A Review of the Best News of the Week on Cybersecurity Management & Strategy

Five Eyes demand for encryption workarounds raises stakes for tech companies (Washington Post, Sep 05 2018)
The U.S. government is going global in its anti-encryption push.

The SOC Gets a Makeover (Dark Reading, Sep 06 2018)
Today’s security operations center is all about reducing the number of alerts with emerging technologies – and enhancing old-school human collaboration. Here’s how some real-world SOCs are evolving.

Financial info of 380,000 British Airways customers stolen in site, app breach (Help Net Security, Sep 07 2018)
“From 22:58 BST August 21 2018 until 21:45 BST September 5 2018 inclusive, the personal and financial details of customers making or changing bookings on our website [ba.com] and [mobile] app were compromised,” the company stated. “The stolen data did not include travel or passport details.”

Without data, your security strategy is just a guess.
The Mosaic Security Research Market Intelligence Platform provides the data you need for OWASP’s Cyber Defense Matrix. Learn a better way to build your strategy.

Senator Mark Warner Is Not Happy With Google (Wired, Sep 04 2018)
“What I’ve told the companies is that I don’t want this to be a retrospective on what happened in 2016, but I want to know what they’re doing to prevent this happening in 2018 and beyond. Increasingly, this kind of manipulation can be used not just in politics, but also in business and other areas.”

One of Google’s newest sister companies is ready to go after the $96 billion cybersecurity industry (CNBC, Sep 04 2018)
Alphabet’s X ‘Moonshot’ start-up Chronicle wants to shake up the cybersecurity landscape 

Less than a third of companies have dedicated cybersecurity insurance (Help Net Security, Sep 04 2018)
Just six percent of respondents in the UK say their company insurance covers only for information security breaches, while 11 percent are covered only for data loss.

There are no real shortcuts to most security problems (Help Net Security, Sep 05 2018)
Xerox Chief Information Security Officer Dr. Alissa Johnson…“Diverting more funds into cybersecurity insurance instead of bolstering defenses increases the likelihood of a breach. More to the point, though, insurance payments can’t make up for all of the damage done by a cyberattack,” she points out.

What to expect when the internet gets a big security upgrade (Network World Security, Sep 05 2018)
More secure keys protecting the directory name system (DNS) are ready to deploy, but for those using DNS servers that haven’t been upgraded, it could cause problems reaching websites.

Facebook Chief Says Internet Firms in ‘Arms Race’ for Democracy (SecurityWeek, Sep 04 2018)
Facebook chief Mark Zuckerberg said late Tuesday that the leading social network and other internet firms are in an arms race to defend democracy.

How leadership implements cyber resiliency across their organizations (Help Net Security, Sep 06 2018)
Only 8% of executives say that their CISO or equivalent performs above average in communicating the financial, workforce, reputational or personal consequences of cyber threats.

Gartner SOAR Adoption Rate Prediction: From 1% to 15% by 2020 – Why Should You Care? (Infosec Island, Sep 06 2018)
SOAR tools allow for an effective way of fighting security threats through a central collection of intelligence that can be quickly transformed into action.

Leader of DDoS-for-Hire Gang Pleads Guilty to Bomb Threats (Krebs on Security, Sep 06 2018)
“A 19-year-old man from the United Kingdom who headed a cybercriminal group whose motto was “Feds Can’t Touch Us” pleaded guilty this week to making bomb threats against thousands of schools.”

US to Charge North Korea for Sony Breach, WannaCry (Dark Reading, Sep 06 2018)
The DoJ plans to charge North Korean threat actors for their involvement in two major cyberattacks, US officials report.

What Is FIPS 140-2 & Why Does It Matter? (Carbon Black, Aug 31 2018)
FIPS 140 was written as a requirements document for encryption with the goal to standardize a minimum strength level for the cryptography used in all Sensitive But Unclassified (SBU) federal operating environments.

Bitfi Retracts ‘Unhackable’ Claims (Infosecurity Magazine, Sep 03 2018)
Controversial firm shutters bug bounty program

43% of Security Pros Could Execute Insider Attack (Infosecurity Magazine, Aug 31 2018)
Despite increased spending on security, insider threats remain a risk to business, according to new survey.

Orgs Still Feel Vulnerable Despite Cyber Standards (Infosecurity Magazine, Aug 31 2018)
A IT Governance survey finds implementing ISO 27001 beneficial in mitigating risk.

The Continuing Problem of Aligning Cybersecurity With Business (SecurityWeek, Sep 04 2018)
…asked what types of data most need to be protected, both groups agreed on first customer or patient data, and second, intellectual property. They disagreed however, on the third priority. The business group specified employee data, while the security group specified financial data.

Investor Sues AT&T for Cryptocurrency Theft Losses (Dark Reading, Sep 04 2018)
The victim of cybercurrency theft blames the carrier for failing its security obligations.

Security Orchestration, Automation and Response Demand Set to Grow (eWEEK, Sep 06 2018)
Demisto sponsored study found that security operations centers are largely overwhelmed by the volume of alerts, which is helping to drive demand and awareness for Security Orchestration, Automation and Response (SOAR) technologies.