A Review of the Best News of the Week on Cybersecurity Management & Strategy

Web Hosting Firm Slapped With $10 Million GDPR Fine (SecurityWeek, Dec 16 2019)
The investigation commenced following a complaint from a customer whose personal mobile phone number was given by 1&1’s customer helpline to a former life partner in 2018. Since the former partner already knew a lot of details, the helpline provided the phone number after being given the complainant’s name and date of birth. According to BfDI, this was insufficient ‘access control’ for access to personal data.

New Orleans Scrambles to Respond to Ransomware Attack (Infosecurity Magazine, Dec 16 2019)
Louisiana city the latest in long line to suffer this year

Ransomware Gangs Now Outing Victim Businesses That Don’t Pay Up (Krebs on Security, Dec 16 2019)
“As if the scourge of ransomware wasn’t bad enough already: Several prominent purveyors of ransomware have signaled they plan to start publishing data stolen from victims who refuse to pay up. To make matters worse, one ransomware gang has now created a public Web site identifying recent victim companies that have chosen to rebuild their operations instead of acquiescing to their tormentors.”

Filter Out the Noise
Since I started this curated newsletter in June 2017, I’ve clipped ~12,000 articles and narrowed them down into the best 20 per day & best 15 per week. This is my favorite way to cut through all the security marketing and hype. If you’re enjoying it, tell a friend. If you hate it, tell an enemy.
Thanks! – Lucas Samaras

Share today’s post on Twitter Facebook LinkedIn

Large Hospital System Hit by Ransomware Attack (SecurityWeek, Dec 14 2019)
New Jersey’s largest hospital system said Friday that a ransomware attack last week disrupted its computer network and that it paid a ransom to stop it.

Report on 537 Anti-Drone Systems Shows How Wild the Market Has Become (VICE, Dec 13 2019)
From jamming rifles to ground installations that fire nets, a new report lays out the expansive Wild West of anti-drone tech.

Financial Services Breaches Less Common, More Damaging, Than Those in Other Sectors (Dark Reading, Dec 16 2019)
While far less common than breaches in other industry sectors, financial services breaches were more than twice as expensive, per record exposed, than the average for tech businesses.

Ransomware ‘Crisis’ in US Schools: More Than 1,000 Hit So Far in 2019 (Dark Reading, Dec 16 2019)
Meanwhile, the mayor of the city of New Orleans says no ransom money demands were made as her city struggles to recover from a major ransomware attack launched last week.

Why Enterprises Buy Cybersecurity ‘Ferraris’ (Dark Reading, Dec 16 2019)
You wouldn’t purchase an expensive sports car if you couldn’t use it properly. So, why make a pricey security investment before knowing it fits into your ecosystem?

How Breach & Attack Simulation Can Improve Your Security Strategy (eWEEK, Dec 16 2019)
Join Sean Michael Kerner and Gus Evangelakos of XM Cyber, as they discuss how businesses can use breach and attack simulation to improve security, help meet compliance requirements, and secure cloud and hybrid environments.

The privacy and security trends that will shape 2020 (Help Net Security, Dec 16 2019)
The rollout of 5G will further accelerate the proliferation of IoT technology as manufacturers rush to produce low-cost devices with integrated connectivity. All Mobile Network Operators (MNOs) are keen to adopt 5G, with IoT and Enterprise services being primary drivers, providing operators with access to new revenue opportunities from new services and applications.

Most security pros admit to accidental internal breaches at their organization (Help Net Security, Dec 16 2019)
44% percent of executives believe employees have erroneously exposed personally identifiable information (PII) or business-sensitive information using their company email account.

Russian hacker who allegedly exploited accounting software to steal $1.5 million to plead guilty (CyberScoop, Dec 17 2019)
Anton Bogdanov, known online as “Kusok,” has been charged with computer intrusion, aggravated identity theft and related charges.

How to Manage API Security (Dark Reading, Dec 17 2019)
Protecting the places where application services meet is critical for protecting enterprise IT. Here’s what security pros need to know about “the invisible glue” that keeps apps talking to each other.

Senate passes $1.4 trillion spending bill, includes $25 million for election security (SC Magazine, Dec 17 2019)
The Senate today passed the sweeping $1.4 trillion National Defense Authorization Act (NDAA) for Fiscal Year 2020, which includes a number of security measures and appropriates $425 million in funding for election security, though it stopped short of requiring post-election audits for states not using paper ballots and safeguards against foreign interference in U.S. elections.

Why the U.S. government needs you to hack it (Fast Company, Dec 19 2019)
White hat hackers are crucial to security because they can expose vulnerabilities before scammers can exploit them.

Your First Month as a CISO: Forming an Information Security Program (Dark Reading, Dec 18 2019)
It’s easy to get overwhelmed in your new position, but these tips and resources will help you get started.

Cybersecurity a Growing Concern for America’s Corporate Lawyers (Infosecurity Magazine, Dec 19 2019)
Corporate counsel increasingly worried about risk of cybersecurity disputes