A Review of the Best News of the Week on Cybersecurity Management & Strategy
COVID-19 crisis shifts cybersecurity priorities and budgets (McKinsey & Company, Jul 23 2020)
Cybersecurity technology and service providers are shifting priorities to support current needs: business continuity, remote work, and planning for transition to the next normal.
U.S. Accuses Pair of Trying to Steal Virus Vaccine Data for China (The New York Times, Jul 21 2020)
Two suspects in China targeted companies working on vaccines as part of a broader cybertheft campaign to enrich themselves and aid the Chinese government, officials said.
Women in Cybersecurity Paid 21% Less Than Men (Infosecurity Magazine, Jul 22 2020)
Although female workforce is growing, inequities remain
Filter Out the Noise
Since I started this curated newsletter in June 2017, I’ve clipped ~15,000 articles and narrowed them down into the best 20 per day & best 15 per week. This is my favorite way to cut through all the security marketing and hype. If you’re enjoying it, tell a friend. If you hate it, tell an enemy.
Thanks! – Lucas Samaras
Cloud Company Blackbaud Pays Ransomware Operators to Avoid Data Leak (SecurityWeek, Jul 20 2020)
Cloud software provider Blackbaud has admitted that it paid cybercriminals to regain control of data following a ransomware attack in May 2020.
Experts Predict Record 20,000 CVEs for 2020 (Infosecurity Magazine, Jul 21 2020)
Skybox Security claims mobile OS bugs have surged 50%
Emerging risk trends: Top risks to identify and address (Help Net Security, Jul 21 2020)
Senior executives reported concerns around renewed outbreaks of the COVID-19 pandemic as their top emerging risk in the second quarter of 2020, according to Gartner. Gartner surveyed 131 senior executives across industries and geographies on the top concerns facing their businesses with results showing that the second wave of COVID-19 topped executives’ concerns, even as many regions are struggling with the first wave of the virus.
Cybersecurity tactics for the coronavirus pandemic (McKinsey & Company, Jul 23 2020)
It’s now harder for companies to maintain security and business continuity. But new cybersecurity tactics can help leaders to safeguard their organizations.
Court Rules German Police Receive Too Much Data (Infosecurity Magazine, Jul 17 2020)
German law deemed insufficient at protecting citizens’ right to privacy
Microsoft to Retire TLS 1.0/1.1 in Office 365 Starting October 15 (SecurityWeek, Jul 21 2020)
Microsoft last week revealed plans to move forward with the retirement of the Transport Layer Security (TLS) 1.0 and 1.1 protocols in Office 365, starting October 15, 2020.
Microsoft 365 Updated with New Security, Risk, Compliance Tools (Dark Reading, Jul 21 2020)
Updates built for remote employees include an endpoint data loss prevention platform, insider risk management, and double key encryption.
World’s Most Wanted Man’ Involved in Bizarre Attempt to Buy Hacking Tools (VICE, Jul 21 2020)
Leaked emails and an allegedly fraudulent letter mention Jan Marsalek in a bizarre attempt to purchase hacking tools.
Argentine telecom company hit by major ransomware attack (WeLiveSecurity, Jul 21 2020)
Telecom Argentina says it has contained the attack and regained access to its systems without paying up
Thieves Are Emptying ATMs Using a New Form of Jackpotting (Wired, Jul 22 2020)
The new hardware-based attack, which has targeted machines across Europe, can yield a stream of cash for the attacker.
VC Investment in Cybersecurity Dips & Shifts with COVID-19 (Dark Reading, Jul 22 2020)
While the pandemic has infected funding for cybersecurity startups, it also has emboldened some startups with innovative tools that secure the wave of at-home work.
CISOs: Cyber Insurance Fails to Cover Modern Threats and Remote Workforces (Infosecurity Magazine, Jul 23 2020)
Security leaders dissatisfied with current cyber insurance offerings
US Offers $2mn Bounty for Ukrainian SEC Hackers (SecurityWeek, Jul 22 2020)
The US State Department and Secret Service offered $2 million in reward money Wednesday for help capturing two Ukrainians charged with hacking and selling valuable insider corporate information from the Securities and Exchange Commission.
NY Charges First American Financial for Massive Data Leak (Krebs on Security, Jul 23 2020)
“In May 2019, KrebsOnSecurity broke the news that the website of mortgage title insurance giant First American Financial Corp. had exposed approximately 885 million records related to mortgage deals going back to 2003. On Wednesday, regulators in New York announced that First American was the target of their first ever cybersecurity enforcement action in connection with the incident, charges that could bring steep financial penalties.”
Garmin Outage Could Ground Aircraft (Infosecurity Magazine, Jul 24 2020)
Suspected ransomware attack puts connected pilot systems out of action
Florida Tax Office Blames Data Breach on Virus (Infosecurity Magazine, Jul 23 2020)
Tax Collector’s Office says virus may have caused data breach affecting 450k Polk County residents
Update on NIST’s Post-Quantum Cryptography Program (Schneier on Security, Jul 24 2020)
“NIST has posted an update on their post-quantum cryptography program: After spending more than three years examining new approaches to encryption and data protection that could defeat an assault from a quantum computer, the National Institute of Standards and Technology (NIST) has winnowed the 69 submissions it initially received down to a final group of 15. NIST has now begun…”