A Review of the Best News of the Week on Cybersecurity Management & Strategy

The Story of the 2011 RSA Hack (Schneier on Security, May 27 2021)
Really good long article about the Chinese hacking of RSA, Inc. They were able to get copies of the seed values to the SecurID authentication token, a harbinger of supply-chain attacks to come.

DHS to issue first cybersecurity regulations for pipelines after Colonial hack (Washington Post, May 26 2021)
Federal officials will replace voluntary cybersecurity guidance for the pipeline industry with mandatory regulations following a devastating cyberattack on the Colonial pipeline earlier this month.

Double-Encrypting Ransomware (Schneier on Security, May 21 2021)
This seems to be a new tactic:

Emsisoft has identified two distinct tactics. In the first, hackers encrypt data with ransomware A and then re-encrypt that data with ransomware B. The other path involves what Emsisoft calls a “side-by-side encryption” attack, in which attacks encrypt some of an organization’s systems with ransomware A and others with ransomware B. In that case, data is only encrypted once, but a victim would need both decryption keys to unlock everything.

Filter Out the Noise
Since I started this curated security news in June 2017, I’ve clipped ~19,000 articles and narrowed them down into the best 20 per day & best 15 per week. This is my favorite way to cut through all the security marketing and hype. If you’re enjoying it, tell a friend. If you hate it, tell an enemy.
Thanks! – Lucas Samaras

Share today’s post on Twitter Facebook LinkedIn

Bizarro Banking Trojan (Schneier on Security, May 20 2021)
Bizarro is a new banking trojan that is stealing financial information and crypto wallets.

…the program can be delivered in a couple of ways­ — either via malicious links contained within spam emails, or through a trojanized app. Using these sneaky methods, trojan operators will implant the malware onto a target device, where it will install a sophisticated backdoor that “contains more than 100 commands and allows the attackers to steal online banking account credentials,”

Cyber Insurance Firms Start Tapping Out as Ransomware Continues to Rise (Dark Reading, May 24 2021)
A global insurance carrier refuses to write new ransomware policies in France, while insurers rewrite policies. Are we heading toward a day when ransomware incidents become uninsurable?

Maricopa County CISO: Online Misinformation/Disinformation in 2020 Election a ‘Gamechanger’ (Dark Reading, May 20 2021)
Custom playbooks played a key role in the Arizona election jurisdiction’s security strategy.

SolarWinds CEO: Attack Began Much Earlier Than Previously Thought (Dark Reading, May 19 2021)

C-level cybersecurity attitudes as enterprises embrace the everywhere workplace (Help Net Security, May 20 2021)
Ivanti unveiled the findings of a Frost & Sullivan study which investigates the impact of the COVID-19 pandemic on cybersecurity and compliance attitudes and behaviors in Singapore, Australia and New Zealand. The impact of COVID-19 on business demand and cybersecurity strategies

Amex Fined After Sending Over Four Million Spam Emails (Infosecurity Magazine, May 24 2021)
ICO claims customers did not consent to receiving marketing messages

Report Shows Global CISOs Failing to Practice What They Preach (Infosecurity Magazine, May 21 2021)
Report reveals widespread risky behavior from IT security leaders

#RSAC: The Rise of the Chief Product Security Officer (Infosecurity Magazine, May 20 2021)
Experts at the RSA Conference outline the role, challenges and opportunities for the emerging job category of the chief product security officer (CPSO)

#RSAC: What Makes a Security Program Measurably More Successful? (Infosecurity Magazine, May 20 2021)
Wendy Nather and Wade Baker have a few data-driven ideas about which activities actually help to make security programs work and which ones have less impact

#RSAC: SolarWinds CEO Provides New Details into Attack and Response (Infosecurity Magazine, May 19 2021)
Sudhakar Ramakrishna gives details of investigations into the supply chain attack

A leadership guide for mitigating security risks with low code platforms (Help Net Security, May 25 2021)
The low code market continues to grow, increasingly finding adoption for more diverse and serious applications among enterprises and independent software vendors (ISVs). The lingering question of application code security follows, as stories of security breaches continue to pour, and remote teams across the world adopt low code for faster application delivery.

Three-Quarters of CISOs Predict Another SolarWinds-Style Attack (Infosecurity Magazine, May 25 2021)
Splunk warns that cloud complexity is a major threat

Cyber-Insurance Premiums Surged by Up to 30% in 2020 (Infosecurity Magazine, May 25 2021)
GAO report warns of lower coverage limits for some verticals

Only Two-Fifths of UK Firms Report Data Breaches On Time (Infosecurity Magazine, May 25 2021)
On third GDPR anniversary, widespread confusion still reigns

Gartner: Global Security Spending Will Reach $150 Billion in 2021 (SecurityWeek, May 25 2021)
Research and advisory giant Gartner predicts that global security and risk management spending will exceed $150 billion this year.

Measuring impact beyond a single incident (Help Net Security, May 26 2021)
Determining the true impact of a cyber attack has always and will likely be one of the most challenging aspects of this technological age. In an environment where very limited transparency on the root cause and the true impact is afforded we are left with isolated examples to point to the direct cost of a security incident.

The VC View: Identity = Zero Trust for Everything (SecurityWeek, May 26 2021)
Identity very much seems to be an acquired taste… Most everyone’s first experience with identity comes down to usernames and passwords. And that’s enough for most users, “just let me get past this screen so I can do what I’m trying to do.”