A Review of the Best News of the Week on Cybersecurity Management & Strategy

Acer Reportedly Hit With $50M Ransomware Attack (Dark Reading:, Mar 22 2021)
Reports say a ransomware gang has given Acer until March 28 to pay, or it will double the ransom amount.

Why SASE matters and what security pros need to know (SC Media, Mar 22 2021)
Think of SASE as an architecture model, although sometimes it’s referred to as a concept or framework. It combines software-defined wide area networking (SD-WAN) with comprehensive security capabilities to support today’s cloud-based computing environments and the realities of a mobile workforce.

Accellion Supply Chain Hack (Schneier on Security, Mar 23 2021)
“A vulnerability in the Accellion file-transfer program is being used by criminal groups to hack networks worldwide.

There’s much in the article about when Accellion knew about the vulnerability, when it alerted its customers, and when it patched its software.

The governor of New Zealand’s central bank, Adrian Orr, says Accellion failed to warn it after first learning in mid-December that the nearly 20-year-old FTA application — using antiquated technology and set for retirement — had been breached.”

Filter Out the Noise
Since I started this curated security news in June 2017, I’ve clipped ~19,000 articles and narrowed them down into the best 20 per day & best 15 per week. This is my favorite way to cut through all the security marketing and hype. If you’re enjoying it, tell a friend. If you hate it, tell an enemy.
Thanks! – Lucas Samaras

Share today’s post on Twitter Facebook LinkedIn

Cloudflare Browser Isolation offers zero trust browsing for all businesses (Help Net Security, Mar 23 2021)
Cloudflare launched Cloudflare Browser Isolation, a new zero trust service to make everyday web browsing safer and faster for all businesses, regardless of where their employees are.

Shell Latest to Fall to Accellion FTA Exploits (, Mar 23 2021)
Oil giant admits personal and corporate data was stolen

EU Council Adopts Cybersecurity Strategy (, Mar 22 2021)
Cybersecurity conclusions presented in December officially adopted by EU Council

RedTorch Formed from Ashes of Norse Corp. (Krebs on Security, Mar 22 2021)
Remember Norse Corp., the company behind the interactive “pew-pew” cyber attack map shown in the image below? Norse imploded rather suddenly in 2016 following a series of managerial missteps and funding debacles. Now, the founders of Norse have launched a new company with a somewhat different vision: RedTorch, which for the past two years has marketed a mix of services to high end celebrity clients, including spying and anti-spying tools and services.

80% of security leaders would like more control over their API security (Help Net Security, Mar 23 2021)
There are major gaps in API security based on insights from over 100 senior security leaders at large enterprises in the United States and Europe, an Imvision report reveals. With 9 out of 10 security leaders naming API security as a priority, survey results indicate a consensus among professionals that the shift to the cloud and expansive adoption of APIs have created a new layer of technology that requires dedicated attention.

What businesses need to know to evaluate partner cyber resilience (Help Net Security, Mar 24 2021)
Many recent high-profile breaches have underscored two important cybersecurity lessons: the need for increased scrutiny in evaluating access and controls of partners handling valuable customer data, and the imperativeness of assessing a third party’s (hopefully multi-layered) approach to cyber resilience.

Risk Management Program Development 101 (, Mar 24 2021)
What are the steps orgs need to take to develop a successful risk management program?

Who Should Own Third Party Risk Management? (, Mar 23 2021)
TPRM’s role in keeping orgs safe from cyber-attacks creates differing opinions on where it should reside

The CIO’s Shifting Role: Improving Security With Shared Responsibility (Dark Reading:, Mar 25 2021)
CIOs must create a culture centered around cybersecurity that is easily visible and manageable.

Why the modern CISO should plan for greater Cybersecurity Regulations in the Biden Era (SC Media, Mar 25 2021)
Part of this preparedness means understanding how potential legislation could reshape cybersecurity efforts.

Credit Card Hacking Forum Gets Hacked, Exposing 300,000 Hackers’ Accounts (VICE US – Motherboard, Mar 25 2021)
Credit card hacking forum Carding Mafia is the latest victim of the age-old hackers on hackers crime.