A Review of the Best News of the Week on Cybersecurity Management & Strategy

Get ready for the hacking back debate: Round 2 (The Washington Post, Jun 13 2019)
A bipartisan bill being reintroduced this morning would allow hacked companies to turn the tables and hack back into their attackers’ computer networks. The Active Cyber Defense Certainty Act, sponsored by Reps. Tom Graves (R-Ga.) and Josh Gottheimer (D-N.J.), would allow those hacked companies to only ferret out what happened to their stolen data and gather evidence for police, though — not to destroy anything on the attackers’ computer networks.

The Future of Have I Been Pwned (Up for Sale) (Troy Hunt, Jun 11 2019)
Back in 2013, I was beginning to get the sense that data breaches were becoming a big thing. The prevalence of them seemed to be really ramping up as was the impact they were having on those of us that found ourselves in them, myself included….

Workshop on the Economics of Information Security (Schneier on Security, Jun 11 2019)
“Last week, I hosted the eighteenth Workshop on the Economics of Information Security at Harvard. Ross Anderson liveblogged the talks….”

---

One of My Favorite Things
Since I started this curated newsletter in June 2017, I’ve clipped ~10,000 articles and narrowed them down into the best 20 per day & best 15 per week. This is my favorite way to cut through all the security marketing and hype. If you’re enjoying it, tell a friend. If you hate it, tell an enemy.
Thanks! – Lucas Samaras

Share today’s post on Twitter Facebook LinkedIn

---

The Last Blog Post! (From Anton Chuvakin) (Gartner Blog Network, Jun 06 2019)
“It is with some sadness and much excitement that I write this final post for my Gartner blog. If you recall, I joined Gartner in 2011, so it has been nearly 8 years. So far, this has been my favorite job, the best I ever had in my life, by a wide margin.”

KKR Mints a New Cybersecurity Unicorn (Fortune, Jun 12 2019)
Three months after announcing an initial $50 million investment in the company, private equity giant KKR is leading an additional $300 million in funding for cybersecurity firm KnowBe4, in a deal that values the startup at $1 billion.

Radiohead Dropped 18 Hours of Unreleased Music to Screw Pirates (Wired, Jun 12 2019)
You can listen to the OK Computer–era tracks right here.

The Rise of ‘Purple Teaming’ (Dark Reading, Jun 13 2019)
The next generation of penetration testing represents a more collaborative approach to old fashioned Red Team vs. Blue Team.

How human bias impacts cybersecurity decision making (Help Net Security, Jun 10 2019)
In a newly released report, Dr Margaret Cunningham, psychologist and Principal Research Scientist at Forcepoint, examined six universal unconscious human biases, how they can influence cybesecurity decision making, and urges infosec pros and leaders to make an effort to overcome them.

Court unseals indictment against alleged Darkode hacking forum members (SC Magazine, Jun 07 2019)
An American and three Europeans have been charged with racketeering conspiracy and conspiracy to commit wire fraud and bank fraud for allegedly distributing malware on the now-defunct Darkode computer hacking forum.

Russia accused of hacking EU embassy in Moscow (SC Magazine, Jun 11 2019)
Russia is believed to have hacked the Europian Union’s embassy in Moscow in a sophisticated cyberespionage attack designed to steal highly sensitive material from the mission’s internal network just weeks before the European Parliament elections. The initial attack took place in February 2017, but wasn’t detected until April of this year.

U.S. House passes bill that would require DHS to maintain cyber hunt, IR teams (SC Magazine, Jun 11 2019)
The U.S. House of Representatives yesterday passed its own version of the DHS Cyber Incident Response Teams Act of 2019, which would require the Department of Homeland Security to permanently maintain cyber hunt and incident response teams that help prevent and mitigate attacks on federal agencies and the private sector.

Ransomware attack hobbles Washington food bank (SC Magazine, Jun 11 2019)
An Auburn, Washington-based food bank that provides meals to individuals in need has reportedly been victimized in a ransomware attack, leaving staff members unable to access files and emails.

Cloudflare’s Five-Year Project to Protect Nonprofits Online (Wired, Jun 12 2019)
Cloudflare’s Project Galileo has helped vulnerable organizations fend off DDoS and other attacks for the last five years.

A Top Voting-Machine Firm Calls for Paper Ballots (Wired, Jun 11 2019)
The long-awaited shift from paperless ballots could make elections more secure.

Newly public CrowdStrike wants to become the Salesforce of cybersecurity (TechCrunch, Jun 12 2019)
Since 2012, CrowdStrike’s Falcon Endpoint Protection platform has been pushing those incumbents into a new era of endpoint protection. By helping enterprises across the globe battle increasingly complex attack scenarios more efficiently, CrowdStrike, as well as other fast-growing cybersecurity upstarts, has redefined company security standards much like Salesforce redefined how companies communicate with customers.

Tomorrow’s Cybersecurity Analyst Is Not Who You Think (Dark Reading, Jun 12 2019)
Organizations can’t just rely on diverse and cutting-edge technologies to fight adversaries. They will also need people with diverse expertise and backgrounds.

VPN Complexity Cripples Innovation (SC Magazine, Jun 13 2019)
Long gone are the days when switchboard operators were relied upon to make phone connections. Advancements in telecommunication quickly eliminated the need for cumbersome and manual intervention. It is time we abandon the switchboard-like model that we have inherited from virtual private networks (VPNs), remove unnecessary complexity, and make room for security innovation.

DNS Firewalls Could Save Companies Billions (Dark Reading, Jun 13 2019)
New analysis shows widespread DNS protection could save organizations as much as $200 billion in losses every year.

Philly Courts Still Down After Cyber-Attack (Infosecurity Magazine, Jun 14 2019)
Some Philadelphia Court systems are still down three weeks post-attack

Telegram blames China for DDoS disruptions during Hong Kong unrest (SC Magazine, Jun 13 2019)
Telegram pointed the finger at Chinese state-sanctioned actors yesterday after a distributed denial of service (DDoS) attack overwhelmed its servers as protests were taking place in Hong Kong.

A Review of the Best News of the Week on Cybersecurity Management & Strategy

Report: No ‘Eternal Blue’ Exploit Found in Baltimore City Ransomware (Krebs on Security, Jun 03 2019)
“For almost the past month, key computer systems serving the government of Baltimore, Md. have been held hostage by a ransomware strain known as “Robbinhood.” Media publications have cited sources saying the Robbinhood version that hit Baltimore city computers was powered by “Eternal Blue,” a hacking tool developed by the U.S. National Security Agency (NSA) and leaked online in 2017. But new analysis suggests that while Eternal Blue could have been used to spread the infection, the Robbinhood malware itself contains no traces of it.”

Stanford group calls for major overhaul on election security. Here are their recommendations (The Washington Post, Jun 06 2019)
A plan released this week by a Stanford University group that includes former top government and tech industry officials aims to be the equivalent of the 9/11 Commission report for election security.

China ‘behind’ huge ANU hack amid fears government employees could be compromised (The Sydney Morning Herald, Jun 07 2019)
China is the key suspect in the theft of huge volumes of highly sensitive personal data from the Australian National University

---

One of My Favorite Things
Since I started this curated newsletter in June 2017, I’ve clipped ~10,000 articles and narrowed them down into the best 20 per day & best 15 per week. This is my favorite way to cut through all the security marketing and hype. If you’re enjoying it, tell a friend. If you hate it, tell an enemy.
Thanks! – Lucas Samaras

Share today’s post on Twitter Facebook LinkedIn

---

What corporate boards still don’t understand about cyber risk (Quartz, Jun 03 2019)
Board members who felt their company was properly secured against a cyberattack fell to 37% in 2017 from 42% in 2016.

Why the NSA is pushing back against Baltimore ransomware link (The Washington Post, Jun 03 2019)
The National Security Agency took an exceptionally rare step last week when it disputed a New York Times report that one of its hacking tools was used in a ransomware attack that has crippled Baltimore city services for more than three weeks.

The organization once nicknamed “No Such Agency” typically stays tight-lipped about stories it believes are incorrect or misleading. The rare exception underscores that the NSA is trying to avoid a hit to its reputation – which has taken numerous blows in recent years — that would surely come if its tools were linked to the Baltimore attack.

Much @Stake: The Band of Hackers That Defined an Era (Wired, Jun 02 2019)
Today’s cybersecurity superstars share a common thread—one that leads back to early hacking group Cult of the Dead Cow.

Baltimore Ransomware Attacker Was Behind Now-Suspended Twitter Account (Dark Reading, Jun 03 2019)
Researchers at Armor were able to confirm the person or persons behind a Twitter account that appeared to be leaking confidential files was the actual ransomware attacker that hit the city.

Election Rules Are an Obstacle to Cybersecurity of Presidential Campaigns (The New York Times, Jun 07 2019)
Security experts warn that time is running out for campaigns to create protections against the cyberattacks and disinformation seen in recent elections.

What I Learned Trying To Secure Congressional Campaigns (Idle Words) (Idlewords, Jun 07 2019)
“This is the situation I found myself in from late 2017 to 2018, when I was part of an effort that delivered a basic, hour-long campaign security training to 41 Democratic Congressional campaigns.”

GDPR’s First-Year Impact By the Numbers (Dark Reading, May 31 2019)
The latest statistics on GDPR spending, compliance rates, enforcement, and consumer attitudes on privacy protection.

Reports: Hacking accusations debunked after leak of New Zealand budget plan (SC Magazine, May 31 2019)
Accusations from New Zealand’s Treasury department that someone had hacked the agency’s website and stole budget plans that was later leaked to the public turned out to be premature, after investigators reportedly determined that individuals were able to access the documentation due to website error.

The Importance of Protecting Cybersecurity Whistleblowers (Schneier on Security, Jun 03 2019)
Interesting essay arguing that we need better legislation to protect cybersecurity whistleblowers. “Congress should act to protect cybersecurity whistleblowers because information security has never been so important, or so challenging…”

The Cost of Cybercrime (Schneier on Security, Jun 04 2019)
Really interesting paper calculating the worldwide cost of cybercrime: Abstract: In 2012 we presented the first systematic study of the costs of cybercrime. In this paper,we report what has changed in the seven years since.

Tales From the SOC: Municipal Edition (SecurityWeek, Jun 04 2019)
As a threat researcher, I’ve advised security teams of organizations big and small, across both public and private sectors. So after a decade in DFIR, people often ask me about the craziest or most interesting things I’ve seen on client networks. I have quite a few interesting stories under my belt, from state and local governments, to start ups, and large enterprises. I’m excited to share a few of these ‘Tales from the SOC’ with the larger cybersecurity community.

The Race to Save Encryption (WSJ, Jun 05 2019)
Quantum computers will be able to break current encryption within a decade. That has security experts scrambling to come up with new ways to protect data before it is too late.

State Department proposes new $20.8 million cybersecurity bureau (CyberScoop, Jun 05 2019)
The State Department has sent to Congress a long-awaited plan to reestablish a cybersecurity-focused bureau it says is key to supporting U.S. diplomatic efforts in cyberspace.

FEC poised to limit who can give political campaigns free cybersecurity help (The Washington Post, Jun 05 2019)
The Federal Election Commission appears poised to draw strict limits this week on which organizations can provide free cybersecurity help to political campaigns targeted by foreign hackers.

Premera Blue Cross reaches proposed $72M settlement with 2014 breach victims (SC Magazine, Jun 05 2019)
Health insurance company Premera Blue Cross has agreed to a $72 million proposed settlement that would resolve a contentious class-action lawsuit stemming from a 2014 data breach affecting roughly 10.6 million people.

Chinese Military Wants to Develop Custom OS (Schneier on Security, Jun 06 2019)
Citing security concerns, the Chinese military wants to replace Windows with its own custom operating system: Thanks to the Snowden, Shadow Brokers, and Vault7 leaks, Beijing officials are well aware of the US’ hefty arsenal of hacking tools, available for anything from smart TVs to Linux servers, and from routers to common desktop operating systems, such as Windows and Mac.

Security and Human Behavior (SHB) 2019 (Schneier on Security, Jun 06 2019)
“I invariably find this to be the most intellectually stimulating two days of my professional year. It influences my thinking in many different, and sometimes surprising, ways.”

A Review of the Best News of the Week on Cybersecurity Management & Strategy

NY Investigates Exposure of 885 Million Mortgage Documents (Krebs on Security, May 31 2019)
“New York regulators are investigating a weakness that exposed 885 million mortgage records at First American Financial Corp. [NYSE:FAF] as the first test of the state’s strict new cybersecurity regulation. That measure, which went into effect in March 2019 and is considered among the toughest in the nation, requires financial companies to regularly audit and report on how they protect sensitive data, and provides for fines in cases where violations were reckless or willful.”

Alex Stamos on Content Moderation and Security (Schneier on Security, May 29 2019)
Really interesting talk by former Facebook CISO Alex Stamos about the problems inherent in content moderation by social media platforms. Well worth watching….

Security pros divided over NSA’s responsibility for Baltimore hack (The Washington Post, May 28 2019)
Many security researchers, however, say the real problem isn’t with the NSA. They say that hacking victims like Baltimore still haven’t taken sufficient measures against EternalBlue two years after it first leaked — and aren’t using a software patch released by Microsoft to to protect themselves

---

One of My Favorite Things
Since I started this curated newsletter in June 2017, I’ve clipped ~10,000 articles and narrowed them down into the best 20 per day & best 15 per week. This is my favorite way to cut through all the security marketing and hype. If you’re enjoying it, tell a friend. If you hate it, tell an enemy.
Thanks! – Lucas Samaras

Share today’s post on Twitter Facebook LinkedIn

---

Federal cybersecurity agency on the way? (CSO Online, May 28 2019)
As human activity migrates into the online space, keeping the bad guys from mucking it all up becomes paramount. Does that mean it’s time for a federal cybersecurity agency?

FireEye Buys Verodin for $250 Million (Dark Reading, May 28 2019)
Acquisition of security instrumentation firm will add more than $70 million to 2020 billing, FireEye estimates.

Flipboard Confirms Two Hacks, Prompts Password Resets (Dark Reading, May 29 2019)
The company reports two incidents affected a subset of its users and is resetting passwords for involved accounts.

Threat Intelligence Firm Recorded Future Acquired for $780 Million (SecurityWeek, May 30 2019)
Threat intelligence provider Recorded Future announced on Thursday that Insight Partners has agreed to acquire a controlling interest in the company,  in addition to the minority stake previously owned by Insight. The all-cash transaction values Recorded Future at more than $780 million.

The aftermath of a data breach: A personal story (WeLiveSecurity, May 30 2019)
Criminals used my account to launder credit card transactions into cash, at least where the company transacted with was willing to refund

Know Your Limitations (TaoSecurity, May 29 2019)
“here I argue that if you are unable to securely operate information technology that matters, then you should not be supporting that IT.”

Japan to Restrict Foreign Tech Investment on Security Fears (Information Security, May 28 2019)
The Japanese government is set to restrict foreign ownership of domestic firms in key tech areas on national security grounds, in a move which echoes America’s recent attempts to restrict Chinese companies.

US Senate passes anti-robocalling bill (Naked Security – Sophos, May 28 2019)
The TRACED Act was a slam dunk in the Senate, where it passed with an overwhelming 97-1 vote.

Selecting Enterprise Email Security: the Buying Process (Securosis Blog, May 28 2019)
“To wrap up this series we will bring you through a process of narrowing down the shortlist and then testing products and/or services in play. With email it’s less subjective because malicious email is… well, malicious. But given the challenges of policy management at scale (discussed in our last post), you’ll want to ensure a capable UX and sufficient reporting capabilities as well.”

Democratic base fired up by effort to ban Internet-connected voting machines (The Washington Post, May 30 2019)
As the 2020 election approaches, voting security groups are trying to rally the public behind an effort to ban Internet connections from U.S. voting machines that could be hacked by Russia and other foreign adversaries.

Majority of CISOs plan to ask for an increase in cybersecurity investment (Help Net Security, May 30 2019)
Most CISOs of financial institutions (73 percent) plan to ask their organization’s CFO for an increase in cybersecurity investments in the next year, according to the Financial Services Information Sharing and Analysis Center (FS-ISAC), an industry consortium dedicated to reducing cyber-risk in the global financial system.

Structural integrity: Quantifying risk with security measurement (Help Net Security, May 29 2019)
how a winning security metrics strategy aligns with the business’ goals and objectives and lay out the framework to develop the metrics strategy.

Analysis Shows Poor GDPR Compliance in European Websites (SecurityWeek, May 30 2019)
Marking the one-year anniversary of GDPR coming into force (May 25, 2018), a web-scanning service has analyzed the visible GDPR compliance of the 100 most popular websites in each of the 28 European member states. The scan is non-intrusive. As a result, it cannot say that an organization is compliant (non-compliance can occur deep in the system), but it can say if an organization is not compliant simply by examining the parts that are visible over the internet.

Canada Uses Civil Anti-Spam Law in Bid to Fine Malware Purveyors (Krebs on Security, May 30 2019)
“Canadian government regulators are using the country’s powerful new anti-spam law to pursue hefty fines of up to a million dollars against Canadian citizens suspected of helping to spread malicious software.”

Fraudulent Academic Papers (Schneier on Security, May 30 2019)
“The trends fostering fake news are more general, though, and we need to start thinking about how it could affect different areas of our lives. In particular, I worry about how it will affect academia. In addition to fake news, I worry about fake research.”

Enterprise cybersecurity startup BlueVoyant raises $82.5M at a $430M+ valuation (TechCrunch, May 30 2019)
New York startup called BlueVoyant — which provides managed security, professional services and, most recently, threat intelligence — has picked up $82.5 million in a Series B round of funding at a valuation in excess of $430 million.

Foreign spies may be hiding in your VPN, warns DHS (Naked Security – Sophos, May 31 2019)
Many people do trust their VPN provider. A lot. Unfortunately, some of them shouldn’t, going by what a Department of Homeland Security (DHS) higher-up recently said.

A Review of the Best News of the Week on Cybersecurity Management & Strategy

Equifax just became the first company to have its outlook downgraded for a cyber attack (CNBC, May 22 2019)
A Moody’s spokesperson said the downgrade is significant because “it is the first time that cyber has been a named factor in an outlook change.” Equifax’s breach in 2017 will have a lasting effect on the company’s security spend and infrastructure costs, Moody’s said.

Huawei given 90-day reprieve from Entity List (SC Magazine, May 22 2019)
The U.S. Commerce Department has temporarily relieved Chinese manufacturer Huawei of its inclusion on the federal Entity List, allowing the company to continue to do operate with its business partners for 90 days.

Half of companies missed GDPR deadline, 70% admit systems won’t scale (Help Net Security, May 17 2019)
Even if given two years notice to achieve GDPR compliance, only half of companies self-reported as compliant by May 25, 2018, a DataGrail survey reveals.

---

Without data, your security strategy is just a guess.
The Mosaic Security Research Market Intelligence Platform provides the data you need for OWASP’s Cyber Defense Matrix. Learn a new way to conduct a strategy assessment.

---

Why some of the world’s top cybersecurity hackers are being paid millions to use their powers for good (CNBC, May 18 2019)
The freelance model makes sense, as hackers with the best skills are often in high demand or too dynamic to want to stay put at a corporate job, according to Synack CEO Jay Kaplan.

The US Ban on Huawei Is Causing a Global Mess (VICE, May 22 2019)
The highly interconnected nature of the global tech industry means the US ban has wide ripple effects.

Germany Talking about Banning End-to-End Encryption (Schneier on Security, May 24 2019)
Der Spiegel is reporting that the German Ministry for Internal Affairs is planning to require all Internet message services to provide plaintext messages on demand, basically outlawing strong end-to-end encryption. Anyone not complying will be blocked, although the article doesn’t say how. (Cory Doctorow has previously explained why this would be impossible.)

NSS Labs Admits Its Test of CrowdStrike Falcon Was ‘Inaccurate’ (Dark Reading, May 24 2019)
CrowdStrike, NSS Labs reach confidential settlement over 2017 endpoint product testing dispute.

NCIS Cyber: USAF investigating USN for planting email tracking malware (SC Magazine, May 23 2019)
In a convoluted plot even the most inventive TV writer would have a hard time conjuring the U.S. Air Force is investigating an alleged cyber intrusion by the U.S. Navy.

Baltimore’s slow recovery shows far-reaching consequences of ransomware (The Washington Post, May 22 2019)
Baltimore still isn’t able to provide basic city services two weeks after a powerful ransomware attack. And a full recovery may take months, Mayor Bernard C. “Jack” Young says.

Louisville Regional Airport Authority grounded by ransomware attack (SC Magazine, May 22 2019)
The Louisville Regional Airport Authority (LRAA) had its wings clipped on Monday by a ransomware attack on its systems, reports say.

Selecting Enterprise Email Security: Scaling to the Enterprise (Securosis Blog, May 20 2019)
this post will dig into selecting the security platform, integrating with other enterprise security controls, and finally some adjacent services which can improve the security of your email and so should be considered as part of broad protection.

AT&T Homepage Mistakenly Warns Users of a Non-Existent Data Breach (VICE, May 21 2019)
The boilerplate FAQ is an interesting peek behind the curtain at how companies prepare for data breaches, and at how they pre-plan their apologies.

Will the U.S. government draft cybersecurity professionals? (CSO Online, May 20 2019)
The National Commission on Military, National and Public Service, created by Congress, is currently evaluating the Selective Service System (SSS) with an eye toward modernizing the draft, including the possibility of conscripting cybersecurity professionals.

Budgeting for Cyber Attacks: Security spending to reach 133.7 billion by 2022 (Digital Information World, May 20 2019)
With the average expenditure on cybercrime growing dramatically, the cost of an attack can be disastrous for a company that has not properly considered the idea that cybersecurity be a major part of their regular budget.

How a Manufacturing Firm Recovered from a Devastating Ransomware Attack (Dark Reading, May 20 2019)
The infamous Ryuk ransomware slammed a small company that makes heavy-duty vehicle alternators for government and emergency fleet. Here’s what happened.

97% of Americans Can’t Ace a Basic Security Test (Dark Reading, May 20 2019)
According to a March study of more than 2,000 US adults conducted by the Harris Poll for Google, while 55% of Americans 16 years and above give themselves an A or a B in online security, 97% got at least one question wrong on a basic, six-question security test. The test asked people to identity whether links without https were OK or to identify links with bad characters.

Top cybersecurity companies are pooling their intel to stop cyberattacks (The Washington Post, May 23 2019)
The goal of the program, organized by the nonprofit Cyber Threat Alliance, is to get fixes to all the companies’ customers before the hackers know they’ve been spotted. It’s sort of like everyone in a neighborhood locking their doors at once.

How to write an effective data breach notification? (Help Net Security, May 23 2019)
Data breach notifications sent by companies to affected customers are often unclear and not very helpful, University of Michigan researchers have found.

One Year On, EU Has 145,000 Data Law Complaints (SecurityWeek, May 22 2019)
One year after the entry into force of landmark EU rules to better protect personal data, nearly 145,000 complaints have been registered, an initial assessment revealed on Wednesday.

Any advance on $1.2m for this virus-infested netbook? (Naked Security – Sophos, May 24 2019)
Can you ever call malware art? That question is now up for debate as a Chinese internet artist puts a laptop full of viruses up for auction.

A Review of the Best News of the Week on Cybersecurity Management & Strategy

A Cisco Router Bug Has Massive Global Implications (Wired, May 13 2019)
Researchers have discovered a way to break one of Cisco’s most critical security features, which puts countless networks at potential risk.

Feds charge Chinese national in 2015 breach of health insurer Anthem (Ars Technica, May 09 2019)
Federal prosecutors have indicted a Chinese national they say carried out sophisticated network intrusions on four US companies, including one on health insurer Anthem that stole personal information belonging to close to 80 million people.

Another Intel Chip Flaw (Schneier on Security, May 16 2019)
Remember the Spectre and Meltdown attacks from last year? They were a new class of attacks against complex CPUs, finding subliminal channels in optimization techniques that allow hackers to steal information. Since their discovery, researchers have found additional similar vulnerabilities. A whole bunch more have just been discovered.

---

Without data, your security strategy is just a guess.
The Mosaic Security Research Market Intelligence Platform provides the data you need for OWASP’s Cyber Defense Matrix. Learn a new way to conduct a strategy assessment.

---

Nasdaq Lawsuit Over Cybersecurity ETF Fees Goes to Trial (WSJ, May 13 2019)
Nasdaq’s lawsuit accusing a New Jersey company of stealing more than $1 billion in exchange-traded funds is set to come to trial Monday in New York.

Social Engineering Slams the C-Suite: Verizon DBIR (Dark Reading, May 08 2019)
Criminals are also going after cloud-based email accounts, according to Verizon’s ‘2019 Data Breach Investigations Report.’

Micro-Segmentation: A Solid Security Requirement in a Turbulent Environment (Infosecurity Magazine, May 10 2019)
While the demand for micro-segmentation is solid and clear, the compute environment of the enterprise is constantly changing and still going to change: moving from traditional virtualization (circa 2005) to SDN (the 2010’s) to public clouds, multi-clouds, micro services and back to a managed version of everything running inside each company’s own data center, managed by cloud providers. So how do you implement micro-segmentation in such a world?

Trump makes boldest strike yet to bar Chinese tech from U.S. (The Washington Post, May 16 2019)
The Trump administration took its most aggressive action to date Wednesday to bar Chinese companies from access to Americans’ sensitive data and digital systems.

Anti-virus vendors named in Fxmsp’s alleged source code breach respond (SC Magazine, May 14 2019)
McAfee, Symantec and Trend Micro are reportedly the anti-virus companies whose source code the cybercriminal group Fxmsp claims to have stolen. Comments issued by the vendors minimized the threat, although Trend Micro did confirm that a breach had occurred.

Baltimore Ransomware Attack Takes Strange Twist (Dark Reading, May 14 2019)
Tweet suggests possible screenshot of stolen city documents and credentials in the wake of attack that took down city servers last week.

Two Ransomware Recovery Firms Typically Pay Hackers (Dark Reading, May 15 2019)
Companies promising the safe return of data sans ransom payment secretly pass Bitcoin to attackers and charge clients added fees.

Equifax Says Cybersecurity Breach Has Cost $1.4 Billion (WABE, May 11 2019)
Equifax Says Cybersecurity Breach Has Cost $1.4 Billion  WABE 90.1 FMEquifax, the Atlanta credit bureau, revealed in its earnings release Friday that dealing with its 2017 cybersecurity incident has cost about $1.4 billion plus legal …

How Open Testing Standards Can Improve Security (Dark Reading, May 13 2019)
When creating security metrics, it’s critical that test methodologies cover multiple scenarios to ensure that devices perform as expected in all environments.

What CISOs should focus on when deciding on a strategy (Help Net Security, May 13 2019)
Most of these a CISO wants to witness trending down:
-The incidents/time
– The cost/incident
– The time to incident detection
– The time to incident close
– The number and severity of compliance audit findings (if there are no legal compliance requirements, audits can be made with a framework such as the NIST Cybersecurity Framework or CIS Critical Controls in mind)
– The number of risk management and compliance audit corrective actions.

3 months, 1900 reported breaches, 1.9 billion records exposed (Help Net Security, May 09 2019)
There were 1,903 publicly disclosed data compromise events in the first three months of the year, exposing over 1.9 billion records, according to Risk Based Security.

Symantec CEO Quits Unexpectedly, Stock Sinks After Missing Estimates (SecurityWeek, May 10 2019)
Symantec on Thursday announced that it appointed board member Richard Hill as interim chief executive officer and president after Greg Clark stepped down.

Selecting Enterprise Email Security: Detection Matters (Securosis Blog, May 09 2019)
As you are considering upgrading technologies to address these email threats, let’s focus on detection – the cornerstone of any email security strategy. To improve detection we need to address issues on multiple fronts.

GAO Makes Recommendations to Improve Security of Taxpayer Data (SecurityWeek, May 13 2019)
What it does not do, and currently believes it cannot do, is protect the information that is held by third-party tax preparers before it reaches the IRS. During 2018, 80.3 million tax returns were prepared and filed electronically in this manner, with a further 55.2 million prepared via tax preparation software.

Trump officials and lawmakers say China is the problem not Huawei (The Washington Post, May 15 2019)
If Huawei gains a foothold in U.S. allies’ 5G networks, the Chinese government could force the company to send software updates to spy on Western companies or sabotage critical infrastructure, Chris Krebs, director of the Homeland Security Department’s Cybersecurity and Infrastructure Security Agency, warned lawmakers during a Senate Judiciary Committee hearing Tuesday.

Crowdstrike files to go public — lost $140 million on $250 million in revenue last year (CNBC, May 14 2019)
In the year that ended on Jan. 31, Crowdstrike had a net loss of $140 million, while revenue more than doubled to $249.8 million, according to the company’s prospectus. A majority of the company’s sales comes through subscriptions sold to over 2,500 companies.

Migrating from Your SIEM to a New One (Gartner Blog Network, May 13 2019)
“Many years ago, in 2011, I wrote this blog post on SIEM migration, called “How to Replace a SIEM?” I was a consultant at that time and I helped some organizations to get rid of their dying SIEM products and to deploy new ones. Of course, in 2011 we had dying MARS (yup, that’s the one that can “mitigate” by messing up your router configs) and now we have … ahem … other products in focus …”