A Review of the Best News of the Week on Cybersecurity Management & Strategy
U.S. carried out secret cyber strike on Iran in wake of Saudi oil attack: officials (Reuters, Oct 16 2019)
The United States carried out a secret cyber operation against Iran in the wake of the Sept. 14 attacks on Saudi Arabia’s oil facilities, which Washington and Riyadh blame on Tehran, two U.S. officials have told Reuters.
Inside Olympic Destroyer, the Most Deceptive Hack in History (Wired, Oct 18 2019)
The untold story of how digital detectives unraveled the mystery of Olympic Destroyer—and why the next big cyberattack will be even harder to crack.
Buyout firm Thoma Bravo adds Sophos to cybersecurity chest in $3.8 billion deal (Reuters, Oct 14 2019)
U.S. private equity firm Thoma Bravo is adding Sophos Group (SOPH.L) to its cybersecurity stable, announcing on Monday a buyout deal that values the British maker of antivirus and encryption products at about $3.8 billion.
Filter Out the Noise
Since I started this curated newsletter in June 2017, I’ve clipped ~11,000 articles and narrowed them down into the best 20 per day & best 15 per week. This is my favorite way to cut through all the security marketing and hype. If you’re enjoying it, tell a friend. If you hate it, tell an enemy.
Thanks! – Lucas Samaras
We’re all at risk when 65% of stressed-out cybersecurity and IT workers are thinking about quitting, tech exec warns (CNBC, Oct 11 2019)
A recent report found that the average tenure of a chief information security officer (CISO) is only 18 to 24 months, citing constant stress and urgency of the job as the core reasons. For comparison, the average tenure of a chief financial officer is 6.2 years and the average tenure of a chief executive officer is 8.4 years.
Apple removes app that tracks Hong Kong police and protestors (Naked Security – Sophos, Oct 11 2019)
Apple was under fire this week after banning an app that tracked the location of both police and protesters in Hong Kong on a live map.
Pitney Bowes Hit by Ransomware (Dark Reading, Oct 14 2019)
The attack does not appear to have endangered customer data, but it has had an impact on orders for supplies and postage refills.
11 Stats on CISO Spending to Inform Your 2020 Cybersecurity Budget (IBM Security Intelligence, Oct 15 2019)
Here are 11 statistics on CISO spending to help inform your own 2020 cybersecurity budget.
When Card Shops Play Dirty, Consumers Win (Krebs on Security, Oct 16 2019)
“Cybercrime forums have been abuzz this week over news that BriansClub — one of the underground’s largest shops for stolen credit and debit cards — has been hacked, and its inventory of 26 million cards shared with security contacts in the banking industry. Now it appears this brazen heist may have been the result of one of BriansClub’s longtime competitors trying to knock out a rival.”
How Cybersecurity Salaries Fit Experience and Specialization (IBM Security Intelligence, Oct 11 2019)
According to PayScale, the median salary for an entry-level information security analyst with cybersecurity skills is just shy of $60,000.
Hackers Dissect ‘Mr. Robot’ Season 4 Episode 2: ‘Payment Required’ (VICE, Oct 14 2019)
Technologists, hackers, and journalists recap and review the second episode of the final season of the realistic hacking show.
Mississippi gov’t agencies fall short of cybersecurity compliance standards (SC Magazine, Oct 14 2019)
Mississippi government institutions by and large are failing to comply with standard cybersecurity practices – only 71 of 125 state agencies, boards, commissions, and universities responded to a survey by the Office of the State Auditor (OSA) and only 53 of those have an articulated cybersecurity policy in place.
Malware That Spits Cash Out of ATMs Has Spread Across the World (VICE, Oct 15 2019)
A joint investigation between Motherboard and the German broadcaster Bayerischer Rundfunk (BR) has uncovered new details about a spate of so-called “jackpotting” attacks.
Federal CIOs Zero In on Zero Trust (Dark Reading, Oct 16 2019)
Here’s how federal CIOs can begin utilizing the security concept and avoid predictable obstacles.
Revealed: State-Sponsored Campaign that Helped China Build an Aircraft (Infosecurity Magazine, Oct 16 2019)
The Chinese government orchestrated a sophisticated multi-year cyber-espionage campaign to gain parity with western aerospace firms and help it build the C919 commercial airliner, a new report has alleged.
Yahoo Breach Victims May Qualify for $358 Payout (Dark Reading, Oct 17 2019)
Pending approval of the settlement, affected account holders may be eligible for a payout or two years of free credit monitoring.
Companies are shifting spending to support their critical IT initiatives (Help Net Security, Oct 17 2019)
Survey respondents are IT executives working in large enterprises with 2,000 or more employees, headquartered in North America and Europe, encompassing industries such as financial services, retail, e-commerce and industrial products. More than half are C-level executives.
1 in 5 SMBs have fallen victim to a ransomware attack (Help Net Security, Oct 17 2019)
Ransomware remains the most common cyber threat to SMBs, according to a Datto survey of more than 1,400 MSP decision makers that manage the IT systems for small-to-medium-sized businesses.
Much-attacked Baltimore uses ‘mind-bogglingly’ bad data storage (Naked Security – Sophos, Oct 18 2019)
IT workers have been storing files on their computers’ hard drives. One councilman’s alleged response: “That can’t be right? That’s real?”
Evolve security automation like the human brain: Part 1 (SC Magazine, Oct 16 2019)
As our businesses become more digital, there are certain patterns we can borrow from our own evolution to better model and improve our approach to security and efficiency. There’s only so much that the security professionals can do on their own as businesses grow more complex. To maintain a strong security posture, you need to strike the right balance between automated security processes and human ingenuity.
Evolve security automation like the human brain: Part 2 (SC Magazine, Oct 17 2019)
This time, I’ll be looking at the role each of these parts play when it comes to creating an effective, highly efficient, highly secure, and well-automated ecosystem.