A Review of the Best News of the Week on Cybersecurity Management & Strategy

Task Force Seeks to Disrupt Ransomware Payments (Krebs on Security, Apr 29 2021)
Some of the world’s top tech firms are backing a new industry task force focused on disrupting cybercriminal ransomware gangs by limiting their ability to get paid, and targeting the individuals and finances of the organized thieves behind these crimes.

CISA, NIST Provide New Resource on Software Supply Chain Attacks (SecurityWeek, Apr 27 2021)
In a joint document published this week, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the National Institute of Standards and Technology (NIST) provide information on software supply chain attacks, the associated risks, and how organizations can mitigate them.

Only 8% of businesses that paid a ransom got all of their data back (Help Net Security, Apr 28 2021)
The average total cost of recovery from a ransomware attack has more than doubled in a year, increasing from $761,106 in 2020 to $1.85 million in 2021, a Sophos survey reveals. The average ransom paid is $170,404. A paid ransom guarantees little The global findings also show that only 8% of organizations manage to get back all of their data after paying a ransom, with 29% getting back no more than half of their data…

Filter Out the Noise
Since I started this curated security news in June 2017, I’ve clipped ~19,000 articles and narrowed them down into the best 20 per day & best 15 per week. This is my favorite way to cut through all the security marketing and hype. If you’re enjoying it, tell a friend. If you hate it, tell an enemy.
Thanks! – Lucas Samaras

Share today’s post on Twitter Facebook LinkedIn

Apple’s ransomware mess is the future of online extortion (Ars Technica, Apr 24 2021)
Hackers want $50 million to not release schematics they stole from Apple supplier.

61% of organizations impacted by ransomware in 2020 (Help Net Security, Apr 25 2021)
Enterprises faced unprecedented cybersecurity risk in 2020 from increasing attack volume, the pandemic-driven digital transformation of work, and generally deficient cyber preparedness and training, a Mimecast survey reveals. The report is based on a global survey of 1,225 information technology and cybersecurity leaders. Ransomware looms large A full 79% of respondents indicated their companies had experienced a business disruption, financial loss or other setback in 2020 due to a lack of cyber

22% of all users still run Microsoft end-of-life Windows 7 (SC Media, Apr 26 2021)
Microsoft stopped supporting Windows 7 in January 2020, meaning users don’t get software updates and are more susceptible to attacks.

KnowBe4 Issues IPO to Drive Global Expansion, New Automation Features (Dark Reading, Apr 23 2021)
Security awareness firm aims expand into Europe and Asia, and add automation and machine learning to its technology.

Thoma Bravo Buys Proofpoint in $12.3 Billion All-Cash Deal (SecurityWeek, Apr 26 2021)
Enterprise security vendor Proofpoint (NASDAQ: PFPT) has been acquired by private equity firm Thoma Bravo in an all-cash transaction that values Proofpoint at approximately $12.3 billion.

In Appreciation: Dan Kaminsky (Dark Reading, Apr 26 2021)
Beloved security industry leader and researcher passes away unexpectedly at the age of 42.

US: Ireland Is a Target for Cyber-Criminals (Infosecurity Magazine, Apr 23 2021)
Vast amount of data stored on Emerald Isle a lure for cyber-criminals, warns America’s National Security Division

Three tips for modernizing the CISO in 2021 (SC Media, Apr 27 2021)
Today’s columnist, Jadee Hanson of Code42, says KPMG found that 44% of organizations will change their products, services and business models in the next few years – and that CIOs and CISOs must work together to meet this challenge.

Water utility CISO offers tips to stay secure as IT and OT converge (SC Media, Apr 26 2021)
Kristin Sanders, chief information security officer for the Albuquerque Bernalillo County Water Utility Authority, revealed how New Mexico’s largest water and wastewater utility has been addressing the security challenge by leveraging a series of software solutions, sensors and internet-of-things technology.

Ransomware gang offers traders inside scoop on attack victims so they can short sell their stocks (SC Media, Apr 23 2021)
The latest fallout of ransomware attacks may involve stock manipulation, with one group openly coaxing stock traders to reach out and receive the inside scoop on the gang’s latest corporate victims, so they can short sell their stock before data is leaked and the news goes public.

Do Cyberattacks Affect Stock Prices? It Depends on the Breach (Dark Reading, Apr 27 2021)
A security researcher explores how data breaches, ransomware attacks, and other types of cybercrime influence stock prices.

DARPA moves forward in quest for zero-knowledge proofs for vulnerability disclosure (SC Media, Apr 27 2021)
The effort could allow security researchers to publicly prove the existence of a vulnerability without also giving away their underlying research to attackers.

Google Data Protection Case to be Heard in UK Supreme Court (SecurityWeek, Apr 28 2021)
Google on Wednesday began a legal bid at Britain’s highest court to try to block a class action alleging that it illegally tracked millions of iPhone users.

Cyberspace Solarium Commission: CISA Funding Should Increase by at Least $400M (SecurityWeek, Apr 28 2021)
In a letter to the United States House Committee on Appropriations, two members of the Cyberspace Solarium Commission are asking for an increase in funding for the Cybersecurity and Infrastructure Security Agency (CISA) in fiscal year 2022.

FBI Works With ‘Have I Been Pwned’ to Notify Emotet Victims (Dark Reading, Apr 28 2021)
Officials shared 4.3 million email addresses with the HIBP website to help inform companies and individuals if Emotet compromised their accounts.

DoJ building the guardrails for Microsoft Exchange-type malware takedowns (SC Media, Apr 28 2021)
Demers said the department would evaluate the Exchange operation to try to generalize future standards, and that such infiltration of private systems would not be a "tool of first resort.

The IRS Wants Help Hacking Cryptocurrency Hardware Wallets (VICE, Apr 29 2021)
As more investors and criminals move to hardware wallets to secure their funds, the IRS is looking for new methods to access those wallets in criminal investigations.