CISO View – The Week’s Best News – 2018.05.25

A Review of the Best News of the Week on Cybersecurity Management & Strategy

Former Uber CISO: Why I’m Joining Cloudflare (Cloudflare, May 16 2018)
Back in 2002, as I considered leaving my role as a cybercrime federal prosecutor to work in tech on e-commerce trust and safety, a mentor told me, “You have two rewarding but very different paths: you can prosecute one bad actor at a time, or you can try to build solutions that take away many bad actors’ ability to do harm at all.”

Attackers Hide in Plain Sight as Threat Hunting Lags: Report (SecurityWeek, May 22 2018)
Two things most stand out: nearly half (44%) of financial institutions are concerned about the security posture of their technology service providers (TSPs — the supply chain); and despite their resources, only 37% have established threat hunting teams.

What Israel’s Elite Defense Force Unit 8200 Can Teach Security about Diversity (Dark Reading, May 21 2018)
Unit 8200 doesn’t follow a conventional recruiting model. Technical knowledge isn’t a requirement. The unit values traits that emphasize problem-solving and interpersonal skills, and it uses hiring processes that build female leaders.


Sponsored by LogRhythm
SIEM Magic Quadrant
Gartner Positions LogRhythm in SIEM Leaders Quadrant for 5th Consecutive Year. Get the report


Alphabet’s Moonshot Factory And Stephen Gillett Create Chronicle To Revolutionize CyberSecurity (Forbes, May 21 2018)
Chronicle is still largely in stealth mode, but Gillett took time to speak with me about his vision for the company, its progress in garnering customers, the process of graduating from X, and the advantages of growing a business within Alphabet as opposed to seeking funding from more traditional venture capital.

Communicating About Cybersecurity in Plain English (Lenny Zeltser, May 21 2018)
When cybersecurity professionals communicate with regular, non-technical people about IT and security, they often use language that virtually guarantees that the message will be ignored or misunderstood.

Things I’d Like to See Go Away – Unrealistic ROI and TCO Calculators (Gartner Blog Network, May 22 2018)
Let’s face it, customers care about Total Cost of Ownership (TCO) and Return on Investment (ROI).   These figures are a key part of most business cases that are developed to…

GDPR 101: Keeping Data Safe Throughout the ‘Supply Chain’ (Dark Reading, May 22 2018)
There are a lot of moving pieces involved with data collection, retention, and processing in the EU’s new General Data Protection Regulation. Here’s how to break down responsibilities between your security team and service providers.

You Cannot Buy Security Operations Maturity But You Can … Ruin It (Gartner Blog Network, May 23 2018)
In my day job, I ponder all sorts of strange stuff. For example, here is a philosophical one: can one buy security operations maturity?

Don’t Freak Out About That Amazon Alexa Eavesdropping Situation (Wired, May 24 2018)
You should certainly understand the risks of having a smart speaker in your home, but there’s a perfectly good explanation for how that rogue message might have gotten sent.

The State of Information Sharing: 20 Years after the First White House Mandate (Dark Reading, May 22 2018)
Finally! Actionable guidance for ISACs and enterprises on what threat intel to share, how to share it, and which key technologies will automate redaction and protect privacy.

Baltimore-based LifeBridge Health breach impacts half a million patients (SC Magazine, May 23 2018)
LifeBridge Health is notifying 500,000 patients that their personal information was exposed in a data breach.

What Should Post-Quantum Cryptography Look Like? (Dark Reading, May 23 2018)
Researchers are tackling the difficult problem of transitioning toward a new mode of cryptographic protections that won’t break under the pressure of quantum computing power.

North Korea’s hackers—many living abroad—have nabbed it $650 million (Quartz, May 22 2018)
The country’s cyberattacks are numerous and sophisticated.

Jay-Z’s TIDAL streaming service discloses breach while denying number-fudging accusations (SC Magazine, May 22 2018)
In denying accusations that it manipulated its subscriber statistics, Jay-Z-owned music streaming platform TIDAL instead has disclosed a potential data breach, according to various industry reports.

Small-Business Owners Unaware of Looming GDPR (Infosecurity Magazine, May 18 2018)
Mere days away from GDPR enforcement, SMBs are woefully unaware of their responsibilities.

Allied Physicians hit with SamSam ransomware (SC Magazine, May 22 2018)
Allied Physicians of Michiana, Mich. reported it was hit with a SamSam ransomware attack, but was able to quickly restore its systems and the healthcare facility does not believe any patient data was compromised.

US Senator to DOD CIO: ‘Take Immediate Action’ on HTTPS (Dark Reading, May 22 2018)
US Senator Ron Wyden pens a letter to the Department of Defense CIO, urging stronger security on public-facing government sites.

Server? What server? Site forgotten for 12 years attracts hacks, fines (Naked Security – Sophos, May 22 2018)
The University of Greenwich might not have noticed the website but hackers did.

How the LAPD Uses Data to Predict Crime (Wired, May 22 2018)
If you’ve ever been incarcerated, it’s never easy to escape your past. In Los Angeles, it may be even harder.

Growing Job Pressures Increase Risk of Burnout for Cybersecurity Professionals (Dark Reading, May 23 2018)
A new Trustwave survey shows information security executives and practitioners are under increasing pressure from trying to keep up with threats and compliance mandates.

Share on facebook
Facebook
Share on twitter
Twitter
Share on linkedin
LinkedIn