A Review of the Best News of the Week on Cybersecurity Management & Strategy
2019 Data Breach Investigations Report (Verizon Enterprise, May 19 2020)
Read the new 2019 Data Breach Investigations Report from Verizon. Get hands-on access to industry-leading data, information and processes via DBIR Interactive.
Industry Reactions to Verizon 2020 DBIR: Feedback Friday (SecurityWeek, May 22 2020)
Industry professionals have commented on various findings in the latest DBIR.
Officials: Israel linked to a disruptive cyberattack on Iranian port facility (Washington Post, May 19 2020)
The attack in early May is believed to have been retaliation for an earlier hacking attempt targeting Israeli water supplies.
Filter Out the Noise
Since I started this curated newsletter in June 2017, I’ve clipped ~14,000 articles and narrowed them down into the best 20 per day & best 15 per week. This is my favorite way to cut through all the security marketing and hype. If you’re enjoying it, tell a friend. If you hate it, tell an enemy.
Thanks! – Lucas Samaras
Web Application Attacks Double from 2019: Verizon DBIR (Dark Reading, May 19 2020)
Verizon’s annual data breach report shows most attackers are external, money remains their top motivator, and web applications and unsecured cloud storage are hot targets.
Six need-to-know takeaways from the Verizon breach report (SC Media, May 19 2020)
Phishing attacks and stolen credentials have become attackers’ most popular avenues of network compromise, and employee errors are helping pave the way according to Verizon’s newly released 2020 Data Breach Investigations Report (DBIR). Verizon researchers analyzed 157,525 known “incidents” (defined as a security event that results in the compromise of an information asset) and 3,950…
Shifting responsibility is causing uncertainty and more security breaches (Help Net Security, May 17 2020)
Data security is creating fear and trust issues for IT professionals, according to a new Oracle and KPMG report. The study of 750 cybersecurity and IT professionals across the globe found that a patchwork approach to data security, misconfigured services and confusion around new cloud security models has created a crisis of confidence that will only be fixed by organizations making security part of the culture of their business.
Supercomputers hacked across Europe to mine cryptocurrency (ZDNet, May 18 2020)
Confirmed infections have been reported in the UK, Germany, and Switzerland. Another suspected infection was reported in Spain.
Michigan Launches Cybercrime Hotline (Infosecurity Magazine, May 20 2020)
A hotline for victims of cybercrime has been established in Michigan
Police Catch Suspects Planning #COVID19 Hospital Ransomware (Infosecurity Magazine, May 18 2020)
Four arrested in Romania and Moldova
Norway’s Wealth Fund Loses $10m in Data Breach (Infosecurity Magazine, May 15 2020)
Data breach at world’s largest sovereign wealth fund enables fraudsters to steal $10m
Private Equity Firm Stalls $1.9B Forescout Acquisition (Dark Reading, May 18 2020)
Officials say “there can be no assurance” Forescout and Advent International will reach an agreement, though talks are ongoing.
CISOs are critical to thriving companies: Here’s how to support their efforts (Help Net Security, May 19 2020)
Even before COVID-19 initiated an onslaught of additional cybersecurity risks, many chief information security officers (CISOs) were struggling. According to a 2019 survey of cybersecurity professionals, these critical data defenders were burned out. At the time, 64% were considering quitting their jobs, and nearly as many, 63%, were looking to leave the industry altogether.
CEOs and CISOs disagree on cyber strategies (Help Net Security, May 20 2020)
There are growing disparities in how CEOs and CISOs view the most effective cybersecurity path forward, according to Forcepoint. The global survey of 200 CEOs and CISOs from across industries including healthcare, finance and retail, among others, uncovered prominent cybersecurity stressors and areas of disconnect for business and security leaders, including the lack of an ongoing cybersecurity strategy for less than half of all CEO respondents.
Seven Ways to Improve Efficiency in Your Security Metrics Program (SecurityWeek, May 20 2020)
There Are Often Too Many Disjointed Systems Involved in Producing Particular Metrics
Ukraine Nabs Suspect in 773M Password ‘Megabreach’ (Krebs on Security, May 19 2020)
“In January 2019, dozens of media outlets raised the alarm about a new “megabreach” involving the release of some 773 million stolen usernames and passwords that was breathlessly labeled “the largest collection of stolen data in history.” A subsequent review by KrebsOnSecurity quickly determined the data was years old and merely a compilation of credentials pilfered from mostly public data breaches.”
Cybersecurity makes World Economic Forum’s top 10 Covid-19 global fallout list (SC Media, May 21 2020)
The World Economic Forum mainly concerns itself with high-level macroeconomic issues such as global recessions and world economic development. That’s why it was significant this week when the WEF cited cybersecurity as one of its “Top 10 Fallout” issues from COVID-19 in its Global Risks report.