A Review of the Best News of the Week on Cybersecurity Management & Strategy

Equifax just became the first company to have its outlook downgraded for a cyber attack (CNBC, May 22 2019)
A Moody’s spokesperson said the downgrade is significant because “it is the first time that cyber has been a named factor in an outlook change.” Equifax’s breach in 2017 will have a lasting effect on the company’s security spend and infrastructure costs, Moody’s said.

Huawei given 90-day reprieve from Entity List (SC Magazine, May 22 2019)
The U.S. Commerce Department has temporarily relieved Chinese manufacturer Huawei of its inclusion on the federal Entity List, allowing the company to continue to do operate with its business partners for 90 days.

Half of companies missed GDPR deadline, 70% admit systems won’t scale (Help Net Security, May 17 2019)
Even if given two years notice to achieve GDPR compliance, only half of companies self-reported as compliant by May 25, 2018, a DataGrail survey reveals.

Without data, your security strategy is just a guess.
The Mosaic Security Research Market Intelligence Platform provides the data you need for OWASP’s Cyber Defense Matrix. Learn a new way to conduct a strategy assessment.

Why some of the world’s top cybersecurity hackers are being paid millions to use their powers for good (CNBC, May 18 2019)
The freelance model makes sense, as hackers with the best skills are often in high demand or too dynamic to want to stay put at a corporate job, according to Synack CEO Jay Kaplan.

The US Ban on Huawei Is Causing a Global Mess (VICE, May 22 2019)
The highly interconnected nature of the global tech industry means the US ban has wide ripple effects.

Germany Talking about Banning End-to-End Encryption (Schneier on Security, May 24 2019)
Der Spiegel is reporting that the German Ministry for Internal Affairs is planning to require all Internet message services to provide plaintext messages on demand, basically outlawing strong end-to-end encryption. Anyone not complying will be blocked, although the article doesn’t say how. (Cory Doctorow has previously explained why this would be impossible.)

NSS Labs Admits Its Test of CrowdStrike Falcon Was ‘Inaccurate’ (Dark Reading, May 24 2019)
CrowdStrike, NSS Labs reach confidential settlement over 2017 endpoint product testing dispute.

NCIS Cyber: USAF investigating USN for planting email tracking malware (SC Magazine, May 23 2019)
In a convoluted plot even the most inventive TV writer would have a hard time conjuring the U.S. Air Force is investigating an alleged cyber intrusion by the U.S. Navy.

Baltimore’s slow recovery shows far-reaching consequences of ransomware (The Washington Post, May 22 2019)
Baltimore still isn’t able to provide basic city services two weeks after a powerful ransomware attack. And a full recovery may take months, Mayor Bernard C. “Jack” Young says.

Louisville Regional Airport Authority grounded by ransomware attack (SC Magazine, May 22 2019)
The Louisville Regional Airport Authority (LRAA) had its wings clipped on Monday by a ransomware attack on its systems, reports say.

Selecting Enterprise Email Security: Scaling to the Enterprise (Securosis Blog, May 20 2019)
this post will dig into selecting the security platform, integrating with other enterprise security controls, and finally some adjacent services which can improve the security of your email and so should be considered as part of broad protection.

AT&T Homepage Mistakenly Warns Users of a Non-Existent Data Breach (VICE, May 21 2019)
The boilerplate FAQ is an interesting peek behind the curtain at how companies prepare for data breaches, and at how they pre-plan their apologies.

Will the U.S. government draft cybersecurity professionals? (CSO Online, May 20 2019)
The National Commission on Military, National and Public Service, created by Congress, is currently evaluating the Selective Service System (SSS) with an eye toward modernizing the draft, including the possibility of conscripting cybersecurity professionals.

Budgeting for Cyber Attacks: Security spending to reach 133.7 billion by 2022 (Digital Information World, May 20 2019)
With the average expenditure on cybercrime growing dramatically, the cost of an attack can be disastrous for a company that has not properly considered the idea that cybersecurity be a major part of their regular budget.

How a Manufacturing Firm Recovered from a Devastating Ransomware Attack (Dark Reading, May 20 2019)
The infamous Ryuk ransomware slammed a small company that makes heavy-duty vehicle alternators for government and emergency fleet. Here’s what happened.

97% of Americans Can’t Ace a Basic Security Test (Dark Reading, May 20 2019)
According to a March study of more than 2,000 US adults conducted by the Harris Poll for Google, while 55% of Americans 16 years and above give themselves an A or a B in online security, 97% got at least one question wrong on a basic, six-question security test. The test asked people to identity whether links without https were OK or to identify links with bad characters.

Top cybersecurity companies are pooling their intel to stop cyberattacks (The Washington Post, May 23 2019)
The goal of the program, organized by the nonprofit Cyber Threat Alliance, is to get fixes to all the companies’ customers before the hackers know they’ve been spotted. It’s sort of like everyone in a neighborhood locking their doors at once.

How to write an effective data breach notification? (Help Net Security, May 23 2019)
Data breach notifications sent by companies to affected customers are often unclear and not very helpful, University of Michigan researchers have found.

One Year On, EU Has 145,000 Data Law Complaints (SecurityWeek, May 22 2019)
One year after the entry into force of landmark EU rules to better protect personal data, nearly 145,000 complaints have been registered, an initial assessment revealed on Wednesday.

Any advance on $1.2m for this virus-infested netbook? (Naked Security – Sophos, May 24 2019)
Can you ever call malware art? That question is now up for debate as a Chinese internet artist puts a laptop full of viruses up for auction.