A Review of the Best News of the Week on Cybersecurity Management & Strategy
The Extortion Economy: How Insurance Companies Are Fueling a Rise in Ransomware Attacks (ProPublica, Aug 28 2019)
Even when public agencies and companies hit by ransomware could recover their files on their own, insurers prefer to pay the ransom. Why? The attacks are good for business.
U.S. Cyberattack Hurt Iran’s Ability to Target Oil Tankers, Officials Say (The New York Times, Aug 29 2019)
The strike came on the same day that President Trump called off a retaliatory airstrike against Iran after it shot down an American drone.
Low Budgets, Limited Expertise Plague SMB Cybersecurity (SecurityWeek, Aug 27 2019)
Untangle queried 300 SMBs, with the most common staff level between 25 and 300 personnel, for its 2019 SMB IT security report. It found that 29% of these companies have an annual security budget of less than $1,000 per year. Fifty-two percent have no dedicated security professional on staff, and instead distribute the responsibility across multiple other roles.
One of My Favorite Things
Since I started this curated newsletter in June 2017, I’ve clipped ~10,000 articles and narrowed them down into the best 20 per day & best 15 per week. This is my favorite way to cut through all the security marketing and hype. If you’re enjoying it, tell a friend. If you hate it, tell an enemy.
Thanks! – Lucas Samaras
Our shared industry mission to close the cybersecurity workforce gap (SC Magazine, Aug 27 2019)
It’s no secret that our cybersecurity industry today suffers from a yawning talent gap — a statistical juggernauton track to reach 3.5 million unfilled positions by 2021. As the wakeup call spreads, we’re seeing more cross-disciplinary trainingsand nurture efforts deep into the educational pipeline — from pre-K, elementaryand middle schoolinitiatives, to programs for high schooland higher education.
The Threat of Fake Academic Research (Schneier on Security, Aug 27 2019)
Interesting analysis of the possibility, feasibility, and efficacy of deliberately fake scientific research, something I had previously speculated about….
Cops Hijack Botnet, Remotely Wipe Malware From 850,000 Computers (VICE, Aug 28 2019)
Police in France took down a large cryptocurrency-mining malware operation with the help of a cybersecurity firm.
Cryptography & the Hype Over Quantum Computing (Dark Reading, Aug 26 2019)
It’s not time to move to post-quantum cryptography yet — too many things are still up in the air. But you can start to become prepared by making sure your infrastructure is agile.
IBM Announces Quantum Safe Encryption (Dark Reading, Aug 23 2019)
Techniques too tough for quantum computing solutions will be part of public cloud and tape storage encryption.
Alleged “snake oil” crypto company sues over boos at Black Hat (Ars Technica, Aug 23 2019)
One of the strangest moments at the Black Hat USA security conference in Las Vegas this month has now become the subject of a federal lawsuit against the conference.
Judge Orders Woman in Capital One Case to Remain in Custody (SecurityWeek, Aug 26 2019)
A U.S. judge on Friday ordered a woman accused of hacking Capital One and at least 30 other organizations to remain in custody pending trial because she is a flight risk and poses a physical danger to herself and others.
Qualys Launches Free App for IT Asset Discovery and Inventory (Dark Reading, Aug 23 2019)
Qualys’s Chairman and CEO, Philippe Courtot talks about changes in the security landscape he’s witnessed during the company’s 20-year lifespan, as well as what motivated the vendor to give away its Global IT Asset Discovery and Inventory app for free.
Over 50,000 UK SMEs Could Collapse Following Cyber-Attack (Infosecurity Magazine, Aug 27 2019)
The insurance and risk management giant polled 1120 senior decision makers from UK firms with up to 250 employees, in order to better understand the cyber-threat.
It found that 1.4 million businesses were hit by major attacks last year, costing them a combined £8.8bn. Nearly a quarter (24%) of firms were affected by one of these “crisis” incidents — a 5% increase on the previous year.
Although the average cost of attacks to the affected business was around £6400, 17% of responding SMEs said they were forced to spend £10,000 or more, while nearly one in 10 (9%) paid out in excess of £20,000.
Nearly Half of SMBs, Enterprises Still Using Windows 7 (SecurityWeek, Aug 27 2019)
47% of small and medium-sized businesses (SMBs) and enterprises still use Windows 7.
CrowdStrike Launches Fund for Early-Stage Endpoint Security Startups (Dark Reading, Aug 27 2019)
It’s goal is to accelerate delivery of third-party apps that add on and extend the company’s Falcon cloud-hosted services.
Seven best practices for an effective phishing simulation program (SC Magazine, Aug 28 2019)
To attain optimal long-term results, companies should follow a scientific methodology that implements the following seven best practices…
The Trailer for ‘Mr. Robot’ Season 4 Just Dropped and It’s Dark as Ever (VICE, Aug 27 2019)
The fourth season’s trailer promises a dark and dreary Christmas for everyone involved.
The Myth of Consumer-Grade Security (Schneier on Security, Aug 28 2019)
“The Department of Justice wants access to encrypted consumer devices but promises not to infiltrate business products or affect critical infrastructure. Yet that’s not possible, because there is no longer any difference between those categories of devices. Consumer devices are critical infrastructure. They affect national security. And it would be foolish to weaken them, even at the request of law enforcement.”
McAfee may seek $8B valuation in cybersecurity IPO this fall (Biz Journals, Aug 28 2019)
it hits an $8 billion valuation, McAfee would top the $7.7 billion price Intel paid for the cybersecurity business in 2010.
Video captures glitching Mississippi voting machines flipping votes (Naked Security – Sophos, Aug 29 2019)
A video that shows an electronic machine switching voters’ selections has gone viral, underscoring the need for paper audit trails.
Malware Takes Down Lumber Liquidators’ Network (SecurityWeek, Aug 28 2019)
North American hard-surface flooring retailer Lumber Liquidators this week revealed that it managed to restore most of its network after a malware attack disabled parts of it for nearly a week.