A Review of the Best News of the Week on Cybersecurity Management & Strategy

Cybersecurity expert Alex Stamos on what scares him most about the upcoming U.S. presidential election (TechCrunch, Nov 14 2019)
In fact, in nearly every conceivable way, “responsibilities that were once clearly public sector responsibilities are now private sector responsibilities,” he told Frenkel during a later part of their discussion. He would know, having seen it first-hand.

“When I was the chief security officer at Facebook,” he told the audience, “I had a child safety team. We probably put more bad guys away than almost any law enforcement agency outside of the FBI or [Homeland Security Investigations unit] in the child safety realm. Like, there’s no local police department in the United States that put away more child predators than the Facebook child safety team. That is a crazy stat.

We Need a Global Standard for Reporting Cyber Attacks (Harvard Business Review, Nov 11 2019)
Regulators should be collecting a standardized data set, so we can measure the threat.

Breach affecting 1 million was caught only after hacker maxed out target’s storage (Ars Technica, Nov 13 2019)
Hacker’s data archive file grew so big that the target’s hard drive ran out of space.

Filter Out the Noise
Since I started this curated newsletter in June 2017, I’ve clipped ~12,000 articles and narrowed them down into the best 20 per day & best 15 per week. This is my favorite way to cut through all the security marketing and hype. If you’re enjoying it, tell a friend. If you hate it, tell an enemy.
Thanks! – Lucas Samaras

Share today’s post on Twitter Facebook LinkedIn

Chronicle Is Dead and Google Killed It’ (Vice, Nov 09 2019)
Chronicle, Google’s moonshot cybersecurity startup that was supposed to completely change the industry, is imploding.

What Keeps NSA Cybersecurity Boss Anne Neuberger Up at Night (Wired, Nov 08 2019)
At WIRED25, the NSA’s Anne Neuberger talked election security, low-orbit satellites, and weaponized autonomous drones.

Security Predictions Reports | FireEye (FireEye, Nov 12 2019)
Our annual Security Predictions report offers unique insights into what we can expect from attackers, victim organizations, security vendors and nation-states in the coming year.

Intel Failed to Fix a Hackable Chip Flaw Despite a Year of Warnings (Wired, Nov 13 2019)
Speculative execution attacks still haunt Intel, long after researchers told the company what to fix.

How a turf war and a botched contract landed 2 pentesters in Iowa jail (Ars Technica, Nov 13 2019)
Despite no evidence of criminal intent, Coalfire employees face charges of criminal trespass.

5,183 breaches from the first nine months of 2019 exposed 7.9 billion records (Help Net Security, Nov 14 2019)
According to Risk Based Security’s Q3 2019 Data Breach QuickView Report, the total number of breaches was up 33.3% compared to Q3 2018, with 5,183 breaches reported in the first nine months of 2019. Number of breaches by attack vector, reported by 9/30/19 Breach activity in 2019 Breach activity in 2019 is living up to being “the worst year on record”.

Technology and Policymakers (Schneier on Security, Nov 14 2019)
Technologists and policymakers largely inhabit two separate worlds. It’s an old problem, one that the British scientist CP Snow identified in a 1959 essay entitled The Two Cultures. He called them sciences and humanities, and pointed to the split as a major hindrance to solving the world’s problems. The essay was influential — but 60 years later, nothing has changed.

Why Cyber-Risk Is a C-Suite Issue (Dark Reading, Nov 12 2019)
One noteworthy finding of the NTT research is the amazing number of companies that are willing to pay ransom. One-third said they’d prefer to hand over ransom to a criminal than invest in cybersecurity. It’s “cheaper,” they said.

UK Labour Party Hit By “Sophisticated” and “Large-Scale” Cyber-Attack (Infosecurity Magazine, Nov 12 2019)
DDoS attack failed due to “robust security systems”

Hosting Provider SmarterASP.NET Recovering From Ransomware Attack (SecurityWeek, Nov 12 2019)
ASP.NET hosting provider SmarterASP.NET is currently working on recovering customer data after being hit by a ransomware attack over the weekend.

Mexican Petrol Giant Pemex Hit by Ransomware (Infosecurity Magazine, Nov 13 2019)
Reports suggest billing systems have been taken offline

Ransom payments averaging $41,000 per incident (SC Magazine, Nov 12 2019)
The average ransom payment paid out by victims increased 13 percent, to $41,000, during the last three months, but researchers noted the rate of increase has plateaued. Researchers at Coveware credited the victims with being better prepared to restore their data on their own negating the need to pay the ransom.

When is the right time to red team? (Help Net Security, Nov 11 2019)
Using the same partner for red teaming, penetration testing, and other essential activity can also make it easier to assemble various jigsaw pieces of intelligence into a single coherent picture.

New MITRE Foundation Aims to Boost Critical Infrastructure (SecurityWeek, Nov 14 2019)
American not-for-profit organization MITRE Corporation has announced the launch of a tech foundation focused on strengthening critical infrastructure through partnerships with the private sector.

Russia Fails to Stop Alleged Hacker From Facing US Charges (Wired, Nov 13 2019)
The repercussions over custody and extradition of Aleksei Burkov have set off a geopolitical maelstrom.

InfoTrax Settles With FTC Over Data Breach (SecurityWeek, Nov 15 2019)
Backend operation services provider InfoTrax Systems has reached a settlement with the U.S. Federal Trade Commission (FTC) over a data breach discovered in 2016, the agency announced this week.

The Evidence That Links Russia’s Most Brazen Hacking Efforts (Wired, Nov 15 2019)
From the 2017 French election to the Olympics to NotPetya, the same group’s fingerprints have appeared again and again.