A Review of the Best News of the Week on Cybersecurity Management & Strategy

72% of CEOs admit they’ve taken intellectual property from a former employer (Help Net Security, Jul 25 2018)
While companies spend billions to prevent data loss, the research suggests that data remains vulnerable to employee transgressions — and the C-suite is among the worst offenders.

Hackers Breached Virginia Bank Twice in Eight Months, Stole $2.4M (Krebs on Security, Jul 24 2018)
“Hackers used phishing emails to break into a Virginia bank in two separate cyber intrusions over an eight-month period, making off with more than $2.4 million total. Now the financial institution is suing its insurance provider for refusing to fully cover the losses.”

2018 Popular SIEM Starter Use Cases (Gartner Blog Network, Jul 20 2018)
So, let’s take a look at these mid-level use cases (technically, I’d classify my use cases here as mid-level in abstraction, BTW) and perhaps add others we’ve been noticing lately.

Sponsored by LogRhythm
SIEM Magic Quadrant
Gartner Positions LogRhythm in SIEM Leaders Quadrant for 5th Consecutive Year. Get the report

State-Actors Likely Behind Singapore Cyberattack: Experts (SecurityWeek, Jul 23 2018)
State-actors were likely behind Singapore’s biggest ever cyberattack to date, security experts say, citing the scale and sophistication of the hack which hit medical data of about a quarter of the population.

Here’s what cybersecurity professionals at companies actually do, and why they’re so vital (CNBC, Jul 23 2018)
A rundown of all the roles filled by the Chief Information Security Officer (CISO) and staff, with real-world examples of problems that can occur in each role.

Unpacking the Impact of NIST 1.1 Updates on ICS (SecurityWeek, Jul 24 2018)
The National Institute of Standards and Technology (NIST) recently updated its cybersecurity framework (CSF), rolling out changes to all five pillars: Identify, Protect, Detect, Respond, and Recover. These changes present some challenges for industrial organizations that want or need to comply with this CSF.

Samsam infected thousands of LabCorp systems via brute force RDP (CSO Online, Jul 19 2018)
LabCorp contained the attack within 50 minutes, says they’re at about 90-percent operational capacity

How one hacker could have changed automotive history (Naked Security – Sophos, Jul 25 2018)
That’s not supposed to happen: 150GB of customer data that the world could download… and hack.. and then upload again.

Equifax’s Security Overhaul, a Year After Its Epic Breach (Wired, Jul 25 2018)
Nearly a year after hackers stole the personal data of 147 million people from Equifax, the company details how it’s overhauling security.

Maryland cybersecurity firm Tenable jumps 48 percent in its IPO | WTOP (WTOP, Jul 27 2018)
Columbia, Maryland-based cybersecurity company Tenable raised $250 million in its initial public stock offering Thursday and its stock jumped as much as 48 percent its first day of trading.

COSCO Hit by Suspected Ransomware (Infosecurity Magazine, Jul 26 2018)
Chinese shipper’s US website and operations affected

Idaho inmates hack prison tablets, steal $225,000 in commissary credits (SC Magazine, Jul 27 2018)
The Idaho Department of Corrections reported that 364 inmates hacked into tablets used in various penitentiary facilities crediting almost $225,000 worth of credits into their personal prison accounts.

Watch a Hacker Install a Firmware Backdoor on a Laptop in Less Than 5 Minutes (Motherboard, Jul 23 2018)
This demo shows that “evil maid attacks,” hacks where an attacker has physical access to a target computer, are not as complicated as you may think.

The Evolution of SOAR Platforms (SecurityWeek, Jul 27 2018)
In 2017, Gartner coined the term security orchestration, automation, and response (SOAR) to describe the emerging category of platforms born of incident response, security automation, case management, and other security tools.

How SOAR can increase the value of your security team (Help Net Security, Jul 23 2018)
SOAR makes SecOps decision-making easier than ever, supporting vital security activities, including better prioritizing security operations activities, formalizing triage and incident response processes, and automating containment workflows.

Twitter boots 143K bad apps, throttles developer access to API (Naked Security – Sophos, Jul 26 2018)
Devs now have to register and will be capped at 10 apps, and those apps are now on a diet: no more endless gorging on spam/bot-pestering/etc.

Your essential guide to what sysadmins really mean (Naked Security – Sophos, Jul 27 2018)
You’re a sysadmin and you’re misunderstood, until now.

Accenture forms alliance and invests in Ripjar (Help Net Security, Jul 23 2018)
The move will expand Accenture Security’s capability in data fusion, automated analytics, and machine learning to help organizations improve the way they tackle security challenges. Terms of the transaction were not disclosed.

Microsoft, Google, Facebook, Twitter Launch Data Transfer Project (Dark Reading, Jul 23 2018)
The open-source Data Transfer Project, intended to simplify and protect data transfer across apps, comes at a sensitive time for many of the participating organizations.

Accessible Security Tools: Solving the Skills Shortage (SecurityWeek, Jul 24 2018)
By creating tools that can be used both by non-technical individuals and experienced analysts, security companies can enable organizations to reduce the burden for experienced security staff, train new staff, and stay ahead of both the skills shortage and advanced threats.