A Review of the Best News of the Week on Cybersecurity Management & Strategy

Gamers are strong candidates for cybersecurity (McAfee, Apr 06 2018)
Nearly all (92 percent) of respondents believe that gaming affords players experience and skills critical to cybersecurity threat hunting: logic, perseverance, an understanding of how to approach adversaries and a fresh outlook compared to traditional cybersecurity hires.

Insider Threat Detection replaces Ailing DLP (Gartner Blog Network, Apr 05 2018)
“Gartner-analyst colleagues who cover DLP tell me that old versions of DLP, especially on the endpoint, are either dead or seriously ill. As many Gartner clients attest to, endpoint DLP often doesn’t produce actionable results for them.”

Facebook knew for years scammers were harvesting users’ details with phone number searches. Did nothing (Graham Cluley, Apr 06 2018)
Facebook knew that most people would never bother to change the setting, and at the same time pressured users to enter a phone number when creating an account or during verification.

Sponsored by LogRhythm
SIEM Magic Quadrant
Gartner Positions LogRhythm in SIEM Leaders Quadrant for 5th Consecutive Year. Get the report

Delta, Sears Hit by Card Breach at Online Services Firm (SecurityWeek, Apr 05 2018)
Delta Air Lines, Sears Holdings and likely other major companies have been hit by a payment card breach suffered last year by San Jose, CA-based online services provider [24]7.ai.

Best Buy Hit by [24]7.ai Payment Card Breach (SecurityWeek, Apr 06 2018)
After Delta Air Lines and Sears Holdings, Best Buy has also come forward to warn customers that their payment card information may have been compromised as a result of a breach suffered by online services provider [24]7.ai.

10 Women in Security You May Not Know But Should (Dark Reading, Mar 30 2018)
The first in a series of articles shining a spotlight on women who are quietly changing the game in cybersecurity.

Worldwide spending on security solutions to reach $91 billion in 2018 (Help Net Security, Mar 30 2018)
Worldwide spending on security-related hardware, software, and services is forecast to reach $91.4 billion in 2018, an increase of 10.2% over the amount spent in 2017.

College Kids Turn to Crypto-Mining, Riddling Higher-Ed Networks (Infosecurity Magazine, Mar 30 2018)
Students are more likely to perform crypto-mining personally as they don’t pay for power, the primary cost of crypto-mining.

Hack the Defense Travel System’: DoD Extends its Bug Bounty Program (Dark Reading, Apr 02 2018)
The fifth US Department of Defense bug bounty program, launched with HackerOne, will target a DoD enterprise system used by millions.

RSAC onDemand: A new way to experience RSA Conference (Help Net Security, Apr 03 2018)
RSA Conference announced the addition of RSAC onDemand to its RSAC AdvancedU education program. AdvancedU at RSA Conference is a series of programs that teaches cyber-awareness for children, provides outreach to college students to introduce and encourage a career in information security and supports education throughout the various stages of a career within the industry.

US Gas Pipelines Hit by Cyber-Attack (Infosecurity Magazine, Apr 04 2018)
Third-party provider is targeted as firms scramble for workarounds

What’s new at RSAC 2018? (Help Net Security, Apr 05 2018)
With the most significant global information security event just around the corner, we caught up with Sandra Toms, VP and Curator, RSA Conference, to find out what attendees can expect in San Francisco, April 16-20, 2018.

Nessus Turns 20! (Tenable Blog, Apr 05 2018)
“Twenty years ago this week, I released the first public version of Nessus. Little did I know at the time the profound impact it would have both on the industry and on me personally.”

How to hire a chief privacy officer (SC Magazine, Apr 05 2018)
Do not be misled — the CPO is not just another position where you give someone a job title and hope they grow into the position. The responsibilities are varied, highly focused, and carry with them some rather unusual job peculiarities.

Georgia cybercrime bill has security execs baffled (SC Magazine, Apr 04 2018)
The governor of Georgia may be within a month of signing a law that would make it a criminal offense for white hat hackers and bug bounty hunters to find vulnerabilities in computer systems residing in that state.

The Cybersecurity Mandates Keep On Coming (Dark Reading, Mar 30 2018)
There’s a good reason for the proliferation of mandates like the one in New York state, but companies may struggle to answer this question: “Are we in compliance?”

3 Security Measures That Can Actually Be Measured (Dark Reading, Apr 03 2018)
The massive budgets devoted to cybersecurity need to come with better metrics.

Improved Visibility a Top Priority for Security Analysts (SecurityWeek, Apr 05 2018)
Security Analysts Require Improved Visibility as well as Improved Threat Detection

Cyberinsurance Tries to Tackle the Unpredictable World of Hacks (Wired, Apr 06 2018)
Insuring against hacks and breaches can be a lucrative business—but also presents unique challenges.

Accused LinkedIn, DropBox Hacker Appears in US Court After Diplomatic Battle (Dark Reading, Mar 30 2018)
Russian national indicted for the 2012 LinkedIn hack that led to the theft of 117 million passwords has been extradited from the Czech Republic to the US.