A Review of the Best News of the Week on Cybersecurity Management & Strategy

More on the Security of the 2020 US Election (Schneier on Security, Nov 23 2020)
“Last week I signed on to two joint letters about the security of the 2020 election. The first was as one of 59 election security experts, basically saying that while the election seems to have been both secure and accurate (voter suppression notwithstanding), we still need to work to secure our election systems…”

Financial Impact of Ransomware Attack on Sopra Steria Could Reach €50 Million (SecurityWeek, Nov 27 2020)
European IT services provider Sopra Steria estimates that a recent ransomware attack will have a financial impact ranging between €40 million ($48 million) and €50 million ($60 million).

On That Dusseldorf Hospital Ransomware Attack and the Resultant Death (Schneier on Security, Nov 24 2020)
“Wired has a detailed story about the ransomware attack on a Dusseldorf hospital, the one that resulted in an ambulance being redirected to a more distant hospital and the patient dying. The police wanted to prosecute the ransomware attackers for negligent homicide, but the details were more complicated:

After a detailed investigation involving consultations with medical professionals, an autopsy, and a minute-by-minute breakdown of events, Hartmann believes that the severity of the victim’s medical diagnosis at the time she was picked up was such that she would have died regardless of which hospital she had been admitted to.”


Filter Out the Noise
Since I started this curated newsletter in June 2017, I’ve clipped ~17,000 articles and narrowed them down into the best 20 per day & best 15 per week. This is my favorite way to cut through all the security marketing and hype. If you’re enjoying it, tell a friend. If you hate it, tell an enemy.
Thanks! – Lucas Samaras

Share today’s post on Twitter Facebook LinkedIn


Chinese APT Group Returns to Target Catholic Church & Diplomatic Groups (Dark Reading, Nov 23 2020)
APT group TA416 reemerges with new changes to its documented tool sets so it can continue launching espionage campaigns.

Home Depot Settles with US States Over 2014 Data Breach (Infosecurity Magazine, Nov 25 2020)
Home Depot reaches $17.5m settlement over 2014 data breach

The ransomware plague cost the world over $1 billion (Help Net Security, Nov 25 2020)
Group-IB has presented a report which examines key shifts in the cybercrime world internationally between H2 2019 and H1 2020 and gives forecasts for the coming year. The most severe financial damage has occurred as a result of ransomware activity.

Canon Says Data Stolen in August 2020 Ransomware Attack (SecurityWeek, Nov 27 2020)
Canon, ransomware, Maze, data stolenImaging and optical giant Canon this week revealed that data was stolen in a ransomware attack it fell victim to in early August 2020.

3 Steps CISOs Can Take to Convey Strategy for Budget Presentations (Dark Reading, Nov 23 2020)
Answering these questions will help CISOs define a plan and take the organization in a positive direction.

Security Pros Push for More Pervasive Threat Modeling (Dark Reading, Nov 20 2020)
With the release of the “Threat Modeling Manifesto” a group of 16 security professionals hope to prompt more companies to consider the threats to software.

Two Romanians Arrested for Running Malware Encryption Services (SecurityWeek, Nov 23 2020)
Two Romanians suspected of running services for encrypting malware and testing it against antivirus engines were arrested last week.

US Treasury’s OFAC Ransomware Advisory: Navigating the Gray Areas (Dark Reading, Nov 24 2020)
Leveraging the right response strategy, following the regulations, and understanding the ransom entity are the fundamentals in any ransomware outbreak.

Cyber-attacks Reported on Three US Healthcare Providers (Infosecurity Magazine, Nov 24 2020)
New York hospital, Florida urgent care center, and Georgia dentist hit by cyber-criminals

Danish News Agency Rejects Ransom Demand After Hacker Attack (SecurityWeek, Nov 25 2020)
Denmark’s biggest news agency will stay offline for at least another day following a hacking attack this week and has rejected a ransom demand by hackers to release locked data, the wire service said Wednesday.

Cyber Public Health (Schneier on Security, Nov 25 2020)
In a lecture, Adam Shostack makes the case for a discipline of cyber public health. It would relate to cybersecurity in a similar way that public health relates to medicine.

The current state of third-party risk management (Help Net Security, Nov 27 2020)
Third-party risk management (TPRM) professionals increasingly do not trust that security questionnaires provide sufficient information to properly understand and act on their third-party risk, according to RiskRecon and Cyentia Institute. As a result, the study found more enterprises are moving towards data-driven third-party risk management programs.

Top digital security worries when it comes to remote employees (Help Net Security, Nov 27 2020)
26% of remote workers have experienced a cyber attack personally, while 45% of employers have asked their employees to use their personal devices for work since the start of the pandemic, according to a Microsoft research. The study surveyed 500 employees and 200 business decision makers in September 2020 about remote working, digital security behaviours, and the worries they now face.

Cyber insurance claims on the rise (Help Net Security, Nov 26 2020)
External attacks on companies result in the most expensive cyber insurance losses, but it is employee mistakes and technical problems that are the most frequent generator of claims by number, according to a report from Allianz Global Corporate & Specialty (AGCS). The study analyzes 1,736 cyber-related insurance claims worth EUR 660mn (US$ 770mn) involving AGCS and other insurers from 2015 to 2020.

How consumers feel about retail data breaches (Help Net Security, Nov 25 2020)
Generali Global Assistance released the findings of its survey which examines consumer sentiment on retail data breaches and the identity theft risks holiday shopping poses. Grown comfort with online shopping Among those who avoided it entirely, comfort with online shopping has grown substantially this year. 30% of Americans surveyed avoided online shopping due to the potential security risks prior to the COVID-19 pandemic 74% of those who avoided online shopping due to security risks say…