CISO View – The Week’s Best News – 2018.09.14

A Review of the Best News of the Week on Cybersecurity Management & Strategy

A Security Expert Tied to WikiLeaks Vanishes, and the Internet Is Abuzz (The New York Times, Sep 07 2018)
Arjen Kamphuis was last seen on Aug. 20 in a remote Arctic town in Norway. Online theories range from C.I.A. abduction to a secret mission for Julian Assange.

‘Only paper ballots by 2020!’ call experts after election tampering (Naked Security – Sophos, Sep 10 2018)
The National Academy of Sciences says the US election system uses insecure technology and is fighting off attempts to destabilize it.

Georgia says switching back to all-paper voting is logistically impossible (Ars Technica, Sep 12 2018)
In Curling v. Kemp, both sides are set to duke it out in court.

Without data, your security strategy is just a guess.
The Mosaic Security Research Market Intelligence Platform provides the data you need for OWASP’s Cyber Defense Matrix. Learn a better way to build your strategy.

Attackers Made 9,000 Unauthorized Database Queries in Equifax Hack: Report (SecurityWeek, Sep 10 2018)
It took Equifax 76 days to detect the massive 2017 data breach, despite the fact that attackers had conducted roughly 9,000 unauthorized queries on its databases, according to a new report from the U.S. Government Accountability Office (GAO).

Bruce Schneier Reddit AMA (Schneier on Security, Sep 07 2018)
Bruce Schneier did a Reddit Ask Me Anything on Thursday, September 6….

Making an Impact with Security Awareness Training: Continuous Contextual Content (Securosis Blog, Sep 11 2018)
“To overcome these limitations we introduced the concept of Continuous, Contextual Content (3C) as the cornerstone of the kind of training program which can achieve security initiatives…Now we can dig in to understand how to move your training program toward 3C.”

Trump’s New Executive Order Slaps a Bandaid on Election Interference Problems (Wired, Sep 12 2018)
Trump’s order creates a framework to sanction foreign meddling in elections, but experts say it’s not enough.

Quantum Computing and Cryptography (Schneier on Security, Sep 14 2018)
Quantum computing is a new way of computing — one that could allow humankind to perform computations that are simply impossible using today’s computing technologies. It allows for very fast searching, something that would break some of the encryption algorithms we use today. And it allows us to easily factor large numbers, something that would break the RSA cryptosystem for any key length. This is why cryptographers are hard at work designing and analyzing “quantum-resistant” public-key algorithms.

#GartnerSec: Embrace Hacker Culture to Battle Cyber-Criminals (Infosecurity Magazine, Sep 10 2018)
Embrace hacker culture, tools and techniques in the battle with cyber-criminals

U.K. Teen Involved in ProtonMail DDoS Attack Arrested (SecurityWeek, Sep 07 2018)
ProtonMail has helped law enforcement identify one of the members of the Apophis Squad, a group that has made bomb threats and launched distributed denial-of-service (DDoS) attacks against many organizations.

Twenty Years of Network Security Monitoring: From the AFCERT to Corelight (TaoSecurity, Sep 11 2018)
Richard Bejtlich joins Corelight

Busting the VDI Security Myth (Infosec Island, Sep 11 2018)
Many CISOs and security pros see Virtual Desktop Infrastructure (VDI) and other remote application solutions as security barriers. They think VDI isolates sensitive resources from the user’s device, making it impossible for hackers to bust through. But that’s a dangerous myth. In reality, VDI is only a minor hurdle for cyber-criminals.

Senators Concerned About State Department’s Cybersecurity Failures (SecurityWeek, Sep 13 2018)
A group of United States senators this week sent a letter to Secretary of State Mike Pompeo requesting clarifications regarding the Department of State’s failure to meet federal cybersecurity standards.

GDPR Requires IRM For Fast and Effective Response (Gartner Blog Network, Sep 14 2018)
No longer will organizations have the luxury to take as much time as they want to disclose and when they do, accuracy of the disclosure is paramount.

The “How To Build a SOC” Paper Update is OUT! (Gartner Blog Network, Sep 07 2018)
All that work finally made its way into the paper “How to Plan, Design, Operate and Evolve a SOC”.

Russian National Extradited for 2014 JP Morgan Hack (Dark Reading, Sep 10 2018)
Andrei Tyurin was arrested for his involvement in a hacking campaign targeting US financial institutions, financial news publishers, brokerage firm, and other companies.

Many adults want to reskill for cybersecurity careers (Help Net Security, Sep 11 2018)
Of the 1,004 adults surveyed, 41 percent said they would probably or definitely consider returning to college to earn a certificate or degree to prepare for a cybersecurity job. However, willingness rose to 72 percent if current employers were willing to pay for respondents’ education in preparation for an in-house cybersecurity job.

Law firm launches £500 million group action over British Airways hack (Graham Cluley, Sep 11 2018)
Within hours of British Airways admitting that it had suffered a serious security breach, with hackers accessing customer data and the full details of 380,000 payment cards, a British law firm announced that it was launching a £500m group action against the airline.

Prison for man who assisted scareware scheme that targeted newspaper website (Graham Cluley, Sep 13 2018)
A man who spent years on the run from the FBI for his part in a lucrative criminal operation that spread scareware via the Minnesota Star Tribune website has finally been sent to prison.

Security Risks of Government Hacking (Schneier on Security, Sep 13 2018)
“Some of us — myself included — have proposed lawful government hacking as an alternative to backdoors. A new report from the Center of Internet and Society looks at the security risks of allowing government hacking.”

Share on facebook
Share on twitter
Share on linkedin