A Review of the Best News of the Week on Cybersecurity Management & Strategy

The Year Targeted Phishing Went Mainstream (Krebs on Security, Aug 02 2018)
“It has never been easier for scam artists to launch convincing, targeted phishing and extortion scams that are automated on a global scale.”

The National Risk Management Center Will Combat Critical Infrastructure Hacks (Wired, Jul 31 2018)
The National Risk Management Center will give critical infrastructure companies much needed-support when under cyberattack.

r/announcements – We had a security incident. Here’s what you need to know. (reddit, Aug 01 2018)
TL;DR: A hacker broke into a few of Reddit’s systems and managed to access some user data, including some current email addresses and a 2007 database backup containing old salted and hashed passwords. Since then we’ve been conducting a painstaking investigation to figure out just what was accessed, and to improve our systems and processes to prevent this from happening again.

Without data, your security strategy is just a guess.
The Mosaic Security Research Market Intelligence Platform provides the data you need for OWASP’s Cyber Defense Matrix. What’s in the secret sauce?

Trump election security meeting results in no new measures (SC Magazine, Jul 30 2018)
President Trump held a meeting with top advisors on Friday to discuss security for the upcoming 2018 midterm elections, but the only reported result was a statement reiterating the administration’s stance that it will not tolerate outside interference.

New York Times profiles one of its own security experts (Graham Cluley, Jul 30 2018)
Well known in the security community, Sandvik has been working at the New York Times since March 2016, boosting the security and privacy of journalists, anonymous sources, and indeed subscribers.

10 More Women in Security You May Not Know But Should (Dark Reading, Jul 31 2018)
The second installment in a series highlighting women who are driving change in cybersecurity but may not be on your radar – yet.

Three security trends to watch for at Black Hat USA 2018 (Help Net Security, Aug 01 2018)
Thus far in 2018, organizations and individuals worldwide have experienced a large number of high profile cyber attacks, with criminals stealing billions of dollars as well as personal information from hundreds of millions of people.

The DNC Enlists Kids in Its Fight Against Hackers (Wired, Aug 02 2018)
The Democratic National Committee will award $500 to the child who comes up with the best defensive strategy for state election websites at Def Con next week.

Employees who witness compliance violations twice as likely to leave company (Help Net Security, Aug 03 2018)
Twenty-nine percent of employees observed at least one compliance violation at work in 2016 or 2017, according to a survey by Gartner. The survey, which sampled more than 5,000 employees at all levels, found that these workers are twice as likely to leave their organization.

Senate GOP nixes $230M in additional election security funds (SC Magazine, Aug 02 2018)
The vote comes on the heels of a similar move by House Republicans last month that nixed $350 million in additional funding to secure the nation’s elections.

To Reward, or Not to Reward (Infosecurity Magazine, Aug 01 2018)
Many CSOs have resorted to incentives and punishments to enhance employee reporting of suspect emails and cyber activities, but which of these really work?

Facebook CSO Alex Stamos leaves to join Stanford Uni (Help Net Security, Aug 02 2018)
Facebook Chief Security Officer Alex Stamos has announced that he’s leaving the company on August 17 and will be joining Stanford University full-time as a teacher and researcher.

Alaska city, borough under attack by CryptoLocker (SC Magazine, Jul 31 2018)
The Alaskan borough of Matanuska-Susitna (Mat-Su) and City of Valdez were respectively hit with ransomware attacks which knocked both networks offline.

Action1, new cybersecurity startup founded by Netwrix veterans (Help Net Security, Jul 30 2018)
The two co-founders of Netwrix, Alex Vovk and Mike Fimin, established Action1 with the vision of extending into the growing cloud-based cybersecurity market.

Dixons Carphone: Breach Hit 10 Million Personal Records (Infosecurity Magazine, Jul 31 2018)
Retailer finds millions more records have been compromised

Social media rumors lead to PepsiCo lawsuit (Naked Security – Sophos, Jul 30 2018)
PepsiCo has obtained an interim order from the Delhi High Court to delete hundreds of posts on Facebook, Twitter, Instagram and YouTube.

1.4 million online fashion shoppers exposed after data breach at UK ecommerce provider (Graham Cluley, Jul 30 2018)
Up to 1.4 million customers of a number of UK clothing and accessories websites have had their personal information exposed following a security breach at an IT services provider that they were sharing.

The Poor Cybersecurity of US Space Assets (Schneier on Security, Jul 30 2018)
Good policy paper (summary here) on the threats, current state, and potential policy solutions for the poor security of US space systems….

Yale cybersecurity breach discovered a decade after it happened (Verdict, Jul 31 2018)
Yale University has discovered that it was the victim of a cybersecurity breach that saw key personal data stolen a decade ago.

Medical System Notifies 1.4M Patients About Computer Breach (SecurityWeek, Jul 31 2018)
A major Iowa hospital and medical clinic system has notified about 1.4 million patients and former patients about a computer breach that might have exposed their personal information.