A Review of the Best News of the Week on Cybersecurity Management & Strategy

UN backs Russia on internet convention, alarming rights advocates (Yahoo News, Dec 28 2019)
The United Nations on Friday approved a Russian-led bid that aims to create a new convention on cybercrime, alarming rights groups and Western powers that fear a bid to restrict online freedom. The General Assembly approved the resolution sponsored by Russia and backed by China, which would set up a

Wawa Facing Lawsuits Over Data Breach at All of its Stores (SecurityWeek, Dec 28 2019)
The Wawa convenience store chain is facing a wave of lawsuits over a data breach that affected its 850 locations along the East Coast.

2020 Predictions: Technology (SC Magazine, Dec 30 2019)
MITRE ATT&CK will become the go-to framework and common vocabulary for every SOC. For organizations required to have the most aggressive stances on security, such as financial services and healthcare, ATT&CK is already the go-to framework. In 2020, it will become a basis of conversation for security operations center (SOC) teams in other industries, including retail and manufacturing, as they mature their security postures.

Filter Out the Noise
Since I started this curated newsletter in June 2017, I’ve clipped ~12,000 articles and narrowed them down into the best 20 per day & best 15 per week. This is my favorite way to cut through all the security marketing and hype. If you’re enjoying it, tell a friend. If you hate it, tell an enemy.
Thanks! – Lucas Samaras

Share today’s post on Twitter Facebook LinkedIn

6 CISO New Year’s Resolutions for 2020 (Dark Reading, Dec 30 2019)
We asked chief information security officers how they plan to get their infosec departments in shape next year.

Hacking School Surveillance Systems (Schneier on Security, Dec 30 2019)
“Lance Vick suggesting that students hack their schools’ surveillance systems.

“This is an ethical minefield that I feel students would be well within their rights to challenge, and if needed, undermine,” he said.

Of course, there are a lot more laws in place against this sort of thing than there were in — say — the 1980s, but it’s still worth thinking about.”

Two-Thirds of Security Pros Ready to or Already Volunteer Their Services (Dark Reading, Dec 27 2019)
Majority of survey respondents seek to share their security expertise with causes they care about.

How Should My Security Department Begin Future-Proofing for Quantum Computing? (Dark Reading, Dec 27 2019)
Knowing where your digital certificates are is just the start.

Planning for 2020? Here are 3 cybersecurity trends to look out for (Help Net Security, Dec 30 2019)
From the rise in investor focus on cybersecurity issues to diversifying of cyber insurance, there are three critical security trends cyber professionals should be prepared to address if they want a successful — and secure — 2020.

Ransomware shuts down The Heritage Company (SC Magazine, Dec 27 2019)
The telemarketing firm The Heritage Company has become the latest ransomware victim to shut down, at least temporarily, its operations even after making a ransom payment to its attackers. Company CEO Sandra Franecke broke the news in a letter to her 300 employees that the 61-year-old firm would suspend activities.

White House Expands Use of Cyber Weapons but Stays Secretive on Policies (WSJ, Dec 30 2019)
Lawmakers are demanding more information about the guidelines the military uses to launch offensive operations in cyberspace. The White House has kept the cyber directive largely under wraps.

Mean Time to Hardening: The Next-Gen Security Metric (Threatpost, Dec 31 2019)
Given that the average time to weaponizing a new bug is seven days, you effectively have 72 hours to harden your systems before you will see new exploits.

Cybercrime’s Most Lucrative Careers (Dark Reading, Dec 31 2019)
Crime pays. Really well. Here’s a look at just how much a cybercriminal can earn in a month.

Feds: No Evidence Hackers Disrupted North Carolina Voting (SecurityWeek, Dec 30 2019)
A federal investigation didn’t turn up any evidence that cyber attacks were responsible for computer errors that disrupted voting in a North Carolina county in 2016, according to a report issued Monday.

The Most Dangerous People on the Internet This Decade (Wired, Dec 31 2019)
In the early aughts the internet was less dangerous than it was disruptive. That’s changed. 

Why CMO Should Know About Cybersecurity? (CISO Magazine, Dec 26 2019)
Apart from configuring cybersecurity measures, the Chief Marketing Officer (CMO) needs to be responsible for taking up cybersecurity practices within their organization. Cybersecurity breaches often coincide with the fact that the CMO is not well-prepared or aware of the whole functionality of cybersecurity.