INFOSECURITY NEWSLETTER

February 21, 2018

[Webinar] Data Breach Survival Tactics: Building Actionable Incident Response Plans

In today’s threat landscape, it isn’t a question of if you’ll experience an incident, but when. When a security incident strikes, you’ll need a well-prepared staff and with a battle-tested plan. A mature incident response plan keeps everyone on the same page. View our incident response webinar to learn how you can quickly contain the impact of a breach, resolve an incident, and get back to business as quickly as possible.

Incident Response Strategy: Determining Where to Invest

Andrew Cook, deltarisk.com, February 15, 2018

It can be hard to plan for a security incident if you’ve never experienced one first hand. Incidents involve unauthorized access, denial of service, presence of malicious logic, and improper usage. As an incident responder, I’ve seen plenty of these situations play out. I was fortunate to share some of my experiences and lessons with the top-notch professionals attending the LegalCIO conference in New York, where we hosted a round table covering “Is Your Organization Prepared for a Cyber Attack? Key Takeaways from Real-Life Incidents.”

Blockchain and Its Impact on the Future of Cyber Security

Nicole Lindsey, cpomagazine.com, February 14, 2018

It’s hard to escape the notion that security in today’s digital world is fundamentally broken. The stronger the defenses that are erected around the digital assets of corporations, the more prevalent are the attacks from hackers. The smarter that employees get about protecting passwords and devices, the more ingenious that the attacks become. That reality has led many Internet security researchers to the conclusion that the blockchain could represent the future of cyber security.

A Former TSA and NSA Executive Reveals How to Break Into the Cybersecurity Field

Alison DeNisco Rayome, techrepublic.com, February 14, 2018

When Emma Garrison-Alexander was a senior executive at the National Security Agency (NSA), she had an assistant who was an older white man. “When people came in, they almost always assumed that he was the boss,” she said. “He would have to turn to them and say, here is Ms. Garrison-Alexander.” “There were assumptions that I was a secretary,” Garrison-Alexander said. “But I don’t really want to call those obstacles—those were just things that happened in an environment where people were just not accustomed to women being in certain positions.”

NIST Releases Cybersecurity Report on the Internet of Things

Homeland Security Today Team, hstoday.us, February 14, 2018

NIST’s Interagency International Cybersecurity Standardization Working Group has released its interagency report on cybersecurity standards for the Internet of Things, and it is inviting draft comments from agencies. The report covers the standards landscape for cybersecurity for the Internet of Things and it maps standards to 11 core areas. The Interagency International Cybersecurity Standardization Working Group was established in 2015 to coordinate on major issues in international cybersecurity standardization and enhance U.S. federal agency participation in applying the standards.

Multi-Stage Word Attack Infects Users Without Using Macros

Catalin Cimpanu, bleepingcomputer.com, February 15, 2018

Spam distributors are using a new technique to infect users with malware, and while this attack relies on having users open Word documents, it does not involve users having to allow the execution of macro scripts. This new macro-less technique is currently under active exploitation, being detected by Trustwave SpiderLabs researchers in an ongoing malware campaign. The company says crooks are using this multi-phase, no-macros technique to infect users with a password stealer. Currently, evidence suggests only one group is using this novel trick, albeit this will surely be adopted by others.

Why the Cyber Threat Landscape Could Grow Under GDPR

Nick Ismail, information-age.com, February 15, 2018

The biggest change to data protection laws since the 1990s, GDPR requires businesses to put “appropriate measures” in place to protect the Personally Identifiable Information (PII) it holds, whether that’s customers, prospects, employees or suppliers. All businesses will hold some form of PII, even if it’s just employee data, and therefore must comply with GDPR. 2017 saw cyber threats like ransomware finally covered in the mainstream media thanks to the global WannaCry, Petya and Bad Rabbit outbreaks. The beloved NHS was hit in an attack that was initially perceived as a targeted strike on the National Health Service.

What Cybersecurity Surprises Does 2018 Hold?

Darren Guccione, csoonline.com, February 14, 2018

Bitcoin, the General Data Protection Regulation in Europe and the Internet of Things (IoT) are just three recent developments that will present security professionals with new challenges in 2018. That’s in addition to the usual raft of malware, DDoS attacks and database thefts that have dominated the headlines for some time. To get a handle on what to expect, we asked two Keeper Security experts – Director of Security and Architecture Patrick Tiquet and Chief Technology Officer Craig Lurey – to peer into their crystal balls to find what 2018 holds. Here’s what they saw.

Protecting The Power-Grid From Cyber-Attacks Requires A Change Of Mindset

Greg Sim, informationsecuritybuzz.com, February 21, 2018

In an attempt to boost the cyber-protection of the UK’s most critical industries, the government is pushing firms to turn to the best standard of cyber defence available. But will these fines be enough to encourage the C-Suite to take action? In recent years, there have been sudden shutdowns of transport systems and power grids that we are familiar with from Hollywood blockbusters but nowadays these have become real-world possibilities as hackers continue to breach critical systems.

Cybersecurity Advice for Higher Education

Chris Bunn, securityboulevard.com, February 21, 2018

Information security continues to challenge both large and small institutions alike. According to EDUCAUSE, a nonprofit association of IT leaders in higher education, information security remains the #1 issue in 2018 for the third year in a row. Perhaps this is not a surprise when you learn the education sector has the highest rate of ransomware of all industries and the compliance environment is becoming more complex by the day.