A Review of the Best News of the Week on Cybersecurity Management & Strategy

The battle against ransomware: Lessons from the front lines (Help Net Security, Apr 28 2020)
“Ransomware is arguably the most significant cybercrime innovation in recent history. The ransomware business model is so effective that it is now the most common and devastating threat to organizations of all sizes. As a provider of cyber insurance, we have the misfortune of responding to ransomware attacks across tens of thousands of organizations, and the trends are worrying.”

The Covid-19 Pandemic Reveals Ransomware’s Long Game (Wired, Apr 28 2020)
Hackers laid the groundwork months ago for attacks. Now they’re flipping the switch.

Third-party compliance risk could become a bigger problem (Help Net Security, Apr 27 2020)
Since the onset of COVID-19, more than half of legal and compliance leaders believe that cybersecurity and data breach is the most-increased third-party risk their organizations face, according to Gartner.


Filter Out the Noise
Since I started this curated newsletter in June 2017, I’ve clipped ~14,000 articles and narrowed them down into the best 20 per day & best 15 per week. This is my favorite way to cut through all the security marketing and hype. If you’re enjoying it, tell a friend. If you hate it, tell an enemy.
Thanks! – Lucas Samaras

Share today’s post on Twitter Facebook LinkedIn


Most IT leaders believe remote workers are a security risk (Help Net Security, Apr 27 2020)
57 percent of UK IT decision makers still believe that remote workers are a security risk, and that they will expose their organization to the threat of a data breach, according to a survey by Apricorn. This figure has inclined steadily from 44 percent in 2018 and 50 percent in 2019.

Cybersecurity snubbed in stimulus package (SC Media, Apr 24 2020)
Aid for states is not the only thing that didn’t make it into the $480 billion stimulus package President Trump signed today – funding for cybersecurity also was notably missing, something that security experts, policymakers and security experts hope Congress will rectify in future stimulus bills…

China Mandates Cybersecurity Reviews for Tech Product Acquisitions (SecurityWeek, Apr 28 2020)
New rules that will take effect on June 1 require critical information infrastructure operators in China to conduct cybersecurity reviews when acquiring network products and services.

Average Ransomware Payments Soared in the First Quarter (Dark Reading, Apr 29 2020)
Criminals extorting large amounts of money from big enterprises pulled up the overall average significantly compared with the fourth quarter of 2019, Coveware says.

How Many CISOs Got Caught by the COVID-19 Pandemic (eWEEK, Apr 27 2020)
Being able to support a remote workforce, essentially overnight, under the guise of protecting lives, brings a whole new pressure to the role of CISO.

FCC Only Partially Improved Its Cybersecurity Posture, GAO Says (SecurityWeek, Apr 27 2020)
The Federal Communications Commission (FCC) has yet to fully address cyber-security risks in its systems, a newly published report from the United States Government Accountability Office (GAO) reveals.

What’s Your Cybersecurity Architecture Integration Business Plan? (Dark Reading, Apr 28 2020)
To get the most out of your enterprise cybersecurity products, they need to work together. But getting those products talking to each other isn’t easy.

Biopharmaceutical Firm Suffers Ransomware Attack, Data Dump (Dark Reading, Apr 27 2020)
ExecuPharm said its internal servers were hit with ransomware after attackers launched a phishing attack.

Cyberattack strikes down Colorado’s Parkview Medical Center (SC Media, Apr 27 2020)
One week after suffering an as yet unnamed type of cyberattack, Parkview Medical Center’s network is still inoperative. The Pueblo, Colo. medical facility has given no details on the attack other than a post on its homepage saying its network is out.

Shade Ransomware Authors Release Decryption Keys (SecurityWeek, Apr 27 2020)
The developers behind the Shade ransomware on Monday announced that they ceased operations and publicly released decryption keys to let their victims recover files for free.

Is the future of information security and tech conferences virtual? (Help Net Security, Apr 29 2020)
The COVID-19 pandemic has brought about many changes to our personal and work lives. Among the latter are the forced work from home shift and the inability to travel far and attend in-person meetings, industry-specific workshops, events and conventions…

Cybersecurity pros share insights into their current work situations (Help Net Security, Apr 29 2020)
“The goal of the survey was to take the pulse of the cybersecurity community as many of their organizations began to shift their employee bases and operations to remote work setups in March and April”

ExecuPharm employee info compromised following reported ransomware attack (SC Media, Apr 28 2020)
ExecuPharm, a provider of pharmaceutical clinical research support services, has suffered a data security incident that has reportedly been identified as a CLOP ransomware attack, coupled with a corresponding data leak.

Things Keeping CISOs Up at Night During the COVID-19 Pandemic (Dark Reading, Apr 30 2020)
Insights from discussions with more than 20 CISOs, CEOs, CTOs, and security leaders.

Rethinking cyber risk (SC Media, May 01 2020)
Everyone agrees that risk is essential. They just have different versions of what risk is, Evan Schuman reports. It’s time to rethink risk – both how to operationalize it and how to define it.

CISOs score big on employee risk (SC Media, May 01 2020)
The analytic capabilities are there to pinpoint problem employees. But what to do with them? Bradley Barth reports. Equifax has a vested interest in reducing risk.