A Review of the Best News of the Week on Cybersecurity Management & Strategy

How The U.S. Hacked ISIS (NPR, Sep 26 2019)
In 2016, the U.S. launched a classified military cyberattack against ISIS to bring down its media operation. NPR interviewed nearly a dozen people who lived it.

Women in Cybersecurity: Where We Are and Where We’re Going (Scientific American, Sep 23 2019)
Here’s how to bring gender equality to a thoroughly male-dominated field

How Google Changed the Secretive Market for the Most Dangerous Hacks in the World (VICE, Sep 23 2019)
For five years, Google has funded Project Zero, a team of hackers with the sole mission of finding bugs in whatever software they wanted to research, be it Google’s or somebody else’s. Are they making the internet safer?

Filter Out the Noise
Since I started this curated newsletter in June 2017, I’ve clipped ~11,000 articles and narrowed them down into the best 20 per day & best 15 per week. This is my favorite way to cut through all the security marketing and hype. If you’re enjoying it, tell a friend. If you hate it, tell an enemy.
Thanks! – Lucas Samaras

Share today’s post on Twitter Facebook LinkedIn

Study Reveals Most Expensive State for Cyber Insurance (Infosecurity Magazine, Sep 19 2019)
Across America’s 50 states and the District of Columbia, the cost of cyber insurance averaged out at $1,501 per year, or around $125 a month, but for Delaware business owners the price rose to $1,626.92 per year. In Arizona, where the cost of cyber insurance was 24.15% cheaper than the national average, policies were on average $1,139 per year.

Investors accuse FedEx of lying, stock dumping after NotPetya attack (Naked Security – Sophos, Sep 23 2019)
This is the second such suit, with shareholders asking why execs sold $40m+ of their shares while downplaying the ransomware attack.

France Outlines Its Approach to Cyberwar (Schneier on Security, Sep 23 2019)
“In a document published earlier this month (in French), France described the legal framework in which it will conduct cyberwar operations. Lukasz Olejnik explains what it means, and it’s worth reading.”

McConnell’s support for election security funding is just the start of a big fight (Washington Post, Sep 20 2019)
Senate Majority Leader Mitch McConnell (R-Ky.) partially relented yesterday in the fight over election security by throwing his support behind a $250 million infusion of cash for state election officials.

All the Code Connections Between Russia’s Hackers, Visualized (Wired, Sep 24 2019)
A sort of constellation chart for Kremlin malware, made by two cybersecurity firms, demonstrates the scale of Russia’s distinct hacking operations.

Crown Sterling Claims to Factor RSA Keylengths First Factored Twenty Years Ago (Schneier on Security, Sep 20 2019)
“Earlier this month, I made fun of a company called Crown Sterling, for…for…for being a company that deserves being made fun of. This morning, the company announced that they “decrypted two 256-bit asymmetric public keys in approximately 50 seconds from a standard laptop computer.” Really. They did. This keylength is so small it has never been considered secure. It was too small to be part of the RSA Factoring Challenge when it was introduced in 1991.”

HP Purchases Security Startup Bromium (Dark Reading, Sep 20 2019)
The purchase will bring new isolation and threat intelligence capabilities to the HP portfolio.

Metasploit Creator HD Moore’s Latest Hack: IT Assets (Dark Reading, Sep 19 2019)
Moore’s IT asset discovery tool. Rumble Network Discovery. aims to solve one of the most basic yet confounding problems organizations face and have faced for years: getting a true inventory of all of the devices and services running in their increasingly diverse and growing networks.

FS-ISAC and Europol Partner to Combat Cross-Border Cybercrime (Infosecurity Magazine, Sep 19 2019)
Memorandum of Understanding aims to reduce cyber-risk in the financial system through intelligence sharing

How SMBs can bring their security testing on par with larger enterprises (Help Net Security, Sep 23 2019)
What are the challenges of securing small and medium-sized enterprises vs. larger ones? And how can automated, continuous security testing help shrink the gap?

How Can I Ensure Cyber Insurers Will Pay My Claim? (Dark Reading, Sep 23 2019)
To get the best out of your policy, do more than just sign on the dotted line.

Hundreds of US Schools Hit by Ransomware in 2019 (Infosecurity Magazine, Sep 24 2019)
Education sector the second most popular for hackers, says Armor

Malindo Air: Data Breach Was Inside Job (Infosecurity Magazine, Sep 24 2019)
Two former employees of airline’s e-commerce provider are blamed

Microsoft to Provide Free Security Updates for Voting Systems Running Windows 7 (SecurityWeek, Sep 23 2019)
Microsoft will continue to provide some Windows 7 machines with security updates beyond the January 2020 end-of-support date, and voting systems are among them, the company has announced.

Being CISO Is No Longer a Dead-End Job (SecurityWeek, Sep 23 2019)
The combined effect is that the role of CISO has been elevated — to such an extent that 76% of CISOs now believe that managing cyber risk is becoming so important that we will see companies naming CISOs as CEOs in the future.

Czech Intelligence Blames China for Major Cyber Attack (SecurityWeek, Sep 25 2019)
China was behind a major cyber attack at a key government institution in the Czech Republic last year, the EU member’s intelligence agency said in a report Wednesday.

60% of Major US Firms Have Been Hacked in Cloud: Study (SecurityWeek, Sep 25 2019)
Hackers have penetrated cloud computing networks of some 60 percent of top US companies, with virtually all industry sectors hit, security researchers said Tuesday.