A Review of the Best News of the Week on Cybersecurity Management & Strategy

Equifax data breach cost hits $242 million (SC Magazine, Apr 26 2018)
The massive data breach that compromised the data of 147.9 million Equifax customers last year has cost the company more than $242 million in related expenses, but luckily for the company, much of this cost has been covered by its cybersecurity insurance.

Atlanta Spent $2.6M to Recover From $52,000 Ransomware Scare (Wired, Apr 23 2018)
Whether to pay ransomware is a complicated—and costly—calculation.

RSAC 2018 in Review: Highlights, Key Sessions and Emerging Industry Trends (IBM Security Intelligence, Apr 24 2018)
RSAC brought together 45,000 security professionals and hundreds of exhibitors at a pivotal moment for the security industry. Last year, cybercrime was a $6 trillion industry.

Sponsored by LogRhythm
SIEM Magic Quadrant
Gartner Positions LogRhythm in SIEM Leaders Quadrant for 5th Consecutive Year. Get the report

Blockchain, Crypto, and Women; Musings from RSAC (Gartner Blog Network, Apr 23 2018)
three practical use cases for blockchain technology: Cryptocurrency and digital payments, Federated Identity; Bring your own identity, and Blockchain based advertising platforms

AWS Tips for Success: GDPR Lessons Learned (AWS Security Blog, Apr 24 2018)
GDPR is important. You need to have a plan in place if you process personal data of EU data subjects, not only because it’s good governance, but because GDPR does carry significant penalties for non-compliance.

DDoS-for-Hire Service Webstresser Dismantled (Krebs on Security, Apr 25 2018)
Authorities in the U.S., U.K. and the Netherlands on Tuesday took down popular online attack-for-hire service WebStresser.org and arrested its alleged administrators. Investigators say that prior to the takedown, the service had more than 136,000 registered users and was responsible for launching somewhere between four and six million attacks over the past three years.

Trump taps Army cyber chief as next NSA head (Politico, Apr 26 2018)
The move, which was long expected, would also put Paul Nakasone atop U.S. Cyber Command.

RSAC 2018: Dynamic? Dead? Disappearing? What’s Up With the Perimeter (The Duo Blog, Apr 23 2018)
Overheard at RSAC 2018: The disappearing perimeter. The data perimeter. The shifting perimeter. A dynamic perimeter. The death of the concept of a trusted network. Software-defined perimeters. Zero-trust security model.

TSB Bank Disaster (Schneier on Security, Apr 27 2018)
The very short version is that a UK bank, TSB, which had been merged into and then many years later was spun out of Lloyds Bank, was bought by the Spanish bank Banco Sabadell in 2015. Lloyds had continued to run the TSB systems and was to transfer them over to Sabadell over the weekend. It’s turned out to be an epic failure, and it’s not clear if and when this can be straightened out.

RSA 2018: Not As Messy As Before? (Gartner Blog Network, Apr 26 2018)
As I mentioned many times, I love the #RSAC conference, unlike many of my peers. I like the “industry in one room” vibe, the connections, the hallway insights and – yes – I even like the over-the-top vendor expo. And, no, I never said “50,000 lemmings can’t be wrong”, this is a fake quote

Introducing the New, Refined NIST Version 1.1 (Infosecurity Magazine, Apr 27 2018)
“According to Gartner, the framework is now used by 30% of US organizations and is projected to reach 50% by 2020.”

SamSam explained: Everything you need to know about this opportunistic group of threat actors (CSO Online, Apr 18 2018)
In 2015 and 2016, the compromise usually started with JBoss vulnerabilities. However, the group also targeted Microsoft’s IIS, FTP vulnerabilities, and RDP (Remote Desktop Protocol) instances exposed to the public. Lately, the group has started to focus on single-factor external access such as RDP or VPN.

The firms that piggyback on ransomware attacks for profit (Graham Cluley, Apr 25 2018)
“Don’t want to pay the ransom? Pay us, and we’ll pay it for you!”

A Look Inside the April Update to the MITRE ATT&CK Framework (Tripwire, Apr 19 2018)
In the April 2018 release, Initial Access is a new tactic which defines the attack vector which allowed the attacker into the environment. Previously, ATT&CK was all about what happens on the endpoints after the attacker is already in the environment but didn’t cover how to block or detect the attacker gaining that access in the first place.

Data Breach Notifications and Why Honesty is the Best Policy (Infosecurity Magazine, Apr 24 2018)
In the case of a data breach, it’s in a business’s best interest to be as honest with customers as possible.

Coviello: Modern Security Threats are ‘Less About the Techniques’ (Dark Reading, Apr 24 2018)
Today’s attack surface is broader, more open, and demands a proactive approach to security, according to former RSA chairman Art Coviello.

$8.76 million: The average yearly cost of insider threats (Help Net Security, Apr 25 2018)
Credential risk is the costliest type of insider incident at an average of $648,745 per event.

20 years ago today! What we can learn from the CIH virus… (Naked Security – Sophos, Apr 26 2018)
Don’t base your malware disaster recovery plans entirely around worms and Trojans. Don’t rely on security through obscurity. Don’t bank on getting off if you’re caught.