A Review of the Best News of the Week on Cybersecurity Management & Strategy

The US National Cyber Strategy (Schneier on Security, Oct 09 2018)
In a New York Times op-ed, Josephine Wolff argues that this new strategy, together with the more-detailed Department of Defense cyber strategy and the classified National Security Presidential Memorandum 13, represent a dangerous shift of US cybersecurity posture from defensive to offensive…

New Evidence of Hacked Supermicro Hardware Found in U.S. Telecom (Bloomberg, Oct 10 2018)
Bloomberg has another story..The discovery shows that China continues to sabotage critical technology components bound for America.

The Apollo Breach Included Billions of Data Points (Wired, Oct 05 2018)
Apollo is a data aggregator and analytics service aimed at helping sales teams know who to contact, when, and with what message to make the most deals.

Without data, your security strategy is just a guess.
The Mosaic Security Research Market Intelligence Platform provides the data you need for OWASP’s Cyber Defense Matrix. Learn a better way to build your strategy.

Mandia: Tipping Point Now Here for Rules of Cyber Engagement (Dark Reading, Oct 05 2018)
FireEye CEO and nation-state hacking expert Kevin Mandia says Russia began changing the game in 2015.

Network Security Monitoring vs Supply Chain Backdoors (TaoSecurity, Oct 05 2018)
Whether or not the Bloomberg story is true, the investment in Network Security Monitoring (NSM) merits the peace of mind a CISO will enjoy when his or her CIRT is equipped with robust network visibility.

Could a Credit-Like Security Score Save the Cyber Insurance Industry? (Infosec Island, Oct 11 2018)
Enterprises need access to cyber insurance that accurately reflects their current security posture and that covers both direct and indirect expenses.

US Arrests Alleged Chinese Spy (Infosecurity Magazine, Oct 11 2018)
They claim that from at least December 2013 until his eventual arrest in Belgium, Xu targeted experts working at US aviation firms including GE Aviation. He recruited them to travel to China, often under the pretense of giving a university presentation, before paying travel costs and stipends.

First GDPR Enforcement is Followed by First GDPR Appeal (SecurityWeek, Oct 10 2018)
The result of the appeal is likely to be important. Much of it seems to be unconvincing — but it doesn’t matter what the lawmakers, the regulators, businesses. lawyers or the media think. In the end, it all comes down to how the judiciary interprets the law and the incident.

How the US Halted China’s Cybertheft—Using a Chinese Spy (Wired, Oct 11 2018)
For years, China has systematically looted American trade secrets. Here’s the messy inside story of how DC got Beijing to clean up its act for a while.

New TeleBots backdoor links Industroyer to NotPetya for first time (WeLiveSecurity, Oct 11 2018)
ESET’s analysis of a new TeleBots backdoor has uncovered the first evidence linking Industroyer to NotPetya, revealing a rumored connection that was not previously proven.

Window Snyder Shares Her Plans for Intel Security (Dark Reading, Oct 11 2018)
The security leader, known for her role in securing Microsoft, Apple, and Mozilla, discusses her new gig and what she’s working on now.

Most SMBs Fold after Cyber Attacks: Here’s How to Protect Yours (Infosec Island, Oct 12 2018)
According to a report by Verizon, 61 percent of data breach victims were small businesses. And as Hiscox’s Cyber Preparedness Report 2017 notes, small businesses lose an average of $41,000 per cybersecurity incident.

West Accuses Russian Spy Agency of Scores of Attacks (SecurityWeek, Oct 04 2018)
The West unleashed an onslaught of new evidence and indictments last Thursday accusing Russian military spies of hacking so widespread that it seemed to target anyone, anywhere who investigates Moscow’s involvement in an array of criminal activities — including doping, poisoning and the downing of a plane.

Airport mislays world’s most expensive USB stick (Naked Security – Sophos, Oct 10 2018)
In October 2017, a member of the public found a USB stick containing a trove of data on security systems and procedures at one of the world’s busiest airports.

Can we trust digital forensic evidence? (Help Net Security, Oct 05 2018)
New research at the University of York examining digital forensic laboratories in England and Wales has shown that evidence of the accuracy of digital forensic methods may be missing from the regulatory framework.

945 data breaches led to compromise of 4.5 billion data records in first half of 2018 (Help Net Security, Oct 09 2018)
Malicious outsiders caused the largest percentage of data breaches (56 percent). Accidental loss accounted for over 879 million (9 percent). The number of records and incidents involved in malicious insider attacks fell by 50 percent this half compared to the same time period in 2017.

NIST and the Small Business: Addressing Cyber Insecurity (Infosec Island, Oct 09 2018)
Developing a measured, thoughtful strategy to cybersecurity is like starting a crossword puzzle. You begin with the small, simple words you know, and once those pieces are in place, the larger, more complicated words became easier to figure out.

Cyber tormentor leaves a trail that lands him 17.5 years (Naked Security – Sophos, Oct 10 2018)
Ryan S. Lin pleaded guilty to cyberstalking, distribution of child abuse imagery, hoax bomb threats, computer fraud and abuse, and ID theft.

Imperva to Be Acquired by Thoma Bravo for $2.1 Billion (Dark Reading, Oct 10 2018)
But two law firms are investigating whether the security vendor breached its fiduciary duty to shareholders by not actively seeking buyers offering a higher price.

UK Finance: New Tax Could Pay for Fraud Losses (Infosecurity Magazine, Oct 12 2018)
Banking association suggests levy to help compensate victims