A Review of the Best News of the Week on Cybersecurity Management & Strategy

Small Firms Up to 20 Times More Likely to be Breached (Infosecurity Magazine, May 09 2018)
Terbium Labs findings come from analysis of breached dark web data

Do young people hold the key to closing the cybersecurity talent gap? (Help Net Security, May 10 2018)
…the results suggest that not only are millennials and post-millennials the key to solving the current and pending skill shortage, but young females show tendencies that make them well suited to become part of the solution.

The Security Profession Needs to Adopt Just Culture (Securosis Blog, May 04 2018)
This is a problem many industries have faced; two in particular have performed extensive research and adopted a concept called Just Culture. It’s time for security to formally adopt Just Culture, including adding it to certifications and training programs.

Sponsored by LogRhythm
SIEM Magic Quadrant
Gartner Positions LogRhythm in SIEM Leaders Quadrant for 5th Consecutive Year. Get the report

Breakthrough pushes Quantum Key Distribution beyond 500km (Naked Security – Sophos, May 04 2018)
It’s getting better, but is it getting better fast enough?

Equifax provides more detail to Congress on cyber security incident (Reuters, May 08 2018)
Credit-monitoring firm Equifax Inc said on Monday it has sent a letter to several U.S. Congressional committees providing additional details on data that was breached in a cybersecurity incident in September.

Breakout Time: A Critical Key Cyber Metric (Dark Reading, May 08 2018)
Why organizations need to detect an intrusion in under a minute, understand it in under 10 minutes, and eject the adversary in under an hour.

Georgia governor vetoes anti-bug bounty bill (SC Magazine, May 09 2018)
Cybersecurity officials breathed a sigh of relief as Georgia Governor Nathan Deal vetoed state bill 315 that would have essentially have made it a crime to hack into a computer system, even to simply find its weaknesses, and gave the O.K. for companies to hack back against hackers.

Paris Hilton’s hacker sentenced to 57 months in prison (Graham Cluley, May 09 2018)
Celebrity heiress Paris Hilton says she no longer trusts the iCloud.

IBM bans USB drives – but will it work? (Naked Security – Sophos, May 11 2018)
By all accounts, IBM has decided to do just that – go cold turkey, that is – in dealing with the problem of lost data on removable storage devices.

Supply-Chain Security (Schneier on Security, May 10 2018)
Earlier this month, the Pentagon stopped selling phones made by the Chinese companies ZTE and Huawei on military bases because they might be used to spy on their users.

The US Is Unprepared for Election-Related Hacking in 2018 (Schneier on Security, May 08 2018)
The survey of nearly forty Republican and Democratic campaign operatives, administered through November and December 2017, revealed that American political campaign staff — primarily working at the state and congressional levels — are not only unprepared for possible cyber attacks, but remain generally unconcerned about the threat. The survey sample was relatively small, but nevertheless the survey provides a first look at how campaign managers and staff are responding to the threat.

Are SMBs driving the adoption of security automation by enterprises? (Help Net Security, May 07 2018)
If you tracked the lifecycle of new security technologies, you’d likely see that most start as enterprise solutions and eventually trickle down to small and medium-sized businesses (SMBs). You could probably guess why new security technology flows in this direction.

Publicly Disclosed Breaches Down Drastically in Q1 2018 (Dark Reading, May 08 2018)
Quietest first quarter since 2012, according to new report from Risk Based Security

GDPR Rails: Community GDPR compliance tool (Help Net Security, May 08 2018)
Prey Software announced GDPR Rails, an open source tool set designed to help small to mid-sized businesses comply with the General Data Protection Regulation (GDPR).

FLEETCOR Technologies gift card systems breached (SC Magazine, May 07 2018)
FLEETCOR Technologies, a $2.25 billion company specializing in fuel cards and workforce payment products and services, publicly disclosed this past Thursday that its gift card systems were accessed last month by an unauthorized party.

6 takeaways (and 3 predictions) from CISO meetings at the RSA Conference (CSO Online, May 08 2018)
The most effective way for divining the current state of enterprise cybersecurity practices is to talk to a number of CISOs representing different industries and to distill those conversations into an overall model.

Properly Framing the Cost of a Data Breach (Dark Reading, May 08 2018)
The expenses and actions typically associated with a cyberattack are not all created equal. Here’s how to explain what’s important to the C-suite and board.

Gamer Gets 1 Year in Prison for ‘World of Warcraft’ DDoS (PCMag, May 08 2018)
A 38-year-old Romanian man was just sentenced to one year in federal prison for launching a series of DDoS attacks against World of Warcraft’s European servers back in 2010.

Adapt or die: A CISO’s new role in a social media first world (SC Magazine, May 10 2018)
Defending the way a business operates, competes and grows has always been a CISO’s job, but now security professionals must adapt their thinking to the social media and digital revolution that has taken place.

Symantec Stock Plunges After Firm Announces Internal Probe (SecurityWeek, May 10 2018)
Symantec announced its fourth quarter and full year financial results on Thursday and while its revenue has increased, the cybersecurity firm’s stock dropped roughly 20% after it revealed that an internal investigation will likely delay its annual report to the U.S. Securities and Exchange Commission (SEC).