A Review of the Best News of the Week on Cybersecurity Management & Strategy

US Indicts 2 APT 10 Members for Years-Long Hacking Campaign (Dark Reading, Dec 21 2018)
In an indictment unsealed this morning, the US ties China’s state security agency to a widespread campaign of personal and corporate information theft.

The Most-Read Security Stories of 2018 (Wired, Dec 27 2018)
This year saw the most devastating cyberattack in history, a gang of teen hackers, and so much Mueller news.

NIST Risk Management Framework 2.0 Updates Cyber-Security Policy (eWEEK, Dec 21 2018)
The final version of the NIST Risk Management Framework 2.0 is now available, providing government agencies and commercial enterprises alike with new guidance that aligns risk, privacy and cyber-security controls.

Without data, your security strategy is just a guess.
The Mosaic Security Research Market Intelligence Platform provides the data you need for OWASP’s Cyber Defense Matrix. Learn a new way to conduct a strategy assessment.

How China’s Elite APT10 Hackers Stole the World’s Secrets (Wired, Dec 20 2018)
A new DOJ indictment outlines how Chinese hackers allegedly compromised data from companies in a dozen countries in a single intrusion.

Security 101: How Businesses and Schools Bridge the Talent Gap (Dark Reading, Dec 20 2018)
Security experts share the skills companies are looking for, the skills students are learning, and how to best find talent you need.

How to Optimize Security Spending While Reducing Risk (Dark Reading, Dec 20 2018)
Risk scoring is a way of getting everyone on the same page with a consistent, reliable method of gathering and analyzing security data.

Hacking Diplomatic Cables Is Expected. Exposing Them Is Not (Wired, Dec 20 2018)
Spies try to access government communications all the time. But an incident this week tested the limits of what happens when those compromises get discovered.

How to Remotely Brick a Server (Dark Reading, Dec 19 2018)
Researchers demonstrate the process of remotely bricking a server, which carries serious and irreversible consequences for businesses.

7 Business Metrics Security Pros Need to Know (Dark Reading, Dec 21 2018)
These days, security has to speak the language of business. These KPIs will get you started.

Cybersecurity in 2019: From IoT & Struts to Gray Hats & Honeypots (Dark Reading, Dec 19 2018)
While you prepare your defenses against the next big thing, also pay attention to the longstanding threats that the industry still hasn’t put to rest.

Caribou Coffee Card Breach Hits 265 Stores (Infosecurity Magazine, Dec 21 2018)
US chain the latest to suffer POS malware infection

Feds Charge Three in Mass Seizure of Attack-for-hire Services (Krebs on Security, Dec 20 2018)
“Authorities in the United States this week brought criminal hacking charges against three men as part of an unprecedented, international takedown targeting 15 different “booter” or “stresser” sites — attack-for-hire services that helped paying customers launch tens of thousands of digital sieges capable of knocking Web sites and entire network providers offline.”

Managing Burnout (TaoSecurity, Dec 21 2018)
“Within the last few years I experienced a profound professional “burnout.” I’ve privately mentioned this to colleagues in the industry, and heard similar stories or requests for advice on how to handle burnout. I want to share my story in the hopes that it helps others in the security scene, either by coping with existing burnout or preparing for a possible burnout.”

Serial Swatter and Stalker Mir Islam Arrested for Allegedly Dumping Body in River (Krebs on Security, Dec 23 2018)
“A 22-year-old man convicted of cyberstalking and carrying out numerous bomb threats and swatting attacks — including a 2013 swatting incident at my home — was arrested Sunday morning in the Philippines after allegedly helping a friend dump the body of a housemate into a local river.”

Over 500K School Staff and Students Hit by Breach (Infosecurity Magazine, Dec 24 2018)
Phishing campaign targeted scores of San Diego school staff

BevMo Warns of Customer Credit Card Data Breach (SecurityWeek, Dec 27 2018)
BevMo is warning that a data breach may have allowed a hacker to steal credit card numbers and other information from more than 14,000 customers who used the alcohol-seller’s website.