A Review of the Best News of the Week on Cybersecurity Management & Strategy

Mastering MITRE’s ATT&CK Matrix (Dark Reading, Aug 06 2018)
This breakdown of Mitre’s model for cyberattacks and defense can help organizations understand the stages of attack events and, ultimately, build better security.

Cybersecurity Transformation Is A Thing, And It Needs Personal And Relentless Drive (Forrester, Aug 02 2018)
What makes one leader a transformational CISO versus a traditional CISO? What is their secret sauce?

Adventures in vulnerability reporting (Project Zero, Aug 02 2018)
At Project Zero, we spend a lot of time reporting security bugs to vendors. Most of the time, this is a fairly straightforward process, but we occasionally encounter challenges getting information about vulnerabilities into the hands of vendors. Since it is important to user security that software vendors fix reported vulnerabilities in a timely matter, and vendors need to actually receive the report for this to happen, we have decided to share some of our experiences.

Without data, your security strategy is just a guess.
The Mosaic Security Research Market Intelligence Platform provides the data you need for OWASP’s Cyber Defense Matrix. Learn a better way to build your strategy.

Infosec hits the exits (451 Group, Aug 03 2018)
The exit door has been thrown wide open, with an unprecedented level of both IPOs and M&A in the cybersecurity market.

Nearly 15% of US security budgets go to remediating active compromises (Help Net Security, Aug 08 2018)
Based on security budget per employee responses, the average 2,500 employee company in the US will spend more than $1.8 million dollars on security costs. That number is expected to increase to more than $2 million in 2018—nearly twice the average cost of all global responses (more than $1 million in 2018).

White Hat to Black Hat: What Motivates the Switch to Cybercrime (Dark Reading, Aug 09 2018)
Almost one in ten security pros in the US have considered black hat work, and experts believe many dabble in criminal activity for financial gain or employer retaliation.

Windows 10 updates under fire from unhappy security admins (Naked Security – Sophos, Aug 06 2018)
Windows 10 is on track to be the most popular Microsoft OS but some security professionals aren’t happy.

HYAS raises $6.2M Series A round led by M12 (Help Net Security, Aug 05 2018)
…real-time visibility and attribution into attacks and breaches across global networks.

U.S. Treasury calls for national data breach notification and increased data protections (SC Magazine, Aug 03 2018)
The U.S. Treasury is calling for sweeping changes in fin-tech concerning consumer protections including an increased control given to consumers over their data and a national data breach notification standard.

How Bitcoin and the Dark Web hide SamSam in plain sight (Naked Security – Sophos, Aug 07 2018)
Bitcoin and the Dark Web are familiar terms, but what are they and how do they help SamSam operate in plain sight?

Making Sense of Microsoft’s Endpoint Security Strategy (Lenny Zeltser, Aug 06 2018)
Microsoft is no longer content to simply delegate endpoint security on Windows to other software vendors. The company has released, fine-tuned or rebranded multiple security technologies in a way that will have lasting effects on the industry and Windows users. What is Microsoft’s endpoint security strategy and how is it evolving?

Measuring the Rationality of Security Decisions (Schneier on Security, Aug 07 2018)
Accurately modeling human decision-making in security is critical to thinking about when, why, and how to recommend that users adopt certain secure behaviors.

RiskRecon’s security assessment services for third-party vendors raises $25 million (TechCrunch, Aug 07 2018)
“Where there’s not transparency there’s often poor performance,” says White. “Cybersecurity has gone a long time without true transparency. You can’t have strong accountability without strong transparency.”

No, The Mafia Doesn’t Own Cybercrime: Study (Dark Reading, Aug 08 2018)
Organized crime does, however, sometimes provide money-laundering and other expertise to cybercriminals.

Black Hat: It’s Time To Stop Playing Whack-a-Mole with Security (eWEEK, Aug 08 2018)
Parisa Tabriz, director of engineering at Google doesn’t want organizations to just focus on fixing bugs, she wants organizations to look at root causes.

#BHUSA Reality of Infosec Mental Health Issues Detailed (Infosecurity Magazine, Aug 08 2018)
Researchers discussed the issues of burnout and depression upon the information security community.

Chip maker TSMC will lose millions for not patching its computers (Network World Security, Aug 08 2018)
Chip-making giant TSMC will lose hundreds of millions of dollars for failing to patch its Windows 7 computers, which were infected by the WannaCry virus.