A Review of the Best News of the Week on Cybersecurity Management & Strategy
US the Only Top Tier Cyber-power (Infosecurity Magazine, Jun 28 2021)
Report finds other countries lag behind US when it comes to cyber prowess
Attacks against game companies are up. But why? (SC Media, Jun 25 2021)
Malicious hackers are increasingly mobbing the video game industry, but security experts can’t pinpoint a single explanation for the surge.
Insurance and Ransomware (Schneier on Security, Jul 01 2021)
As ransomware becomes more common, I’m seeing more discussions about the ethics of paying the ransom. Here’s one more contribution to that issue: a research paper that the insurance industry is hurting more than it’s helping.
Filter Out the Noise
Since I started this curated security news in June 2017, I’ve clipped ~19,000 articles and narrowed them down into the best 20 per day & best 15 per week. This is my favorite way to cut through all the security marketing and hype. If you’re enjoying it, tell a friend. If you hate it, tell an enemy.
Thanks! – Lucas Samaras
FIN7 Pen Tester to Serve Seven Years (Infosecurity Magazine, Jun 25 2021)
US sends down high-level member of hacking group behind $1bn card-stealing scheme
Ransomware: To pay or not to pay (SC Media, Jun 28 2021)
Today’s columnist, Rob T. Lee of the SANS Institute, understands why companies like Colonial Pipeline paid the ransom, but says moving forward, organizations need to evaluate the risk of paying the ransom – and develop a plan.
An Interesting Approach to Cyber Insurance (Dark Reading, Jun 28 2021)
What if insurers were to offer companies an incentive — say, a discount — for better protecting themselves? You know, the way car insurance companies offer lower premiums to customers who take a driver’s ed course.
More ‘actionable’ intel needed from HHS to support health IT security (SC Media, Jun 29 2021)
While the HHS threat sharing efforts are off to a sound start, the GAO found key coordination areas the agency should improve to better support overall health IT security in the sector.
Costs from ransomware attack against Ireland health system reach $600M (SC Media, Jun 28 2021)
Ireland Health Service Executive, which is still operating under electronic health record downtime six weeks after the attack, intends to implement a security operation center able to better monitor the network for potential threats.
Risks of Evidentiary Software (Schneier on Security, Jun 29 2021)
Over at Lawfare, Susan Landau has an excellent essay on the risks posed by software used to collect evidence (a Breathalyzer is probably the most obvious example).
Google Updates Vulnerability Data Format to Support Automation (Dark Reading, Jun 29 2021)
The Open Source Vulnerability schema supports automated vulnerability handling in Go, Rust, Python, and Distributed Weakness Filing system, and it could be the favored format for future exporting of data.
CISA Publishes Catalog of Poor Security Practices (Dark Reading, Jun 29 2021)
Organizations often focus on promoting best practices, CISA says, but stopping poor security practices is equally important.
Threat modeling needs a reset (Help Net Security, Jun 30 2021)
Organizations need to rethink their approach to threat modeling or risk losing its value as a key defense in their cybersecurity arsenals. The traditional approaches to threat modeling can be very effective, but they don’t scale well enough in the current computing and threat landscape.
Think Tank Calls for Government Review into Banning Ransom Payments (Infosecurity , Jun 30 2021)
RUSI warns cyber-insurance is failing to incentivize better security
Colombian police arrest Gozi malware suspect after 8 years at large (Naked Security – Sophos, Jun 30 2021)
Safe at home, apparently, but not so safe overseas.
The Motherboard Guide to Steganography (VICE, Jun 30 2021)
A trip through the intentionally unseeable World of Hiding Data in Imagery
Pentagon CISO Suspected of Sharing Secrets (Infosecurity Magazine, Jul 01 2021)
Katie Arrington on leave while classified disclosure concerns are investigated
Infosec Community Posts Solidarity Bikini Pics After Twitter Troll Outburst (Infosecurity Magazine, Jul 01 2021)
Security pro’s Twitter post outraged one follower
Salvation Army Hit by Ransomware Attack (Infosecurity Magazine, Jun 30 2021)
The Christian charity is thought to be negotiating with the attackers over the siphoned data
No Pay Rise Since Pandemic for Two-Thirds of Cyber Pros (Infosecurity Magazine, Jun 30 2021)
Companies were more likely to offer pay rises to tech roles linked to creating value and agility
The VC View: Enabling Business via IT Security (SecurityWeek, Jul 01 2021)
The opportunity for the security industry is to build a remote-ready security program that is equally secure for remote and in-office workers