A Review of the Best News of the Week on Cybersecurity Management & Strategy

We Need More Transparency in Cybersecurity (Dark Reading, Feb 08 2019)
Security has become a stand-alone part of the corporate IT organization. That must stop, and transparency is the way forward.

Malta’s leading bank resumes operations after cyberheist-induced shutdown (WeLiveSecurity, Feb 15 2019)
Bank of Valetta, which went dark for a day after the fraudulent transfers of €13 million, is now looking to get the money back

“We’re doubling down.” DHS insists it’s not reducing election security efforts (Washington Post, Feb 15 2019)
Chris Krebs, who leads DHS’s Cybersecurity and Infrastructure Security Agency, was punching back Thursday against a Daily Beast report citing anonymous staffers who said the department was reducing its election security efforts following the midterms to invest more in border security and other Trump administration priorities.


Without data, your security strategy is just a guess.
The Mosaic Security Research Market Intelligence Platform provides the data you need for OWASP’s Cyber Defense Matrix. Learn a new way to conduct a strategy assessment.


88% of UK businesses breached during the last 12 months (Help Net Security, Feb 12 2019)
According to the report, malware remains the most prolific attack type in the UK, with more than a quarter (27%) of organizations naming it the most commonly encountered. Ransomware holds second position (15%). However, the human factor plays a part in the attacks resulting in breaches.

Tenable announces general availability of Predictive Prioritization (Help Net Security, Feb 11 2019)
Predictive Prioritization enables organizations to reduce business risk by focusing on the three percent of vulnerabilities with the greatest likelihood of being exploited in the next 28 days.

Bomb Threat Hoaxer Exposed by Hacked Gaming Site (Krebs on Security, Feb 14 2019)
“Federal authorities this week arrested a North Carolina man who allegedly ran with a group of online hooligans that attacked Web sites (including this one), took requests on Twitter to call in bomb threats to thousands of schools, and tried to frame various online gaming sites as the culprits. In an ironic twist, the accused — who had fairly well separated his real life identity from his online personas — appears to have been caught after a gaming Web site he frequented got hacked.”

High Stress Levels Impacting CISOs Physically, Mentally (Dark Reading, Feb 14 2019)
Some have even turned to alcohol and medication as their demands outpace resources.

China Gives Police New Powers to Snoop on Foreign Firms (Infosecurity Magazine, Feb 11 2019)
Recorded Future warns of growing security threat for multi-nationals

China Is A Target – Just Like Us (SecurityWeek, Feb 12 2019)
Chinese Companies Are facing Many of the Same Cyber Challenges as Companies Elsewhere in the World

US Law Enforcement Busts Romanian Online Crime Operation (Dark Reading, Feb 08 2019)
Twelve members of 20-person group extradited to US to face charges related to theft of millions via fake ads other scams.

Senators Urge Security Audit of Foreign VPNs (Infosecurity Magazine, Feb 11 2019)
Chinese and Russian apps could be a national security risk

Russian ISPs plan internet disconnection test for entire country (Naked Security – Sophos, Feb 12 2019)
Russia’s major ISPs plan to temporarily disconnect servers from the internet, effectively cutting the country off from the outside world.

SMBs spending a day each week dealing with cybersecurity issues (Help Net Security, Feb 13 2019)
Almost half of UK small to medium-sized businesses (SMBs) believe a cyberattack would put their business at risk of closure, and 48 per cent of businesses report they have had to deprioritise activities that would help grow their business to address cybersecurity…

2018 Was Second-Most Active Year for Data Breaches (Dark Reading, Feb 13 2019)
Hacking by external actors caused most breaches, but Web intrusions and exposures compromised more records, according to Risk Based Security.

NIST Cybersecurity Framework: Five years later (Help Net Security, Feb 14 2019)
Five years after the release of the Framework for Improving Critical Infrastructure Cybersecurity, organizations across all sectors of the economy are creatively deploying this voluntary approach to better management of cybersecurity-related risks.

What CEOs Need to Know About the Future of Cybersecurity (Infosec Island, Feb 14 2019)
CEOs need to take the lead and take stock now in order to ensure that their organizations are better prepared and engaged to deal with these ever-emerging challenges.

Cyberinsurance and Acts of War (Schneier on Security, Feb 13 2019)
“I had not heard about this case before. Zurich Insurance has refused to pay Mondelez International’s claim of $100 million in damages from NotPetya. It claims it is an act of war and therefor not covered. Mondelez is suing.”

Photography site 500px resets 14.8 million passwords after data breach (Naked Security – Sophos, Feb 15 2019)
Photography website 500px has become the latest site to admit suffering a serious data breach.

Coffee Meets Bagel daters credentials among 617M records for sale on Dream Market cyber-souk (SC Magazine, Feb 15 2019)
Those looking for love on Coffee Meets Bagel before May 2018 may have gotten more exposure than they were bargaining for – the online dating site confirmed on Valentine’s Day that it had been breached and that daters’ personal information may have been “acquired by an unauthorized party.”