A Review of the Best News of the Week on Cybersecurity Management & Strategy
NIST Small Business Cybersecurity Act Becomes Law (SecurityWeek, Aug 16 2018)
It requires NIST to “disseminate clear and concise resources to help small business concerns identify, assess, manage, and reduce their cybersecurity risks.”
Trump, Seeking to Relax Rules on U.S. Cyberattacks, Reverses Obama Directive (WSJ, Aug 16 2018)
President Trump has reversed an Obama-era memorandum governing how and when the U.S. government can deploy cyberweapons against its adversaries, in an effort to loosen restrictions on such operations, according to people familiar with the action.
Apple gets cored: 90GB of ‘secure files’ stolen by high schooler (Naked Security – Sophos, Aug 17 2018)
An Aussie high schooler pleaded guilty on Thursday to hacking Apple servers multiple times.
Without data, your security strategy is just a guess.
The Mosaic Security Research Market Intelligence Platform provides the data you need for OWASP’s Cyber Defense Matrix. Learn a better way to build your strategy.
Black Hat USA 2018: Google, Microsoft and Red Hat dish on the Meltdown/Spectre backstory (SC Magazine, Aug 09 2018)
Some of the biggest players who worked behind the scenes during the run-up to the Jan. 3 disclosure of Meltdown and Spectre came together at Black Hat 2018 to discuss what their companies, and others, did after the vulnerabilities first became known.
At DefCon, the Biggest Election Threat Is Lack of Funding (Wired, Aug 10 2018)
While hackers at the DefCon security conference dismantle voting machines, officials stress the need for means to act on the results.
NSA Research Looks at How Stress Impacts Cyber-Security Operations (eWEEK, Aug 15 2018)
At Black Hat USA, officials from the National Security Agency provided insight into the impact of fatigue and frustration on cyber-security operations.
11-year-old shows it’s child’s play to mess with elections (Naked Security – Sophos, Aug 14 2018)
It took him less than 10 minutes to change election results on a replica of Florida’s state website.
Take-aways from Black Hat USA 2018 (CSO Online, Aug 13 2018)
“There was a lot to see and discuss at Black Hat — too much to elaborate on in a short blog. Nevertheless, here are a few things that stood out to me…”
Uber Picks N.S.A. Veteran to Fix Troubled Security Team (New York Times, Aug 16 2018)
Matt Olsen, the former general counselof the National Security Agency, will replace Joe Sullivan, who was fired after the disclosure of a data breach.
Gartner Says IT Security Spending to Hit $124B in 2019 (Dark Reading, Aug 15 2018)
Global IT security spending will grow 12.4% in 2018 and another 8.7% in 2019.
Under the hoodie: why money, power, and ego drive hackers to cybercrime (Malwarebytes Labs, Aug 16 2018)
We know what cybercriminals do. We know how they do it. Now we ask: why? This in-depth profile examines what makes hackers turn to cybercrime, and what could change their minds.
Google Bug Bounty Program Now Covers Platform Abuse (SecurityWeek, Aug 16 2018)
Google on Wednesday announced the expansion of its bug bounty program to include techniques that can be used to bypass the company’s abuse detection systems.
Black Hat USA 2018: SamSam has yielded $6M for creators (SC Magazine, Aug 10 2018)
While many of the high profile attacks have been aimed at medium- to large public sector organisations in healthcare, education, and government but those make up only about half of the attacks.
Oh, No, Not Another Security Product (Dark Reading, Aug 09 2018)
This move from proprietary architecture to open modular architecture is a hallmark of Clayton Christensen’s disruptive innovation theory, and it is long overdue within the security industry.
Cyber-Security Failure Brings Societal Risks: Black Hat Researchers (eWEEK, Aug 13 2018)
“We need to be more ambitious, strategic and collaborative in our approach to defense,” said keynote speaker Parisa Tabriz, director of engineering at Google. “We have to stop playing whack-a-mole.”
Exabeam raises $50 million in series D funding to disrupt SIEM market (Help Net Security, Aug 15 2018)
…its pricing model, which allows organizations to store all of their logs, unlike the “by-the-byte” pricing model that forces budget-conscious customers to limit the amount of data covered by the SIEM—creating blind spots that sacrifice the security of the entire organization.
Just 10% of UK Firms Have No Cyber Insurance (Infosecurity Magazine, Aug 15 2018)
Ovum report claims improvements across the board
2.6 billion records exposed in 2,300 disclosed breaches so far this year (Help Net Security, Aug 16 2018)
“It’s not easy to characterize 2.6 billion records exposed as an improvement, even if it is less than the 6 billion exposed at this time last year.”
A Guided Tour of the Asian Dark Web (SecurityWeek, Aug 09 2018)
The Asian dark web is not well known. Most people just think of Russia when thinking about underground hacking forums. To gain a better understanding of Asian onion sites and black markets, researchers from IntSights embarked on a six-month long investigation and analysis.
New G Suite Alerts Provide Visibility Into Suspicious User Activity (SecurityWeek, Aug 09 2018)
After bringing alerts on state-sponsored attacks to G Suite last week, Google is now also providing administrators with increased visibility into user behavior to help identify suspicious activity.