A Review of the Best News of the Week on Cybersecurity Management & Strategy

What are the traits of an effective CISO? (Help Net Security, Sep 21 2020)
Only 12% of CISOs excel in all four categories of the Gartner CISO Effectiveness Index. “Today’s CISOs must demonstrate a higher level of effectiveness than ever before,” said Sam Olyaei, research director at Gartner.

FBI, DHS Warn of ‘Likely’ Disinformation Campaigns About Election Results (Dark Reading, Sep 23 2020)
Nation-state actors and cybercriminals could wage cyberattacks and spread false information about the integrity of the election results while officials certify the final vote counts.

Govt. Services Firm Tyler Technologies Hit in Apparent Ransomware Attack (Krebs on Security, Sep 23 2020)
“Tyler Technologies, a Texas-based company that bills itself as the largest provider of software and technology services to the United States public sector, is battling a network intrusion that has disrupted its operations. The company declined to discuss the exact cause of the disruption, but their response so far is straight out of the playbook for responding to ransomware incidents.”

Filter Out the Noise
Since I started this curated newsletter in June 2017, I’ve clipped ~16,000 articles and narrowed them down into the best 20 per day & best 15 per week. This is my favorite way to cut through all the security marketing and hype. If you’re enjoying it, tell a friend. If you hate it, tell an enemy.
Thanks! – Lucas Samaras

Share today’s post on Twitter Facebook LinkedIn

Dunkin’ Donuts Parent Settles Cyber-attack Lawsuit (Infosecurity Magazine, Sep 21 2020)
Dunkin’ Donuts pays $650K fine and costs to settle lawsuit filed over cyber-attack

80% of businesses expect IT budgets to grow or remain steady in 2021 (Help Net Security, Sep 20 2020)
The global COVID-19 crisis is a catalyst for change, spurring businesses to continue to invest in technology to support and secure a remote workforce, despite slowing corporate revenue growth resulting from the pandemic, a Spiceworks Ziff Davis study reveals.

Nearly 70% of IT & Security Pros Hone Their Cyber Skills Outside of Work (Dark Reading, Sep 22 2020)
New research shows how security skills are lacking across multiple IT disciplines as well – including network engineers, sys admins, and cloud developers.

Dark Overlord’ Cyber Extortionist Pleads Guilty (Dark Reading, Sep 21 2020)
Nathan Wyatt was sentenced to five years in prison after changing a previously not guilty plea.

Just 13% of SMEs Have Cyber Insurance (Infosecurity Magazine, Sep 22 2020)
GlobalData study reveals major gap in coverage

Former NSA Director Keith Alexander Joins Amazon’s Board of Directors (Schneier on Security, Sep 21 2020)
This sounds like a bad idea.

No, Moving Your SSH Port Isn’t Security by Obscurity (Daniel Miessler, Sep 22 2020)
“I just came across another post on Hacker News talking about why you shouldn’t move your SSH port off of 22 because it’s Security by Obscurity.”

Vulnerability Disclosure Programs See Signups & Payouts Surge (Dark Reading, Sep 22 2020)
More than $44.75 million in rewards were paid to hackers over the past year, driving total payouts beyond $100 million.

Big or small, organizations typically remediate 1 of 10 discovered vulnerabilities (SC Media, Sep 22 2020)
It’s sometimes easier said than done to patch all critical vulnerabilities. There is a time and staffing issue, problems with shutting down critical services to perform updates, and concerns about patches disrupting services.

Malware Attacks Declined But Became More Evasive in Q2 (Dark Reading, Sep 24 2020)
Most of the malware used in attacks last quarter were designed to evade signature-based detection tools, WatchGuard says.

Solving the Problem With Security Standards (Dark Reading, Sep 24 2020)
More explicit threat models can make security better and open the door to real and needed innovation.

CrowdStrike Agrees to Acquire Preemptive Security for $96M (Dark Reading, Sep 24 2020)
CrowdStrike plans to use Preemptive Security’s conditional access technology to strengthen its Falcon platform.

India’s Cybercrime and APT Operations on the Rise (Dark Reading, Sep 23 2020)
Growing geopolitical tensions with China in particular are fueling an increase in cyberattacks between the two nations, according to IntSights.

Bug Fixes Take Twice as Long for Manufacturing Firms (Infosecurity Magazine, Sep 24 2020)
Kenna Security shines a light on vulnerability management in 14 sectors