April 18, 2018
While cloud providers offer many security measures, organizations are ultimately responsible for securing their own data, their own applications, and their own services in the cloud. We discuss how companies are adapting to new cloud security challenges and the important considerations they need to make before choosing a cloud monitoring solution.
Macie Thompson, deltarisk.com, April 12, 2018
Dealing with the aftermath of an incident in a cloud environment can be a daunting scenario given the challenges that cloud infrastructure security presents. Depending on how many systems and applications you host in various cloud environments (including through your third-party connections), a single incident can have far-reaching consequences. Moreover, without physical access to your systems, lack of control can be a concern when investigating and containing an incident in the cloud. However, if anything, incident response (IR) teams can maintain control and gain unique benefits through the cloud.
Alison DeNisco Rayome, techrepublic.com, April 15, 2018
Though virtually all organizations are moving some assets to the cloud, a lack of cybersecurity talent is slowing migration for 40% of IT professionals, according to a Monday report from McAfee. Of the 1,400 IT professionals surveyed worldwide, 97% said their organization is using some type of cloud service—up from 93% last year. However, those with a cloud-first strategy dropped from 82% in 2017 to 65% in 2018, the report found.
Maria Korolov, datacenterknowledge.com, April 12, 2018
In the middle of a disaster is the worst possible time to discover that the backups won’t load, the cloud service provider can’t be reached, the firewall has a leak, and the one guy with all the key passwords is at a no-phones-allowed yoga retreat. According to A.N. Ananth, CEO of cybersecurity firm EventTracker, there are about 1.4 million fires a year in the US — but the number of cyber incidents is 30 times higher.
Help Net Security, helpnetsecurity.com, April 12, 2018
Gemalto released the latest findings of the Breach Level Index, revealing that 2.6 billion records were stolen, lost or exposed worldwide in 2017, an 88% increase from 2016. While data breach incidents decreased by 11%, 2017 was the first year publicly disclosed breaches surpassed more than two billion compromised data records since the Breach Level Index began tracking data breaches in 2013.
Alison DeNisco Rayome, techrepublic.com, April 18, 2018
Almost a year after the WannaCry ransomware attack took out banks, public transit systems, hospitals, and universities worldwide, several of the UK organizations hit have not adequately implemented cybersecurity practices that can prevent future threats, according to a Tuesday report from the UK’s Committee of Public Accounts. WannaCry hit the UK’s National Health Service (NHS) particularly hard, affecting more than one third of NHS branches and leading the the cancellation of 20,000 hospital appointments and operations, as well as patients getting diverted from emergency rooms unable to treat them.
Mary K. Pratt, csoonline.com, April 11, 2018
The criticality of software patches is one again in the spotlight, as cybersecurity officials worldwide are contending with Spectre and Meltdown – a collection of security flaws affecting most computer chips made in the past 20 years. That’s because available software patches can address the flaws, although the tradeoff could be chip performance. Today’s situation echoes last year’s stories around the WannaCry and Petya ransomware, both of which exploited software that hadn’t been updated with available patches that came with their own potentials for complications.
Zack Quintance, govtech.com, April 17, 2018
At two separate panels during the 2018 RSA Conference April 17, law and cybersecurity experts seemed to reach a consensus: Everyone everywhere is lagging behind when it comes to defending against cyberthreats. Everyone. This everyone, obviously, includes state and local government agencies. The evolving nature of technology, and the ways bad actors use it to commit crime, simply outstrips any way we have to defend against it. There are, however, places where one can glimpse the future of preventive techniques.
Help Net Security Staff, helpnetsecurity.com, April 17, 2018
Yubico announced that the new Security Key by Yubico supporting FIDO2 will be supported in Windows 10 devices and Microsoft Azure Active Directory (Azure AD). The feature is currently in limited preview for Microsoft Technology Adoption Program (TAP) customers. This means that organizations will soon have the option to enable employees and customers to sign in to an Azure AD joined device with no password, simply by using the Security Key by Yubico to get single sign-on to all Azure AD based applications and services.
Sam Clark, thestack.com, April 18, 2018
GDPR, which will be enforced in just over a month’s time, may seriously hinder cybersecurity capabilities, according to some cybersecurity experts. Well-known cybersecurity investigative journalist Brian Krebs has predicted a rise in ‘spam, phishing and just about every form of cybercrime’ due to GDPR’s impact on the WHOIS tool, which he described as the ‘single most useful tool’ for security researchers and experts. Currently, the personal details, including name, contact details and address, of a person who registers for a domain name, are published online through the WHOIS service.