A Review of the Best News of the Week on Cybersecurity Management & Strategy

Scaring People into Supporting Backdoors (Schneier on Security, Dec 12 2019)
“We are saying three things. One, that strong encryption is necessary for personal and national security. Two, that weakening encryption does more harm than good. And three, law enforcement has other avenues for criminal investigation than eavesdropping on communications and stored devices…”

The Defense Department Says It Needs the Encryption the FBI Wants to Break (VICE, Dec 12 2019)
A bipartisan coalition of lawmakers this week worked overtime to vilify encryption, oblivious to the fact that weakening encryption standards will put the public, and the internet, at risk.

Facebook refuses to break end-to-end encryption (Naked Security – Sophos, Dec 12 2019)
Congress on Tuesday told Facebook it must put backdoors into its end-to-end encryption, or it’ll be forced to.

Filter Out the Noise
Since I started this curated newsletter in June 2017, I’ve clipped ~12,000 articles and narrowed them down into the best 20 per day & best 15 per week. This is my favorite way to cut through all the security marketing and hype. If you’re enjoying it, tell a friend. If you hate it, tell an enemy.
Thanks! – Lucas Samaras

Share today’s post on Twitter Facebook LinkedIn

McAfee Considering a Combination With NortonLifeLock (WSJ, Dec 10 2019)
NortonLifeLock, the $16 billion consumer-software company, has attracted deal interest from a handful of companies including rival McAfee, people familiar with the matter said.

Maersk CISO Says NotPeyta Devastated Several Unnamed US firms (Dark Reading, Dec 09 2019)
At least two companies may have been dealt even more damage than the shipping giant, which lost nearly its entire global IT infrastructure.

Maze ransomware was behind Pensacola “cyber event,” Florida officials say (Ars Technica, Dec 11 2019)
An email sent by the Florida Department of Law Enforcement to all Florida county commissioners indicated that the ransomware that struck the city of Pensacola on December 7 was the same malware used in an attack against the private security firm Allied Universal, according to a report by the Pensacola News Journal. That malware has been identified elsewhere as Maze, a form of ransomware that has also been distributed via spam email campaigns in Italy.

The Great $50M African IP Address Heist (Krebs on Security, Dec 11 2019)
“A top executive at the nonprofit entity responsible for doling out chunks of Internet addresses to businesses and other organizations in Africa has resigned his post following accusations that he secretly operated several companies which sold tens of millions of dollars worth of the increasingly scarce resource to online marketers. The allegations stemmed from a three-year investigation by a U.S.-based researcher whose findings shed light on a murky area of Internet governance that is all too often exploited by spammers and scammers alike.”

EFF on the Mechanics of Corporate Surveillance (Schneier on Security, Dec 13 2019)
“EFF has published a comprehensible and very readable “deep dive” into the technologies of corporate surveillance, both on the Internet and off. Well worth reading and sharing.”

Andy Ellis on Risk Assessment (Schneier on Security, Dec 06 2019)
“Andy Ellis, the CSO of Akamai, gave a great talk about the psychology of risk at the Business of Software conference this year.”

Registration Opens for Girls’ Free Cybersecurity Training (Infosecurity Magazine, Dec 12 2019)
American girls are being offered the chance to train in cybersecurity for free

Reddit: US-UK NHS ‘Sale’ Docs Leaked by Russia (Infosecurity Magazine, Dec 09 2019)
Social site says operation is linked to previous influence campaigns

Cybersecurity Trends 2020: Technology is getting smarter – are we? (WeLiveSecurity, Dec 10 2019)
With 2019 ending, ESET experts offer their insights into how new innovations will impact our privacy, security and lives in the not so distant future

Reforming CDA 230 (Schneier on Security, Dec 10 2019)
“There’s a serious debate on reforming Section 230 of the Communications Decency Act. I am in the process of figuring out what I believe, and this is more a place to put resources and listen to people’s comments. The EFF has written extensively on why it is so important and dismantling it will be catastrophic for the Internet. Danielle Citron disagrees.”

How enterprise risk management programs operate in organizations today (Help Net Security, Dec 11 2019)
1 in 3 CEOs see Strategic Risk as the “Biggest Potential Risk Concern.” Among Strategic Risks, risk arising from key business partners is most frequently ranked first.
1 in 3 CEOs are most concerned about Operational Risk. In this category, cybersecurity is the top concern due to the increase in cyber threats.

How to test employee cyber competence through pen-testing (Help Net Security, Dec 11 2019)
Social engineering hacking preys on the vulnerabilities inherent in human psychology, so it’s vital for organizations to test employee cyber competence.

Big Changes Are Coming to Security Analytics & Operations (Dark Reading, Dec 11 2019)
New ESG research points to fundamental problems, a need for scalable security data pipelines, and a migration to the public cloud.

Lawsuit seeks to force Pennsylvania to scrap these electronic voting machines over hacking fears (Washington Post, Dec 13 2019)
Election security advocacy groups are suing the state of Pennsylvania today to stop some counties from using controversial voting machines they say are vulnerable to hacking by Russia and other adversaries in 2020.

Waco water bill attack just the latest in a wave of Click2Gov breaches (Graham Cluley, Dec 12 2019)
The City of Waco has warned residents that their online payments for water services may have been intercepted by hackers who stole credit card details.