A Review of the Best News of the Week on Cybersecurity Management & Strategy

Just two hacker groups are behind 60% of stolen cryptocurrency (Naked Security – Sophos, Feb 06 2019)
Chainalysis found that two groups, which it calls Alpha and Beta, are responsible for stealing around $1 billion in funds from exchanges.

RSA Conference 2019 USA: What you can expect at this year’s event (Help Net Security, Feb 04 2019)
It’s that time of year: RSA Conference 2019 USA is a little over a month away. To prepare, we asked Britta Glade, Director of Content and Curation for RSA Conference, to tell us more about this year’s event.

Chinese Hackers Spy on U.S. Law Firm, Major Norwegian MSP (SecurityWeek, Feb 06 2019)
China-linked cyber-espionage group APT10 has targeted companies in the United States and Europe to steal intellectual property or gain commercial advantage, Recorded Future security researchers say.

Without data, your security strategy is just a guess.
The Mosaic Security Research Market Intelligence Platform provides the data you need for OWASP’s Cyber Defense Matrix. Learn a new way to conduct a strategy assessment.

CISOs: Change your mindset or lose your job (Help Net Security, Feb 04 2019)
Capgemini commissioned IDC to produce a new piece of research, which reveals the increasing pressure on the Chief Information Security Officer to drive forward digital transformation – or risk losing their seat at the table when it comes to key business decisions.

U.S. Energy Firm Fined $10 Million for Security Failures (SecurityWeek, Feb 04 2019)
A US energy company, identified by some media reports as Duke Energy, received a $10 million fine from the North American Electric Reliability Corporation (NERC) for nearly 130 violations of the Critical Infrastructure Protection (CIP) standards.

RSA Conference announces finalists for Innovation Sandbox Contest 2019 (Help Net Security, Feb 06 2019)
RSA Conference announced the 10 finalists for its annual RSAC Innovation Sandbox Contest. The competition is dedicated to providing innovative startups a platform to showcase their groundbreaking technologies that have the potential to transform the information security industry.

Huawei offers to build cyber security center in Poland (Reuters, Feb 06 2019)
China’s Huawei has offered to build a cyber security center in Poland where last month authorities arrested a Chinese employee of the telecommunications firm along with a former Polish security official on spying charges.

What do successful pentesting attacks have in common? (Help Net Security, Feb 07 2019)
“What many of our successful pentesting attacks had in common was the presence of interfaces on the network perimeter that should not be accessible from the outside. For example, an Internet-accessible video surveillance system not only allows an attacker to view video, but also to run arbitrary commands on the server. This shows how important it is to correctly delineate the network perimeter and monitor the security of every component,” noted Leigh-Anne Galloway, Cyber Security Resilience Lead at Positive Technologies.

Serious Security: Post-Quantum Cryptography (and why we’re getting it) (Naked Security – Sophos, Feb 07 2019)
Here’s why NIST is running a competition to find algorithms for a Post-Quantum Cryptographic world…

Australian Parliament Computer Network Breached (SecurityWeek, Feb 07 2019)
Australia’s parliament revealed Friday that its computer network had been compromised by an unspecified “security incident” and said an investigation was under way.

Four differences between the GDPR and the CCPA (Help Net Security, Feb 04 2019)
The CCPA is a strong step in the right direction for the U.S. However, it does not go as far as European Union’s General Data Protection Regulation (GDPR), which went into effect May 25, 2018.

Microsoft rolls out new tools for enterprise security and compliance teams (Help Net Security, Jan 31 2019)
The new Microsoft 365 security center allows security administrators and other risk management professionals to manage and take full advantage of Microsoft 365 intelligent security solutions for identity and access management, threat protection, information protection, and security management.

Huddle House hit with point-of-sale data breach (SC Magazine, Feb 04 2019)
The Huddle House restaurant chain reported it has closed a point-of-sale data breach that existed one of its third-party vendors from August 2017 until now. The malware resided on a third-party system and exposed payment card information at some of the chain’s corporate and franchised locations.

Over 59K Data Breaches Reported in EU Under GDPR (Dark Reading, Feb 05 2019)
In addition, 91 reported fines have been imposed since the regulation went into effect last May.

No Sign of ‘Material’ Nation-State Actor Impact on 2018 US Midterms (Dark Reading, Feb 05 2019)
That’s the conclusion of a classified postmortem report sent to the White House yesterday by Acting Attorney General and DHS Secretary.

Bank IT Manager Gets 10 Years for ATM Exploit (Infosecurity Magazine, Feb 06 2019)
Huaxia Bank employee stole $1m from cashpoints

Carbonite Announces Webroot Purchase (Dark Reading, Feb 07 2019)
The purchase will add WebRoot’s cloud-based security to the cloud-based data backup and recovery platform of Carbonite.

Algeria Ranked ‘Least Cyber-Secure’ Country in the World, Japan ‘Most Cyber-Secure’ (Infosecurity Magazine, Feb 07 2019)
Comparitech studied 60 nations to gauge their ability to meet key security criteria

Australia Wields Vast Decryption Powers Before Planned Review (SecurityWeek, Feb 07 2019)
Australian security agencies have begun using sweeping new powers to access encrypted communications, even before a promised review to address concerns from the likes of Google, Apple and Facebook.