A Review of the Best News of the Week on Cybersecurity Management & Strategy

Hackers Were Inside Citrix for Five Months (Krebs on Security, Feb 19 2020)
“Networking software giant Citrix Systems says malicious hackers were inside its networks for five months between 2018 and 2019, making off with personal and financial data on company employees, contractors, interns, job candidates and their dependents. The disclosure comes almost a year after Citrix acknowledged that digital intruders had broken in by probing its employee accounts for weak passwords.”

US natural gas operator shuts down for 2 days after being infected by ransomware (Ars Technica, Feb 18 2020)
Infection spread to site’s OT network that monitors and controls physical processes.

The US Blames Russia’s GRU for Sweeping Cyberattacks in Georgia (Wired, Feb 20 2020)
By calling out Russia for digital assaults on its neighboring country, the US hopes to head off similar efforts at home.

Filter Out the Noise
Since I started this curated newsletter in June 2017, I’ve clipped ~13,000 articles and narrowed them down into the best 20 per day & best 15 per week. This is my favorite way to cut through all the security marketing and hype. If you’re enjoying it, tell a friend. If you hate it, tell an enemy.
Thanks! – Lucas Samaras

Share today’s post on Twitter Facebook LinkedIn

Dell Nears Deal to Sell RSA Security Business to Private-Equity Firm STG (WSJ, Feb 19 2020)
Dell Technologies is nearing a deal to sell its RSA cybersecurity business to a private-equity firm for more than $2 billion, according to people familiar with the matter.

Are CISOs ready for zero trust architectures? (Help Net Security, Feb 20 2020)
“Every request to access a resource starts from a position of zero trust. Access decisions are then made and enforced based on a set of trust metrics selected by the organization. These trust metrics could relate to the user, their access device, the resource to be accessed, or a combination thereof.”

MGM Resorts data breach exposes details of 10.6 million guests (WeLiveSecurity, Feb 20 2020)
A number of celebrities, government officials and tech CEOs were also caught up in the incident.

U.S. agency that handles Trump’s secure communication suffered data breach (Reuters, Feb 21 2020)
The DISA letters gave few further details. For example, they did not say what part of DISA’s network had been breached, nor identify which individuals may have had their data compromised.

Novel Coronavirus Update (RSA Conference, Feb 21 2020)
AT&T Cybersecurity (and 10+others) made the decision to no longer participate in RSA Conference 2020

Policy vs Technology (Schneier on Security, Feb 21 2020)
“Sometime around 1993 or 1994, during the first Crypto Wars, I was part of a group of cryptography experts that went to Washington to advocate for strong encryption. Matt Blaze and Ron Rivest were with me; I don’t remember who else. We met with then Massachusetts Representative Ed Markey. (He didn’t become a senator until 2013.) Back then, he and Vermont Senator Patrick Leahy were the most knowledgeable on this issue and our biggest supporters against government backdoors. They still are.”

The 2020 Census could be the next big hacking and disinformation target (Washington Post, Feb 13 2020)
The hacking danger could be compounded by social media misinformation spread by U.S. adversaries or pranksters falsely claiming that census data is corrupted or the count is rigged, according to the Government Accountability Office report released during a House Oversight Committee hearing

Take your SOC to the next level of effectiveness (Help Net Security, Feb 17 2020)
Enterprise security infrastructures average 80 security products, creating security sprawl and a big management challenge for SOC teams. With high volumes of data generated from security controls across the infrastructure, SOC teams often rely on Security Information and Event Management (SIEM) solutions to aggregate data and deliver insight into events and alerts. Similarly, Security Orchestration, Automation and Response (SOAR) platforms can take the results and automate them into action.

A third of all vulnerabilities in 2019 had a CVSS v2 score of 7.0 and above (Help Net Security, Feb 19 2020)
Risk Based Security’s VulnDB team aggregated 22,316 newly-disclosed vulnerabilities during 2019, finding that 37.26% had available exploit code or a Proof of Concept and that 33.43% of all vulnerabilities in 2019 had a CVSS v2 score of 7.0 and above.

Facebook asks to be regulated kinda like a newspaper, kinda like telco (Naked Security – Sophos, Feb 19 2020)
Zuckerberg is in Brussels right in time for the European Commission’s release of its manifesto on regulating AI.

12 hottest new cybersecurity startups at RSA 2020 (CSO Online, Feb 18 2020)
Cybersecurity startup companies use the RSA Conference to make their public debut and showcase their products. These are some of the more interesting startups coming out of stealth.

ForgePoint Capital Announces $450 Million Cybersecurity Investment Fund (SecurityWeek, Feb 19 2020)
Cybersecurity focused venture investor ForgePoint Capital has closed its second fund (Fund II) with $450 million in capital commitments, the firm said Wednesday. 

Number of records exposed in healthcare breaches doubled from 2018 to 2019 (Help Net Security, Feb 20 2020)
In 2019, healthcare data breaches collectively affected over 27 million individuals, according to Bitglass.

How to Get CISOs & Boards on the Same Page (Dark Reading, Feb 21 2020)
One of the most interesting findings across the two surveys is how CISOs and boards view CISO data breach experience. Experiencing a breach was once a “scarlet letter” for CISOs — sometimes costing them their jobs and definitely not something to feature on a resume.

Ransomware Damage Hit $11.5B in 2019 (Dark Reading, Feb 20 2020)
A new report shows the scale of ransomware’s harm and the growth of that damage year-over-year — an average of $141,000 per incident.

New Jersey Hospital Network Faces Lawsuit Over Ransomware Attack (Infoscecurity Magazine, Feb 21 2020)
Class-action lawsuit proposed against Hackensack Meridian over ransomware attack

SIEM Still Creates Complexity and Administration Challenges (Infoscecurity Magazine, Feb 20 2020)
SIEM is valued most as a “security control” but creates administration challenges