A Review of the Best News of the Week on Cybersecurity Management & Strategy
Scaling Network Security: RIP, the Moat (Securosis, Jun 05 2018)
The young people today laugh at folks with a couple decades of experience when they rue about the good old days, when your network was snaked along the floors of your office (shout out for Thicknet!), and trusted users were on the corporate network, and untrusted users were not.
Atlanta’s ransomware attack: Police dashcam video archives lost forever (WeLiveSecurity, Jun 07 2018)
The city has spent $5 million to restore files, rebuild impacted systems, and harden its cyber-defenses
Five Strategies for Extending Automation and Orchestration Beyond the SOC (SecurityWeek, Jun 08 2018)
Five areas in which SOAR platforms are successfully helping to replace manual techniques with streamlined or even fully automated processes.
SecMon State of the Union: The Buying Process (Securosis, Jun 04 2018)
Now that you’ve revisited your important use cases, and derived a set of security monitoring requirements, it’s time to find the right fit among the dozens of alternatives.
Cyber is Cyber is Cyber (Lenny Zeltser, Jun 02 2018)
If we examine the factors that influence our desire to use one security title over the other, we’ll better understand the nature of the industry and its driving forces.
Are Departing Employees Taking Your Data with Them? (SC Magazine, Jun 05 2018)
A white paper from Osterman Research revealed that 69 percent of organizations polled cited data loss when an employee leaves their organization.
Rhode Island state agencies hit with malware (SC Magazine, Jun 05 2018)
Rhode Island state officials say about 400 of the government’s 10,000 computer end points have been infected with malware.
The Habituation of Security Warnings (Schneier on Security, Jun 06 2018)
We all know that it happens: when we see a security warning too often — and without effect — we start tuning it out. A new paper uses fMRI, eye tracking, and field studies to prove it….
Further Down the Trello Rabbit Hole (Krebs on Security, Jun 06 2018)
Last month’s story about organizations exposing passwords and other sensitive data via collaborative online spaces at Trello.com only scratched the surface of the problem. A deeper dive suggests a large number of government agencies, marketing firms, healthcare organizations and IT support companies are publishing credentials via public Trello boards that quickly get indexed by the major search engines.
An Example of Deterrence in Cyberspace (Schneier on Security, Jun 07 2018)
“If we got into a tit-for-tat on cyber with the Russians, it would not be to our advantage,” a participant later remarked. “They could do more to damage us in a cyber war or have a greater impact.” In one of the meetings, Clapper said he was worried that Russia might respond with cyberattacks against America’s critical infrastructure — and possibly shut down the electrical grid.
The harsh realities of endpoint management (Help Net Security, Jun 05 2018)
88 percent of IT professionals acknowledge the importance of endpoint management, yet 30 percent don’t know how many they have.
FBI Slaps New Charges Against Researcher Who Stopped WannaCry (Dark Reading, Jun 07 2018)
Federal authorities charged Marcus Hutchins with lying to the government and authoring a second piece of malware in addition to the Kronos banking Trojan.
Most Risk to Internet Originates from US (Infosecurity Magazine, Jun 07 2018)
Rapid7 releases its third annual National Exposure Index, with the US at the top of the index.
New IBM Guardium Tool Detects Sensitive Data for GDPR Compliance (eWEEK, Jun 04 2018)
Though the deadline for GDPR compliance has already passed, there are still many organizations that are not compliant, which is why IBM wants to help with a new tool to identify private information.
Federal Agencies Respond to 2017 Cybersecurity Executive Order (SecurityWeek, Jun 04 2018)
The U.S. Department of State, the Department of Homeland Security (DHS), the Department of Commerce, and the Office of Management and Budget (OMB) last week published reports in response to the cybersecurity executive order.
CrowdStrike Launches $1 Million Security Breach Warranty (Dark Reading, Jun 05 2018)
Covers all costs of a data breach that occurs within the systems protected by its EPP Complete endpoint security service.
In Pursuit of Cryptography’s Holy Grail (Dark Reading, Jun 07 2018)
Homomorphic encryption eliminates the need for data exposure at any point – something that certainly would be welcome these days.
New Colorado Breach Notification Rules Signed Into Law (Dark Reading, Jun 07 2018)
Colorado has enacted a new data breach notification law that contains some of the most stringent requirements in the US.
Cryptocurrency Theft Tops $1 Billion in Past Six Months (SecurityWeek, Jun 07 2018)
$1.1 billion has been stolen in cryptocurrency thefts over the last six months. This is the visible effect of an illicit dark web market economy which is reportedly worth $6.7 million.
Fortinet Completes Bradford Networks Purchase (Dark Reading, Jun 04 2018)
NAC and security firm added to Fortinet’s portfolio.