors and seemingly endless intelligence offerings. Given these conditions, it can be easy for even the most tenured professionals to lose sight of their organization’s needs and, more importantly, how to assess which vendor or offering is best suited for those needs.

10 Can’t-Miss Talks at Black Hat Asia (Dark Reading, Feb 23 2018)
With threats featuring everything from nation-states to sleep states, the sessions taking place from March 20-23 in Singapore are relevant to security experts around the world.

The Art of Disclosing Your Incident Response Strategy to the Public (IBM Security Intelligence, Feb 26 2018)
Any public incident response message should have three basic sections: a high-level description of the vulnerability, a summary of how it affects your systems and your response strategy.

Today’s Threat Landscape Demands User Monitoring (Infosec Island, Feb 27 2018)
By first building a baseline of normal user behavior across the network, and then matching new actions against a combination of machine learning and statistical algorithms, UBA exposes threats without relying on signatures or threat intelligence. If you’re investing in user monitoring as a facet of your program, here are suggestions—two tech, two human—to maximize your impact.

Industrial Cybersecurity Firm CyberX Raises $18 Million (SecurityWeek, Feb 27 2018)
Industrial cybersecurity startup CyberX announced today that it has raised $18 million in a Series B funding round, bringing the total amount received to date by the company to $30 million.

Why Cybersecurity Is More Difficult Today Than 2 Years Ago (Recorded Future, Feb 27 2018)
Research from analyst group ESG says a majority of cybersecurity professionals have found their jobs becoming more difficult over the last two years. They identify three main reasons: the dangerous threat landscape, the growing number of alerts they must respond to and prioritize, and a shortage in skilled employees — not because fewer people are entering the industry, but because the need has grown so quickly.

Cybersecurity pros don’t feel equipped to stop insider attacks (Help Net Security, Feb 28 2018)
Based on interviews with nearly 1,500 cybersecurity professionals over three years, Haystax Technology released a study that makes it clear that organizations are feeling the pressure from insider threats and are ramping up detection, prevention and remediation.

From IDF to Inc: The Israeli Cybersecurity Startup Conveyor Belt (SecurityWeek, Feb 27 2018)
Understanding Why Israel Produces Many Cybersecurity Firms Starts With Understanding the Talent That Israeli Defense Force (IDF) Unit 8200 Produces

A Sneak Peek at the New NIST Cybersecurity Framework (Dark Reading, Mar 02 2018)
Key focus areas include supply chain risks, identity management, and cybersecurity risk assessment and measurement.