A Review of the Best News of the Week on Cybersecurity Management & Strategy

Get ready for the hacking back debate: Round 2 (The Washington Post, Jun 13 2019)
A bipartisan bill being reintroduced this morning would allow hacked companies to turn the tables and hack back into their attackers’ computer networks. The Active Cyber Defense Certainty Act, sponsored by Reps. Tom Graves (R-Ga.) and Josh Gottheimer (D-N.J.), would allow those hacked companies to only ferret out what happened to their stolen data and gather evidence for police, though — not to destroy anything on the attackers’ computer networks.

The Future of Have I Been Pwned (Up for Sale) (Troy Hunt, Jun 11 2019)
Back in 2013, I was beginning to get the sense that data breaches were becoming a big thing. The prevalence of them seemed to be really ramping up as was the impact they were having on those of us that found ourselves in them, myself included….

Workshop on the Economics of Information Security (Schneier on Security, Jun 11 2019)
“Last week, I hosted the eighteenth Workshop on the Economics of Information Security at Harvard. Ross Anderson liveblogged the talks….”

One of My Favorite Things
Since I started this curated newsletter in June 2017, I’ve clipped ~10,000 articles and narrowed them down into the best 20 per day & best 15 per week. This is my favorite way to cut through all the security marketing and hype. If you’re enjoying it, tell a friend. If you hate it, tell an enemy.
Thanks! – Lucas Samaras

Share today’s post on Twitter Facebook LinkedIn

The Last Blog Post! (From Anton Chuvakin) (Gartner Blog Network, Jun 06 2019)
“It is with some sadness and much excitement that I write this final post for my Gartner blog. If you recall, I joined Gartner in 2011, so it has been nearly 8 years. So far, this has been my favorite job, the best I ever had in my life, by a wide margin.”

KKR Mints a New Cybersecurity Unicorn (Fortune, Jun 12 2019)
Three months after announcing an initial $50 million investment in the company, private equity giant KKR is leading an additional $300 million in funding for cybersecurity firm KnowBe4, in a deal that values the startup at $1 billion.

Radiohead Dropped 18 Hours of Unreleased Music to Screw Pirates (Wired, Jun 12 2019)
You can listen to the OK Computer–era tracks right here.

The Rise of ‘Purple Teaming’ (Dark Reading, Jun 13 2019)
The next generation of penetration testing represents a more collaborative approach to old fashioned Red Team vs. Blue Team.

How human bias impacts cybersecurity decision making (Help Net Security, Jun 10 2019)
In a newly released report, Dr Margaret Cunningham, psychologist and Principal Research Scientist at Forcepoint, examined six universal unconscious human biases, how they can influence cybesecurity decision making, and urges infosec pros and leaders to make an effort to overcome them.

Court unseals indictment against alleged Darkode hacking forum members (SC Magazine, Jun 07 2019)
An American and three Europeans have been charged with racketeering conspiracy and conspiracy to commit wire fraud and bank fraud for allegedly distributing malware on the now-defunct Darkode computer hacking forum.

Russia accused of hacking EU embassy in Moscow (SC Magazine, Jun 11 2019)
Russia is believed to have hacked the Europian Union’s embassy in Moscow in a sophisticated cyberespionage attack designed to steal highly sensitive material from the mission’s internal network just weeks before the European Parliament elections. The initial attack took place in February 2017, but wasn’t detected until April of this year.

U.S. House passes bill that would require DHS to maintain cyber hunt, IR teams (SC Magazine, Jun 11 2019)
The U.S. House of Representatives yesterday passed its own version of the DHS Cyber Incident Response Teams Act of 2019, which would require the Department of Homeland Security to permanently maintain cyber hunt and incident response teams that help prevent and mitigate attacks on federal agencies and the private sector.

Ransomware attack hobbles Washington food bank (SC Magazine, Jun 11 2019)
An Auburn, Washington-based food bank that provides meals to individuals in need has reportedly been victimized in a ransomware attack, leaving staff members unable to access files and emails.

Cloudflare’s Five-Year Project to Protect Nonprofits Online (Wired, Jun 12 2019)
Cloudflare’s Project Galileo has helped vulnerable organizations fend off DDoS and other attacks for the last five years.

A Top Voting-Machine Firm Calls for Paper Ballots (Wired, Jun 11 2019)
The long-awaited shift from paperless ballots could make elections more secure.

Newly public CrowdStrike wants to become the Salesforce of cybersecurity (TechCrunch, Jun 12 2019)
Since 2012, CrowdStrike’s Falcon Endpoint Protection platform has been pushing those incumbents into a new era of endpoint protection. By helping enterprises across the globe battle increasingly complex attack scenarios more efficiently, CrowdStrike, as well as other fast-growing cybersecurity upstarts, has redefined company security standards much like Salesforce redefined how companies communicate with customers.

Tomorrow’s Cybersecurity Analyst Is Not Who You Think (Dark Reading, Jun 12 2019)
Organizations can’t just rely on diverse and cutting-edge technologies to fight adversaries. They will also need people with diverse expertise and backgrounds.

VPN Complexity Cripples Innovation (SC Magazine, Jun 13 2019)
Long gone are the days when switchboard operators were relied upon to make phone connections. Advancements in telecommunication quickly eliminated the need for cumbersome and manual intervention. It is time we abandon the switchboard-like model that we have inherited from virtual private networks (VPNs), remove unnecessary complexity, and make room for security innovation.

DNS Firewalls Could Save Companies Billions (Dark Reading, Jun 13 2019)
New analysis shows widespread DNS protection could save organizations as much as $200 billion in losses every year.

Philly Courts Still Down After Cyber-Attack (Infosecurity Magazine, Jun 14 2019)
Some Philadelphia Court systems are still down three weeks post-attack

Telegram blames China for DDoS disruptions during Hong Kong unrest (SC Magazine, Jun 13 2019)
Telegram pointed the finger at Chinese state-sanctioned actors yesterday after a distributed denial of service (DDoS) attack overwhelmed its servers as protests were taking place in Hong Kong.