A Review of the Best News of the Week on Cybersecurity Management & Strategy

DNC issues cybersecurity guidance for 2020 election (SC Magazine, Feb 25 2019)
“The checklist is exactly that: a list of steps you can complete and then check off,” DNC CSO Bob Lord said in a blog post. “The goal is to print it out, and run through it line by line.”

ICANN calls for wholesale DNSSEC deployment (Help Net Security, Feb 25 2019)
In light of the recent DNS hijacking attacks, the Internet Corporation for Assigned Names and Numbers (ICANN) is urging domain owners and DNS services to implement DNSSEC post-haste.

Former Russian Cybersecurity Chief Sentenced to 22 Years in Prison (Krebs on Security, Feb 26 2019)
“A Russian court has handed down lengthy prison terms for two men convicted on treason charges for allegedly sharing information about Russian cybercriminals with U.S. law enforcement officials. The men — a former Russian cyber intelligence official and an executive at Russian security firm Kaspersky Lab — were reportedly prosecuted for their part in an investigation into Pavel Vrublevsky, a convicted cybercriminal who ran one of the world’s biggest spam networks and was a major focus of my 2014 book, Spam Nation.”

Without data, your security strategy is just a guess.
The Mosaic Security Research Market Intelligence Platform provides the data you need for OWASP’s Cyber Defense Matrix. Learn a new way to conduct a strategy assessment.

How to combat delivery ramifications after a data breach (Help Net Security, Feb 25 2019)
But to what extent will your email deliverability be impacted? Email deliverability experts know sending a message en masse to a complete database, without filtering out unresponsive or inactive email addresses, could greatly and negatively impact a sender’s reputation.

Don’t miss these keynotes at RSAC 2019 (Help Net Security, Feb 25 2019)
Keynotes will be live streamed via rsaconference.com and you can find some of the Conference’s most exciting moments on RSAC onDemand, where viewers will have access to select livestreamed sessions and on-demand recordings.

Gen. Nakasone on US CyberCommand (Schneier on Security, Feb 22 2019)
Really interesting article by and interview with Paul M. Nakasone (Commander of US Cyber Command, Director of the National Security Agency, and Chief of the Central Security Service) in the current issue of Joint Forces Quarterly. He talks about the evolving role of US Cyber Command, and its new posture of “persistent engagement” using a “cyber-persistant force.”

How Facebook Trains Content Moderators (Motherboard, Feb 25 2019)
Facebook’s former head of training talks about how the company decides whether a person is cut out to look at hateful, violent, and graphic content all day.

Former Hacking Team Members Are Now Spying on the Blockchain for Coinbase (Motherboard, Feb 26 2019)
Coinbase said it’s aware of the Neutrino founders’ controversial past, but their technology is the best the major exchange has encountered.

These are the four parts of the economy most vulnerable to cyberattack, according to Moody’s (Washington Post, Feb 28 2019)
It found a major cyberattack could potentially bring banks, investment firms, securities exchanges and hospitals to financial ruin and prevent an organization from making good on some of what it owes. It’s encouraging lenders to consider an organization’s cybersecurity vulnerabilities before making loans in those sectors, the report says.

Can Everybody Read the US Terrorist Watch List? (Schneier on Security, Feb 28 2019)
After years of claiming that the Terrorist Screening Database is kept secret within the government, we have now learned that the DHS shares it “with more than 1,400 private entities, including hospitals and universities….”

How to Shop Like a Pro at RSA Conference (SecurityWeek, Mar 01 2019)
So, with a hat-tip to The New Yorker’s Marie Kondo shopping guide—based on a day spent shopping with her—here’s how you can apply the KonMari method to shopping the RSA Conference like a pro!

US pushed Russian troll factory offline during US midterm elections (Naked Security – Sophos, Feb 28 2019)
The US blocked internet access to Russian trolls who, they say, were trying to spread FUD.

Booter Boss Interviewed in 2014 Pleads Guilty (Krebs on Security, Feb 28 2019)
“A 20-year-old Illinois man has pleaded guilty to running multiple DDoS-for-hire services that launched millions of attacks over several years. The plea deal comes almost exactly five years after KrebsOnSecurity interviewed both the admitted felon and his father and urged the latter to take a more active interest in his son’s online activities.”

Businesses need to rethink security priorities due to shifting trends (Help Net Security, Mar 01 2019)
One shift in attacks that businesses should be aware of is the rapid growth of cryptocurrency mining, which increased 237 percent, according to the 2018 Security Roundup Report by Trend Micro.

Tik Tok Kids’ App Hit by Record $5.7m FTC Fine (Infosecurity Magazine, Mar 01 2019)
Regulator says Chinese app didn’t seek parental consent from under-13s

The Truth about Business Risk Intelligence (SecurityWeek, Feb 25 2019)
“As someone who has long been an avid supporter and practitioner of BRI [and works for a vendor that sells BRI], I feel it’s my duty to share—and debunk—some of the most persistent and misleading BRI fallacies I’ve heard over the years.”-CEO of FlashPoint

Russian creator of NeverQuest banking trojan pleads guilty in American court (Graham Cluley, Feb 25 2019)
Arrested as he returned his rental car at Barcelona’s airport, a 33-year-old Russian faces up to five years in jail after admitting to being the mastermind behind the sophisticated NeverQuest banking trojan.

Mozilla fears encryption law could turn its employees into insider threats (Naked Security – Sophos, Feb 26 2019)
Mozilla has told the Australian government that its anti-encryption laws could turn its own employees into insider threats.

Calif. bill to broaden data breach notification law to include passport, biometric info (SC Magazine, Feb 25 2019)
“AB 1130 closes a gap in California law and ensures that our state remains the nation’s leader in data privacy and protection.”

Persistent Attackers Rarely Use Bespoke Malware (Dark Reading, Feb 27 2019)
Study of the Bronze Union group-also known as APT27 or Emissary Panda-underscores how most advanced persistent threat (APT) groups now use administrative tools or slight variants of well-known tools.