CISO View – The Week’s Best News – 2018.03.23

A Review of the Best News of the Week on Cybersecurity Management & Strategy

RSA Conference Innovation Sandbox Contest 2018 finalists announced (Help Net Security, Mar 20 2018)
RSA Conference announced the 10 finalists for its annual RSAC Innovation Sandbox Contest. The competition offers a leading platform for entrepreneurial cyber security companies to launch their research and innovation.

Microsoft launches $250,000 bug bounty for Spectre/Meltdown-like flaws (SC Magazine, Mar 20 2018)
Microsoft has kicked off a bug bounty program that could bring in between $25,000 and $250,000 to anyone able to find vulnerabilities similar to the now infamous Spectre and Meltdown.

More Effective Security Policies (Infosec Engineering, Mar 21 2018)
On my evening walk with my best friend this evening, I pondered the disconnect between security policies and security outcomes. Every organization I’m aware of has well intentioned security policies that enumerate important security objectives, for example the maximum amount of time to apply security patches to systems and applications.


Sponsored by LogRhythm
SIEM Magic Quadrant
Gartner Positions LogRhythm in SIEM Leaders Quadrant for 5th Consecutive Year. Get the report


Security Buyers Reveal Their Preferences (Gartner Blog Network, Mar 18 2018)
They report a mix of measures to address that need, including renegotiating contracts, consolidation of vendor portfolios, and shifting to services. The leading measure, by one percentage point, was a plan to reorganize and hire security staff with specialized skill sets. Given the widely reported difficulties in hiring security specialists, than plan may prove difficult to implement.

Quantum Computing and Cryptography: What You Need to Know (IBM Security Intelligence, Mar 15 2018)
Symmetric algorithms, such as Advanced Encryption Standard (AES), do not face the same existential threat as asymmetric algorithms, but the key sizes need to be doubled to provide the same level of protection. This is because Grover’s algorithm running on a quantum computer could provide a quadratic improvement in brute-force attacks on symmetric encryption algorithms.

The Security Spending Paradox (SecurityWeek, Mar 20 2018)
According to Gartner, worldwide security spending will reach $96 billion in 2018, up 8% from the 2017 spend of $89 billion. This statistic confirms that organization are incorporating emerging technologies in their existing security stack to minimize their cyber risk exposure. Meanwhile we’re experiencing a continuous increase in security incidents. Are these security investments paying dividends?

New whistleblower says Facebook turned a blind eye to covert data harvesting (Naked Security – Sophos, Mar 22 2018)
Sandy Parakilas, formerly responsible for policing data breaches, said ignorance was bliss and assumed to protect Facebook from liability.

Cybercriminals Launder Up to $200B in Profit Per Year (Dark Reading, Mar 19 2018)
Cybercrime funds make up 8-10% of all illegal profits laundered and amount to $80-200 billion each year.

Security – it shouldn’t just be the jewel in your crown, but your partners and suppliers too (Graham Cluley, Mar 20 2018)
They’re all mentioning Walmart. But it wasn’t Walmart that messed up its security, it was Limogés Jewelry, or if you prefer MBM Company Inc.

Have you evaluated the cost of a cloud outage? (Help Net Security, Mar 19 2018)
59 percent of respondents believe that dealing with cloud service interruptions is the primary responsibility of the cloud service provider. Eighty-three percent of respondents also believe that their organization’s cloud service provider is responsible for ensuring that their workloads and data in the cloud are protected against outages.

Coverity Scan Hacked, Abused for Cryptocurrency Mining (SecurityWeek, Mar 20 2018)
Coverity Scan, a free service used by tens of thousands of developers to find and fix bugs in their open source projects, was suspended in February after hackers breached some of its servers and abused them for cryptocurrency mining.

A Rubicon (Hoover Institution, Mar 20 2018)
Always interesting to read what Dan Geer has to say. Grab a coffee before plunging into this essay.

Google, Twitter Security Chiefs Leaving Companies (SecurityWeek, Mar 22 2018)
Michael Coates, the chief information security officer (CISO) of Twitter, announced on Wednesday that he has decided to leave the social media giant. Google’s Michał Zalewski has also announced his departure.

Debunking Common GDPR Myths (SecureWorks, Mar 14 2018)
Many impacted organisations remain unprepared for – and even unaware of GDPR, and to help mitigate risks of noncompliance, it’s critical to understand the realities of the new data protection laws.

Gartner unveils IT cost-optimization priority for CIOs (Help Net Security, Mar 20 2018)
“It’s not enough to simply reduce IT spending; CIOs must reinvest in growth and transformation to deliver more value. Those who fail to engage in optimization risk having savings decisions imposed on them by an advisory organization with less understanding of IT or digital technology opportunities.”

A Siri for Network Security: How Chatbots Can Enhance Business Agility (Infosec Island, Mar 19 2018)
Enterprises could utilize chatbots to accelerate and automate information-sharing across areas of the business in which data has traditionally been siloed and hard to get access to – such as between IT and security teams, and business application owners. For example, getting an answer to the simple question “Is network traffic currently allowed from this specific server to another specific server?” can be complicated.

Virsec Raises $24 Million in Series B Funding (SecurityWeek, Mar 20 2018)
Virsec, a cybersecurity company that protects applications from various attacks, today announced that it has closed a $24 million Series B funding round led by tech investment firm BlueIO.

Hack the State Department bill introduced (SC Magazine, Mar 21 2018)
Two congressmen have introduced a bill that would create a bug bounty program to challenge ethical hackers to find cyber weaknesses in the State Department.

Netflix Opens Public Bug Bounty Program with $15K Payout Cap (Threatpost, Mar 21 2018)
Netflix opens up bug bounty program to all white hat hackers and ups the ante for bugs to as much as $15,000.

US Federal Spending Bill Includes $380 Million for Securing Election Systems (Dark Reading, Mar 22 2018)
Spending bill includes election technology grants for states to shore up security of their voting systems, reports say.

Share on facebook
Facebook
Share on twitter
Twitter
Share on linkedin
LinkedIn