A Review of the Best News of the Week on Cybersecurity Management & Strategy
More Security Vendors Admit to SolarWinds Attacks (Infosecurity Magazine, Jan 27 2021)
Several more cybersecurity vendors have revealed that they were attacked by the same threat actors that compromised SolarWinds, although there appears to have been minimal if any impact on customers.
UK Insurers Defend Covering Ransomware Payments (Infosecurity Magazine, Jan 27 2021)
Association of British Insurers said cyber-attacks could financially ruin companies
Microsoft Security Business Exceeds $10B in Revenue (Dark Reading, Jan 27 2021)
Microsoft’s security division has grown more than 40% year-over-year, the company reports alongside security product updates.
Filter Out the Noise
Since I started this curated security news in June 2017, I’ve clipped ~17,000 articles and narrowed them down into the best 20 per day & best 15 per week. This is my favorite way to cut through all the security marketing and hype. If you’re enjoying it, tell a friend. If you hate it, tell an enemy.
Thanks! – Lucas Samaras
Arrest, Seizures Tied to Netwalker Ransomware (Krebs on Security, Jan 27 2021)
U.S. and Bulgarian authorities this week seized the darkweb site used by the NetWalker ransomware cybercrime group to publish data stolen from its victims. In connection with the seizure, a Canadian national suspected of extorting more than $27 million through the spreading of NetWalker was charged in a Florida court.
Apprenticeships Could Solve Cyber-Skills Crisis, Say Experts (Infosecurity Magazine, Jan 29 2021)
Infosecurity Europe poll offers backing for on-the-job training
CISOs increasingly focus on mitigating mobile security risks (Help Net Security, Jan 28 2021)
The emergence of the everywhere enterprise has shifted CISO priorities away from combating network security threats and towards mitigating mobile security risks, Ivanti reveals. 87% CISOs surveyed agreed that mobile devices have become the focal point of their cybersecurity strategies, and 80% CISOs stated that passwords are no longer an effective means of protecting enterprise data, as hackers are increasingly targeting remote workers and mobile devices.
International Action Targets Emotet Crimeware (Krebs on Security, Jan 27 2021)
Authorities across Europe on Tuesday said they’d seized control over Emotet, a prolific malware strain and cybercrime-as-service operation. Investigators say the action could help quarantine more than a million Microsoft Windows systems currently compromised with malware tied to Emotet infections.
Automation and no-code are driving the future of business operations (Help Net Security, Jan 24 2021)
More than 95% of respondents indicated that business operations has become a more important function in their organization in the past year, a Tonkean survey reveals. The survey of 500 IT and business operations professionals at large and mid-sized companies also showed growing frustrations with the status quo of resources and tools to perform operations work.
Clothing Brand Bonobos Informs Users of Data Breach (SecurityWeek, Jan 25 2021)
Menswear brand Bonobos has started informing customers of a data breach that may have resulted in their personal information getting compromised.
Packaging Giant WestRock Says Ransomware Attack Impacted OT Systems (SecurityWeek, Jan 25 2021)
American packaging giant WestRock (NYSE: WRK) on Monday revealed that it was recently targeted in a ransomware attack that impacted both information technology (IT) and operational technology (OT) systems.
Small Security Teams Have Big Security Fears, CISOs Report (Dark Reading, Jan 25 2021)
Researchers poll security leaders who are tasked with protecting large organizations but have a small presence and budget.
Cybersecurity investments will increase up to 10% in 2021 (Help Net Security, Jan 25 2021)
A Canalys forecast predicts cybersecurity investments will increase 10% worldwide in the best-case scenario in 2021. Information security will remain a high priority this year, as the range of threats broadens and new vulnerabilities emerge, while the frequency of attacks is unlikely to subside.
Speed of White House cyber appointments should make CISOs ‘a bit more confident’ (SC Media, Jan 25 2021)
The appointments and presumed future appointments draw heavily from people with public sector experience, a move that some praise and others criticize as a failure to consider private sector expertise.
Security’s Inevitable Shift to the Edge (Dark Reading, Jan 27 2021)
As the edge becomes the place for DDoS mitigation, Web app security, and other controls, SASE is the management platform to handle them all.
Most with in-house security teams are considering outsourcing security efforts (Help Net Security, Jan 26 2021)
Syntax surveyed 500 IT decision-makers in the US on the impact of the COVID-19 pandemic on their businesses and strategic decisions they’ll make in 2021. 2020 was a year of unexpected and rapid digital transformation for IT leaders across industries. 89% of respondents report that the pandemic accelerated their enterprises’ digital transformation last year.
#RSAC365: How to Achieve Next Level Security Automation (Infosecurity Magazine, Jan 28 2021)
Speaking at the RSAC 365 Virtual Summit Tomasz Bania, cyber-defense manager, Dolby, explored how organizations can transition from manually doing the security basics to implementing full end-to-end security automation.
#RSAC365: Will Recent Treasury Guidance Reduce Ransomware Payments in the US? (Infosecurity Magazine, Jan 27 2021)
Will a zero-tolerance approach to ransomware payments have a meaningful impact?
The cyber ‘journeymen’: Apprentices may be the solution to the skills gap (SC Media, Jan 26 2021)
Aspiring infosec professionals have the opportunity to hone their craft as companies develop talent from within, potentially with government funding, and chip away at the diversity problem.
SOC challenges within the current cyber skilling climate (Help Net Security, Jan 29 2021)
A Cyberbit report reveals how organizations are currently building the human element of their InfoSec organization—shedding light on current practices including job requirements, the recruiting process, current skills levels, training impacts, and integration of industry best practices.