A Review of the Best News of the Week on Cybersecurity Management & Strategy
Twitter to All Users: Change Your Password Now! (Krebs on Security, May 03 2018)
Twitter just asked all 300+ million users to reset their passwords, citing the exposure of user passwords via a bug that stored passwords in plain text — without protecting them with any sort of encryption technology that would mask a Twitter user’s true password. The social media giant says it has fixed the bug and that so far its investigation hasn’t turned up any signs of a breach or that anyone misused the information. But if you have a Twitter account, please change your account password n
Gartner Survey Reveals the Scarcity of Current Blockchain Deployments (Gartner, May 03 2018)
Only 1 percent of CIOs indicated any kind of blockchain adoption within their organizations, and only 8 percent of CIOs were in short-term planning or active experimentation with blockchain, according to Gartner’s 2018 CIO Survey.
The staggering costs of non-compliance (SC Magazine, May 01 2018)
GDPR, PCI DSS, HIPAA SOX- the alphabet soup of privacy regulations can be daunting to many businesses, but the cost for non-compliance is more than double the cost to comply, says Peter Merkulov, Chief Technology Officer, Globalscape
State of Cybersecurity 2018: Enterprises Can Do Better (Infosecurity Magazine, May 01 2018)
Are things in cybersecurity better or worse than they were 12 months ago?
A Data Protection Officer’s Guide to GDPR ‘Privacy by Design’ (Dark Reading, May 01 2018)
These five steps can show you how to start building your foundational privacy program for the EU’s General Data Protection Regulation.
This Russian Company Sells Zero-Day Exploits for Hospital Software (Motherboard, May 02 2018)
Moscow-based Gleg provides zero-day exploits for medical software, and those in the medical industry are concerned about disclosure. But the exploits themselves may not be all that important in real world attacks.
Insights from the Verizon 2018 Data Breach Investigation Report (Centrify, May 02 2018)
Always good to come back to this periodically….
DHS to roll out national cybersecurity strategy in mid-May. (SC Magazine, Apr 27 2018)
Department of Homeland Security (DHS) Secretary Kirstjen Nielsen told Congressional leaders her agency is two weeks out from releasing a national cybersecurity strategy, an action that is now one year overdue.
Trump administration looking to rescind cyberwarfare approval process (SC Magazine, May 03 2018)
The Trump administration is reportedly looking to rescind Presidential Policy Directive 20 an important policy memorandum that currently guides the approval process for government-backed cyberattacks
Managing Risk a Must in Third-Party Relationships (SecurityWeek, Apr 30 2018)
Conducting Thorough Due Diligence on a Prospective Vendor’s Security is Essential
Uber Updates Bug Bounty Program (SecurityWeek, Apr 30 2018)
Uber last week updated the legal terms of its bug bounty program and provided guidance for good faith vulnerability research. The changes come just months after the ride-sharing giant admitted paying a couple of individuals as part of an effort to cover up a massive security incident.
North Korea’s AV Software Contains Pilfered Trend Micro Software (Dark Reading, May 01 2018)
Researchers get hold of a copy of Kim Jong Un regime’s mysterious internal ‘SiliVaccine’ antivirus software, provided only to its citizens, and find a few surprises.
What is a cybersecurity technology platform anyway? (CSO Online, Apr 27 2018)
Vendors are pushing platforms, but features, functionality, and definitions vary. Here’s a list of “must have” cybersecurity platform attributes.
NIST Issues Call for “Lightweight Cryptography” Algorithms (Schneier on Security, May 02 2018)
Creating these defenses is the goal of NIST’s lightweight cryptography initiative, which aims to develop cryptographic algorithm standards that can work within the confines of a simple electronic device.
Encryption is Necessary, Tools and Tips Make It Easier (Dark Reading, May 03 2018)
In the InteropITX conference, a speaker provided tips, tools, and incentives for moving to pervasive encryption in the enterprise.