A Review of the Best News of the Week on Cybersecurity Management & Strategy
Tanium’s Valuation Reaches $5 Billion With New Investment (Dark Reading, May 17 2018)
Tanium has received a $175 million investment from TPG Growth.
Man Convicted for Helping Hackers Beat Antivirus Products (PCMag, May 17 2018)
Ruslans Bondars ran Scan4you, an underground service that let cybercriminals pay to anonymously test their malware against more than 35 antivirus engines.
SecMon State of the Union: Focusing on Use Cases (Securosis, May 17 2018)
The cases for security monitoring tend to fall into three major buckets: Security alerts, Forensics and Response, and Compliance reporting. Let’s go into each of these to make sure you have a clear handle on success today, and how each will change in the future.
Police dog sniffs out USB drive to snare school hacker (Naked Security – Sophos, May 15 2018)
Thanks to a trained police dog sniffing out a thumb drive hidden inside a box of tissues, a high schooler in a San Francisco Bay area suburb has been accused of hacking grades: some students’ grades got bumped up, and some got elbowed down.
Bejtlich Joining Splunk (TaoSecurity, May 15 2018)
“I’m joining the Splunk team. I will be Senior Director for Security and Intelligence Operations, reporting to our CISO, Joel Fulton.”
White House Cuts Top Cybersecurity Role as Threats Loom (Wired, May 15 2018)
Former national security officials say the Trump administration’s decision to eliminate top cybersecurity policy roles sends the wrong message.
Boosting Security Effectiveness with ‘Adjuvants’ (Dark Reading, May 17 2018)
How integrating corporate resources like the IT help desk, system administration, quality assurance and HR can breathe new life into your security program.
Are security pros happy with their jobs and salaries? (Help Net Security, May 16 2018)
The pollees like many things about their jobs. At the top of the list are the fact that they are always learning something new, that they defend the company and catch threats, and the people they work with.
Using Marketing Strategies to Influence Security Behaviour (Infosecurity Magazine, May 16 2018)
Typically, security awareness training is merely a compliance exercise done once a year and in ways that feel extremely irrelevant to employees. We inundate them with information with minimal context, relevance, empathy or engagement. This approach doesn’t provide a meaningful way for people to digest and retain information, it also does nothing to enhance the security posture of an organization.
DHS Unveils National Cybersecurity Risk Strategy (Infosecurity Magazine, May 16 2018)
DHS details a five-pillar approach to increase security and resiliency by 2023.
CIA’s “Vault 7” mega-leak was an inside job, claims FBI (Naked Security – Sophos, May 17 2018)
The suspect worked for a CIA group that designed hacking tools at the time the cyber-spying arsenal was given to WikiLeaks.
Deleted WHOIS Data: An Unintended Consequence of GDPR (SecurityWeek, May 17 2018)
Such data is subject to the GDPR’s privacy requirements for protection. As a result, under current proposals, many of the businesses that register domains will remove key elements of information from the system. In effect, on May 25 the system will “go dark” until alternative preparations are made, which ICANN representatives expect won’t start being implemented until December 2018.
US Lacks Policy to Address, Deter Cybercrime (Infosecurity Magazine, May 17 2018)
Industry experts weigh in on the future of cybersecurity
Symantec Shares More Information on Internal Investigation (SecurityWeek, May 15 2018)
Symantec shares gained nearly 10 percent on Monday in anticipation of a conference call that promised to provide more information regarding the internal investigation announced by the company last week.
The Dark Overlord: Suspected hacking group member arrested in Serbia (Graham Cluley, May 17 2018)
Is The Dark Overlord’s days numbered? Serbian police have arrested a man suspected of being a member of the notorious and high profile hacking and extortion group.
Europe continues to be a cybercrime hub (Help Net Security, May 18 2018)
ThreatMetrix announced new data revealing a 30 percent year-on-year increase in the volume of cyberattacks hitting Europe in the first quarter of 2018.
One Year After WannaCry: A Fundamentally Changed Threat Landscape (Threatpost, May 17 2018)
It’s been one year this week since the ransomware known as WannaCry infected more than 200,000 machines in 150 countries, causing billions of dollars in damages and grinding global business to a halt.