CISO View – The Week’s Best News – 2019.06.21

A Review of the Best News of the Week on Cybersecurity Management & Strategy

The Global Hawk Drone Iran Shot Down Was a $220M Surveillance Monster (Wired, Jun 20 2019)
The Global Hawk can fly at an altitude of 55,000 feet and stay aloft for 30 hours straight.

This Florida city just paid hackers a huge ransom. Is that better or worse for taxpayers? (The Washington Post, Jun 21 2019)
A small Florida city paid an extraordinary $600,000 in ransom this week to hackers who had locked up the city’s computer systems — highlighting an increasingly common dilemma for city leaders across the country.

Five reasons “hacking back” is a recipe for cybersecurity chaos (MIT Technology Review, Jun 21 2019)
A new US bill would make it legal for private companies to chase hackers across the internet. It’s a terrible idea that simply will not die.


One of My Favorite Things
Since I started this curated newsletter in June 2017, I’ve clipped ~10,000 articles and narrowed them down into the best 20 per day & best 15 per week. This is my favorite way to cut through all the security marketing and hype. If you’re enjoying it, tell a friend. If you hate it, tell an enemy.
Thanks! – Lucas Samaras

Share today’s post on Twitter Facebook LinkedIn


Are U.S. companies overpaying to attract new talent? (Help Net Security, Jun 17 2019)
While compensation remains a top driver to attract and retain talent in the U.S., employees only expect about a 10% salary increase to switch employers, while companies are offering average compensation increases around 15%, according to a recent survey by Gartner.

Massive Data Breach at Canada Credit Union Giant Desjardins (SecurityWeek, Jun 21 2019)
Canada’s Desjardins credit union announced Thursday that the personal banking information of 2.9 million customers had been stolen by an employee and distributed to outside parties.

How Not To Prevent a Cyberwar With Russia (Wired, Jun 18 2019)
“…in many respects the US economy and infrastructure is far more reliant on digitization and automation than Russia’s, giving the Kremlin an inherent advantage in any future no-holds-barred cyberwar. He paraphrases former secretary of defense Ash Carter: “If you’re doused in gasoline, don’t start a match-throwing contest.”

Can Your Patching Strategy Keep Up with the Demands of Open Source? (Dark Reading, Jun 18 2019)
It’s time to reassess your open source management policies and processes.

Why phishing education has never been more critical to your business (Help Net Security, Jun 18 2019)
…according to the 2019 Verizon Data Breach Investigations Report, a third of cyber-attacks across all industries involved phishing.

A Plan to Stop Breaches With Dead Simple Database Encryption (Wired, Jun 18 2019)
Database giant MongoDB has a new encryption scheme that should help slow the scourge of breaches.

Gov. Hogan Signs Executive Order Aimed At Strengthening Cybersecurity In Maryland (CBS Baltimore, Jun 18 2019)
The order creates the position of the Maryland Chief Information Security Officer and establishes the Office of Security Management and the Maryland Cybersecurity Coordinating Council.

John Deere’s Promotional USB Drive Hijacks Your Keyboard (VICE, Jun 18 2019)
A Redditor went to a recent John Deere conference and got a promotional John Deere USB drive that automatically typed in a URL when connected to a computer.

Senate Democrats target McConnell in election security fight (The Washington Post, Jun 19 2019)
The Democrats are demanding votes on bills that would mandate states use paper ballots that are far tougher to hack than fully electronic ones and conduct security audits of election systems.

Report: Iran claims to have thwarted a U.S. cyber espionage operation (SC Magazine, Jun 19 2019)
Iran is reportedly claiming that it successfully uprooted a CIA-led cyber espionage operation and arrested several U.S. spies in the process.

Nation-sponsored hackers likely carried out hostile takeover of rival group’s servers (Ars Technica, Jun 20 2019)
Like an episode of Spy vs. Spy, Russian-speaking Turla appears to hijack OilRig’s network.

Hackers, farmers, and doctors unite! Support for Right to Repair laws slowly grows (Ars Technica, Jun 20 2019)
The right to repair battle trudges on despite a record amount of legislative proposals.

Inside the FBI’s Fight Against Cybercrime (Dark Reading, Jun 20 2019)
Heavily outnumbered and outpaced by their targets, small FBI cybersquads have been quietly notching up major wins against online criminals operating out of home and abroad.

Insured losses from a cyber catastrophe could reach billions (Help Net Security, Jun 21 2019)
Analysis shows insured business interruption losses from a cyber catastrophe could reach an estimated $3.25 billion.

Google Open-Sources Cryptographic Protocol (SecurityWeek, Jun 20 2019)
Google this week rolled out a new type of multi-party computation (MPC) to help organizations better collaborate with confidential data sets.

Share on facebook
Facebook
Share on twitter
Twitter
Share on linkedin
LinkedIn