A Review of the Best News of the Week on Cybersecurity Management & Strategy

Apple Censorship and Surveillance in China (Schneier on Security, May 19 2021)
Good investigative reporting on how Apple is participating in and assisting with Chinese censorship and surveillance.

DarkSide Ransomware Gang Quits After Servers, Bitcoin Stash Seized (Krebs on Security, May 14 2021)
The DarkSide ransomware affiliate program responsible for the six-day outage at Colonial Pipeline this week that led to fuel shortages and price spikes across the country is running for the hills. The crime gang announced it was closing up shop after its servers were seized and someone drained funds from an account the group uses to pay affiliates.

18 is the new 20: CIS Controls v8 is here! (Help Net Security, May 19 2021)
The moment we’ve all been waiting for is finally here. The Center for Internet Security (CIS) officially launched CIS Controls v8, which was enhanced to keep up with evolving technology (modern systems and software), evolving threats, and even the evolving workplace. The pandemic changed a lot of things, and it also prompted changes in the CIS Controls. The newest version of the Controls now includes cloud and mobile technologies.

Filter Out the Noise
Since I started this curated security news in June 2017, I’ve clipped ~19,000 articles and narrowed them down into the best 20 per day & best 15 per week. This is my favorite way to cut through all the security marketing and hype. If you’re enjoying it, tell a friend. If you hate it, tell an enemy.
Thanks! – Lucas Samaras

Share today’s post on Twitter Facebook LinkedIn

Is 85% of US Critical Infrastructure in Private Hands? (Schneier on Security, May 17 2021)
Most US critical infrastructure is run by private corporations. This has major security implications, because it’s putting a random power company in — say — Ohio — up against the Russian cybercommand, which isn’t a fair fight.

#RSAC: The Invisible War of Internet Misinformation (Infosecurity Magazine, May 17 2021)
RSA Conference keynoter Theresa Payton outlines how misinformation works and what organizations can do to help combat it

#RSAC: RSA CEO Details the Challenges of Resilience in a World of Chaos (Infosecurity Magazine, May 17 2021)
RSA CEO Rohit Ghai kicks off the annual RSA Security conference with an inspirational keynote defining what resilience is really all about.

Florida water plant compromise came hours after worker visited malicious site (Ars Technica, May 18 2021)
Researchers find watering-hole attack targeting water utilities.

Lemonade Denies “Unforgivably Negligent” Security Gaffe (Infosecurity Magazine, May 14 2021)
Insurtech company says alleged lapse was merely customers sharing their quotes online

City pays $350,000 after suing “hackers” for opening Dropbox link it sent them (Ars Technica, May 17 2021)
Employee mistakenly sent the link when replying to a records request.

RSAC 2021: What Will SolarWinds’ CEO Reveal? (Dark Reading, May 17 2021)
In a keynote conversation with Forrester analyst Laura Koetzle, Sudhakar Ramakrishna will get candid about the historic breach.

CISOs: Missing an Opportunity to Partner with Your CDO? (eWEEK, May 18 2021)
Recently, I was talking with a major analyst firm about data and security. The name of the firm will not be mentioned to protect the not-so-innocent. During this call, I was amazed to learn that most CISOs remain focused – even with their increasing board level visibility…

Double-extortion ransomware attacks on the rise (Help Net Security, May 18 2021)
Zscaler announced a report featuring analysis of key ransomware trends and details about the most prolific ransomware actors, their attack tactics and the most vulnerable industries being targeted. The research team analyzed over 150 billion platform transactions and 36.5 billion blocked attacks between November 2019 and January 2021 to identify emerging ransomware variants, their origins, and how to stop them.

Here’s why API breaches happen and how to prevent them (SC Media, May 17 2021)
As part of a special series of Security Weekly podcasts during the RSA Conference, Sandy Carielli, principal analyst at Forrester Research, spoke to Security Weekly’s Matt Alderman about what companies can do to prevent API breaches.

56% of security professionals say today’s cyber workforce lacks soft skills (SC Media, May 17 2021)
Emotional intelligence, resilience and the ability to integrate well with a team are among the most critical soft-skill qualities that a security professional can possess – and such attributes can make you a very valuable hiring candidate, according to a panel of experts Monday at the 2021 RSA conference.

Here’s how web app and API security needs to be modernized (SC Media, May 17 2021)
As part of a special podcast series from Security Weekly during the RSA Conference, Sean Leach, chief product architect at Fastly, speak to Security Weekly’s Paul Asadoorian about the new rules for web application and API security, which respect the way modern applications are built.

Cisco and Netflix execs: The pandemic brought good, and some bad changes in security standards (SC Media, May 17 2021)
Two executives mull on changes – big and small – to the business security environment in the wake of COVID.

Best 11 Quotes From Cryptographers’ Panel (Dark Reading, May 18 2021)

How to deal with ransomware attacks (Help Net Security, May 18 2021)
Used in cyberattacks that can paralyze organizations, ransomware is malicious software that encrypts a computer system’s data and demands payment to restore access. To help organizations protect against ransomware attacks and recover from them if they happen, NIST has published an infographic offering a series of simple tips and tactics.

Cisco CEO: There’s no enterprise perimeter to defend anymore (Network World Security, May 18 2021)

Erosion of the traditional network perimeter and the transition to work-from-anywhere have conspired to bring an unprecedented threat level to endpoint devices, users, and applications, Cisco CEO Chuck Robbins told the online audience at the virtual RSA Conference 2021.
Such threats are exacerbated by the fact that over 3,500 vendors offer security products and services that many customers patchwork together

Attention CEOs: No news can be good news when investigating a breach (SC Media, May 18 2021)
David Estlick, CISO of Chipotle Mexican Grill joined James Christiansen, vice president and CSO of cloud security transformation at Netskope, to speak about managing corporate expectation post breach.