A Review of the Best News of the Week on Cybersecurity Management & Strategy

Equifax Has Chosen Experian. Wait, What? (Krebs on Security, Nov 01 2018)
“A year after offering free credit monitoring to all Americans on account of its massive data breach that exposed the personal information of nearly 148 million people, Equifax now says it has chosen to extend the offer by turning to a credit monitoring service offered by a top competitor — Experian. And to do that, it will soon be sharing with Experian contact information that affected consumers gave to Equifax in order to sign up for the service.”

States Average a C- in Election Security (Infosecurity Magazine, Oct 31 2018)
Results of the Election Cybersecurity Scorecard, published by the Center for Strategic & International Studies (CSIS), found that states average a C- in election security.

2019 Planning Guide for Security and Risk Management (Gartner Blog Network, Oct 30 2018)
“Security teams find it difficult to keep up with change, especially because the vendor security solution landscape has become hard to decipher. Technical professionals must understand these trends in order to continue practicing strong planning and execution of security initiatives in 2019.”

Without data, your security strategy is just a guess.
The Mosaic Security Research Market Intelligence Platform provides the data you need for OWASP’s Cyber Defense Matrix. Learn a new way to conduct a strategy assessment.

China has been ‘hijacking the vital internet backbone of western countries’ (ZDNet, Oct 29 2018)
Chinese government turned to local ISP for intelligence gathering after it signed the Obama-Xi cyber pact in late 2015, researchers say.

Communication is Broken Between CISOs and the Rest of the Business (SecurityWeek, Oct 29 2018)
In a recent survey of business communication by the well-known audit and consulting firm PwC, board directors were asked to rate the quality of presentations they receive from senior managers. CISOs ranked at the bottom of the list with just 19% of CISO presentations being rated as “excellent.”

Security Architecture Frameworks – Yay or Nay? (Anton Chuvakin, Oct 31 2018)
“But here is the punchline: does anybody care? More specifically, does anybody use them as foundations for their security architecture? Can security architecture frameworks even keep up with the evolution of IT?”

US Bans Exports to Chinese DRAM-Maker (Infosecurity Magazine, Oct 30 2018)
Micron rival put on Entity List after suspected IP theft

Post-breach, Cathay Pacific hit by group action by UK law firm (Graham Cluley, Oct 30 2018)
Fresh from launching a £500 million group action against British Airways after a serious security breach, UK law firm SPG Law has wasted no time responding to the announcement last week of a hack at Cathay Pacific which saw the personal data of 9.4 million Cathay Pacific passengers breached.

RSA Conference 2019 expands innovation program (Help Net Security, Oct 31 2018)
RSAC Launch Pad will give three chosen security innovators the coveted opportunity to pitch their company to three high-profile venture capitalists in a Shark Tank-style format. If the prominent VCs like the 10-minute pitch, participants could go home with real funding and support to expedite their company’s growth.

Proposal for Cybersecurity Civilian Corps Gets Mixed Reception (SecurityWeek, Oct 31 2018)
Although the U.S has been engaged in cybersecurity for over a generation, “there continues to be organizational and human gaps that leave the nation insecure.” Few people would disagree. What is less clear is any realistic and effective solution to the problem.

The US pushes to build unhackable quantum networks (MIT Technology Review, Oct 30 2018)
The fiber-optic cables carrying data across the internet are vulnerable to hacking. Two US initiatives aim to fix that by creating super-secure quantum transmissions.

GDPR Alert as Average ICO Fines Double in a Year (Infosecurity Magazine, Oct 30 2018)
Latest stats show total value increased 24%

Girl Scouts Hacked, 2,800 Members Notified (Dark Reading, Oct 30 2018)
A Girl Scouts of America branch in California was hacked, putting the data of 2,800 girls and their families at risk.

US Indicts Chinese Spies and Insiders for Aviation Theft (Infosecurity Magazine, Oct 31 2018)
Hackers were allegedly helped by IT security boss at French aerospace firm

Growing pains: Skills gap meets expanding threat surface (WeLiveSecurity, Oct 31 2018)
“I have to admit that I was skeptical the first time that I heard there was a seven figure shortfall in the number of people needed to do the very necessary work of securing our digital world assets. So I researched the topic and arrived at the opinion that it’s probably true.”

China’s Five Steps for Recruiting Spies in the US (Wired, Oct 31 2018)
A series of high-profile cases involving alleged Chinese recruits shows how the country identifies and develops potential spies stateside.

UK Regulator Issues Second GDPR Enforcement Notice on Canadian Firm (SecurityWeek, Oct 31 2018)
That enforcement notice requires that AIQ should within 30 days “Cease processing any personal data of UK or EU citizens obtained from UK political organisations or otherwise for the purposes of data analytics, political campaigning or any other advertising purposes.”

Radisson Rewards Program Targeted in Data Breach (Dark Reading, Nov 01 2018)
It’s the latest in a series of attacks targeting the travel industry, following incidents at British Airways and Cathay Pacific.

FIFA Reveals Second Hack (Dark Reading, Nov 01 2018)
Successful phishing campaign leads attackers to confidential information of world soccer’s governing body.

HITRUST releases Threat Catalogue to improve risk management (Help Net Security, Nov 01 2018)
The HITRUST Threat Catalogue will be available free of charge and becomes an integral part of HITRUST’s risk management and compliance suite. It will help organizations ease the burden of analyzing and managing security and privacy risk by mapping these threats directly to the controls in the HITRUST CSF framework.