INFOSECURITY NEWSLETTER

April 18, 2018

[White Paper] Understanding The Challenges of Cloud Monitoring and Security

While cloud providers offer many security measures, organizations are ultimately responsible for securing their own data, their own applications, and their own services in the cloud. We discuss how companies are adapting to new cloud security challenges and the important considerations they need to make before choosing a cloud monitoring solution.

Download My Copy

Incident Response in the Cloud: 4 Ways to Improve Your Investigation and Containment Capabilities

Macie Thompson, deltarisk.com, April 12, 2018

Dealing with the aftermath of an incident in a cloud environment can be a daunting scenario given the challenges that cloud infrastructure security presents. Depending on how many systems and applications you host in various cloud environments (including through your third-party connections), a single incident can have far-reaching consequences. Moreover, without physical access to your systems, lack of control can be a concern when investigating and containing an incident in the cloud. However, if anything, incident response (IR) teams can maintain control and gain unique benefits through the cloud.

Read More


The Cybersecurity Skills Gap Caused 40% of IT Pros to Stall Their Cloud Migrations

Alison DeNisco Rayome, techrepublic.com, April 15, 2018

Though virtually all organizations are moving some assets to the cloud, a lack of cybersecurity talent is slowing migration for 40% of IT professionals, according to a Monday report from McAfee. Of the 1,400 IT professionals surveyed worldwide, 97% said their organization is using some type of cloud service—up from 93% last year. However, those with a cloud-first strategy dropped from 82% in 2017 to 65% in 2018, the report found.

Read More

Cybersecurity Drills More Important Than Ever for Data Centers

Maria Korolov, datacenterknowledge.com, April 12, 2018

In the middle of a disaster is the worst possible time to discover that the backups won’t load, the cloud service provider can’t be reached, the firewall has a leak, and the one guy with all the key passwords is at a no-phones-allowed yoga retreat. According to A.N. Ananth, CEO of cybersecurity firm EventTracker, there are about 1.4 million fires a year in the US — but the number of cyber incidents is 30 times higher.

Read More


2.6 billion Records Were Stolen, Lost or Exposed Worldwide in 2017

Help Net Security, helpnetsecurity.com, April 12, 2018

Gemalto released the latest findings of the Breach Level Index, revealing that 2.6 billion records were stolen, lost or exposed worldwide in 2017, an 88% increase from 2016. While data breach incidents decreased by 11%, 2017 was the first year publicly disclosed breaches surpassed more than two billion compromised data records since the Breach Level Index began tracking data breaches in 2013.

Read More

A Year After WannaCry, Victims Haven’t Improved Cybersecurity Policies

Alison DeNisco Rayome, techrepublic.com, April 18, 2018

Almost a year after the WannaCry ransomware attack took out banks, public transit systems, hospitals, and universities worldwide, several of the UK organizations hit have not adequately implemented cybersecurity practices that can prevent future threats, according to a Tuesday report from the UK’s Committee of Public Accounts. WannaCry hit the UK’s National Health Service (NHS) particularly hard, affecting more than one third of NHS branches and leading the the cancellation of 20,000 hospital appointments and operations, as well as patients getting diverted from emergency rooms unable to treat them.

Read More

6 Steps for a Solid Patch Management Process

Mary K. Pratt, csoonline.com, April 11, 2018

The criticality of software patches is one again in the spotlight, as cybersecurity officials worldwide are contending with Spectre and Meltdown – a collection of security flaws affecting most computer chips made in the past 20 years. That’s because available software patches can address the flaws, although the tradeoff could be chip performance. Today’s situation echoes last year’s stories around the WannaCry and Petya ransomware, both of which exploited software that hadn’t been updated with available patches that came with their own potentials for complications.

Read More

RSA 2018: Looking to the Future of Cybersecurity

Zack Quintance, govtech.com, April 17, 2018

At two separate panels during the 2018 RSA Conference April 17, law and cybersecurity experts seemed to reach a consensus: Everyone everywhere is lagging behind when it comes to defending against cyberthreats. Everyone. This everyone, obviously, includes state and local government agencies. The evolving nature of technology, and the ways bad actors use it to commit crime, simply outstrips any way we have to defend against it. There are, however, places where one can glimpse the future of preventive techniques.

Read More


Passwordless Enterprise Authentication on Windows 10 and Azure AD

Help Net Security Staff, helpnetsecurity.com, April 17, 2018

Yubico announced that the new Security Key by Yubico supporting FIDO2 will be supported in Windows 10 devices and Microsoft Azure Active Directory (Azure AD). The feature is currently in limited preview for Microsoft Technology Adoption Program (TAP) customers. This means that organizations will soon have the option to enable employees and customers to sign in to an Azure AD joined device with no password, simply by using the Security Key by Yubico to get single sign-on to all Azure AD based applications and services.

Read More

GDPR May Hinder Cybersecurity, Say Experts

Sam Clark, thestack.com, April 18, 2018

GDPR, which will be enforced in just over a month’s time, may seriously hinder cybersecurity capabilities, according to some cybersecurity experts. Well-known cybersecurity investigative journalist Brian Krebs has predicted a rise in ‘spam, phishing and just about every form of cybercrime’ due to GDPR’s impact on the WHOIS tool, which he described as the ‘single most useful tool’ for security researchers and experts. Currently, the personal details, including name, contact details and address, of a person who registers for a domain name, are published online through the WHOIS service.

Read More

Sign Up for Our Newsletter

financial newsletterhealthcare newsletter
Infosecurity Newsletter Archive

June 2018: 6th

May 2018: 2nd, 9th, 30th

April 2018: 4th, 11th, 18th, 25th

March 2018: 7th, 14th, 21st, 28st

February 2018: 7th, 14th, 21st, 28th

January 2018: 3rd, 10th, 17th, 24th, 31st

December 2017: 6th, 13th, 20th

November 2017: 1st, 15th, 29th

October 2017: 4th, 11th, 18th, 25th

September 2017: 6th, 13th, 20th, 27th

August 2017: 2nd, 9th, 16th, 23rd, 30th

July 2017: 5th, 12th, 19th, 26th

June 2017: 7th, 14th, 21st, 28th

May 2017: 3rd, 10th, 17th, 24th, 31st

April 2017: 5th, 12th, 19th, 26th

March 2017: 1st, 8th, 15th, 22nd, 29th

February 2017: 1st, 8th, 13th, 22nd

January 2017: 4th, 11th, 18th, 24th

December 2016: 7th, 14th, 21st, 28th


top cyber incident pain points