A Review of the Best News of the Week on Cybersecurity Management & Strategy

How the U.S. Govt. Shutdown Harms Security (Krebs on Security, Jan 23 2019)
“The ongoing partial U.S. federal government shutdown is having a tangible, negative impact on cybercrime investigations, according to interviews with federal law enforcement investigators and a report issued this week by a group representing the interests of FBI agents. Even if lawmakers move forward on new proposals to reopen the government, sources say the standoff is likely to have serious repercussions for federal law enforcement agencies for years to come.”

Industry reactions to Google’s €50 million GDPR violation fine (Help Net Security, Jan 22 2019)
On 21 January 2019, the French National Data Protection Commission (CNIL) imposed a financial penalty of €50 million against Google, in accordance with the GDPR. This is the first time that the CNIL applies the new sanction limits provided by the GDPR. The amount decided and the publicity of the fine are justified by the severity of the infringements observed regarding the essential principles of the GDPR: transparency, information and consent. Here are some reactions …

The 5 Stages of CISO Success, Past & Future (Dark Reading, Jan 25 2019)
In cybersecurity, as in history, security leaders who forget the lessons of the past will be doomed to repeat them.


Without data, your security strategy is just a guess.
The Mosaic Security Research Market Intelligence Platform provides the data you need for OWASP’s Cyber Defense Matrix. Learn a new way to conduct a strategy assessment.


GDPR Suit Filed Against Amazon, Apple (Dark Reading, Jan 18 2019)
An Austrian non-profit, led by privacy activist and attorney Max Schrems, has filed suit against 8 tech giants for non-compliance with the EU General Data Protection Regulation.

Serious Security: What 2000 years of cryptography can teach us (Naked Security – Sophos, Jan 19 2019)
Here’s a fascinating history of cryptography that has plenty to teach you – and you don’t need a degree in mathematics to follow along!

Hackers Baselessly Blame Women and ‘SJWs’ for the End of DerbyCon Security Conference (Motherboard, Jan 23 2019)
The founder says the charge is ‘baseless,’ but that hasn’t stopped employees at some of the most important infosec companies from posting misogynistic comments in a closed Facebook group.

The Evolution of Darknets (Schneier on Security, Jan 23 2019)
This is interesting: To prevent the problems of customer binding, and losing business when darknet markets go down, merchants have begun to leave the specialized and centralized platforms and instead ventured to use widely accessible technology to build their own communications and operational back-ends. Instead of using websites on the darknet, merchants are now operating invite-only channels on widely available…

VC Investments in Cybersecurity Hit Record Highs in 2018 (Dark Reading, Jan 18 2019)
But rate of funding appears unsustainable, according to Strategic Cyber Ventures.

Shadow IT, IaaS & the Security Imperative (Dark Reading, Jan 21 2019)
Organizations must strengthen their security posture in cloud environments. That means considering five critical elements about their infrastructure, especially when it operates as an IaaS.

Trend Micro’s ZDI Looks to Acquire More Vulnerabilities in 2019 (eWEEK, Jan 18 2019)
Trend Micro’s Zero Day Initiative published 1,444 security advisories in 2018, with issues in PDF technologies leading the way.

Dark Web Drug Dealers Get 43 Years (Infosecurity Magazine, Jan 22 2019)
Leeds trio sold fentanyl and carfentanyl internationally

Global Firms Face $5tr in Cybercrime Losses (Infosecurity Magazine, Jan 21 2019)
Accenture report urges greater focus on industry-wide collaboration

Bulgaria Extradites Russian Hacker to US: Embassy (SecurityWeek, Jan 19 2019)
Bulgaria has extradited a Russian indicted by a US court for mounting a complex hacking scheme to the United States, the Russian embassy in Washington said Saturday.

PCI SSC Releases New Security Standards for Payment Software (SecurityWeek, Jan 18 2019)
The Payment Card Industry Security Standards Council (PCI SSC) this week announced new security standards for the design, development and maintenance of payment software.

Build the wall… around your DNS settings, US govt IT staff urged by Homeland Security amid domain hijackings (The Register, Jan 23 2019)
Anyone still at their posts, please stop these address takeovers… please, helloo? Anyone there?

The Fact and Fiction of Homomorphic Encryption (Dark Reading, Jan 22 2019)
The approach’s promise continues to entice cryptographers and academics. But don’t expect it to help in the real world anytime soon.

Apple’s Security Expert Joined the ACLU to Tackle ‘Authoritarian Fever’ (Motherboard, Jan 22 2019)
Apple security expert Jon Callas, who helped build protection for billions of computers and smartphones against criminal hackers and government surveillance, is now taking on government and corporate spying in the policy realm.

Threats and abuse: Critics fear effect of new Thailand cyber law (Aljazeera, Jan 25 2019)
Threats and abuse: Critics fear effect of new Thailand cyber law  Aljazeera.comDespite revisions, critics fear legislation will be used to stifle debate ahead of elections scheduled for March.