INFOSECURITY NEWSLETTER

February 28, 2018

[Webinar] Data Breach Survival Tactics: Building Actionable Incident Response Plans

In today’s threat landscape, it isn’t a question of if you’ll experience an incident, but when. When a security incident strikes, you’ll need a well-prepared staff and with a battle-tested plan. A mature incident response plan keeps everyone on the same page. View our incident response webinar to learn how you can quickly contain the impact of a breach, resolve an incident, and get back to business as quickly as possible.

Watch it On Demand

Webinar Q&A: Delta Risk Experts Share Tips for Improving Incident Response Plans

Devesh Panchwagh, deltarisk.com, February 22, 2018

Last week, Delta Risk hosted a webinar on the topic of “Data Breach Survival Tactics: Building Incident Response Actionable Response Plans.” Delta Risk Solutions Expert, Stephanie Ewing, and Managing Consultant, Ryan Clancy, were the presenters for this live broadcast (view the on-demand version). In response to the poll questions, “Do you have an incident response plan,” and “How often do you test your plan,” more than half the audience (56 percent) confirmed that they do indeed have an incident response plan, and 43 percent of those people test their plan annually. Conversely, 14 percent of poll responders revealed that they don’t test their plan.

Read More


Which Phishing Messages Have a Near 100% Click Rate?

Zeljka Zorz, helpnetsecurity.com, February 23, 2018

Training employees to spot phishing emails, messages and phone calls can’t be done just once or once a year if the organization wants to see click rates decrease. For one thing, employees come and go (and change roles) with regularity. Secondly, threats change over time. Thirdly, knowledge and practices that aren’t regularly reinforced will be lost. And, finally, awareness isn’t the same as knowledge.

Read More

C-Suite Divided Over Security Concerns

Steve Zurier, darkreading.com, February 21, 2018

More than 60% of CEOs believe malware is the biggest threat to their organization, but just one-third of CISOs, CIOs, and CTOs agree. It’s just one data point in a new study by identity management company Centrify that shows a major disconnect on this and many other security issues between CEOs and their technical officers (TOs), which include CIOs, CTOs and CISOs. CEOs and TOs also diverged on whether they knew if their organization had experienced a breach.

Read More


To Prevent Data Breaches, AWS Offers S3 Bucket Permissions Check to All Users

Zeljka Zorz, helpnetsecurity.com, February 21, 2018

Amazon Web Services (AWS) has announced that all customers can now freely check whether their S3 buckets are leaking stored data. “Previously available only to Business and Enterprise support customers, [the S3 bucket permissions check] identifies S3 buckets that are publicly accessible due to ACLs or policies that allow read/write access for any user,” the cloud computing giant noted.

Read More

The SEC Says Companies Must Disclose More Information About Cybersecurity Risks

Catherine Shu, techcrunch.com, February 21, 2018

The U.S. Securities and Exchange Commission issued new guidance calling on public companies to be more forthcoming when disclosing cybersecurity risks, even before a breach or attack happens. The statement, which expands on previous guidance issued in 2011, also warns that corporate insiders must not trade shares when they have information about cybersecurity issues that isn’t public yet. While the commission’s five members voted unanimously to approve the guidance, both of its Democratic commissioners said it needs to take more action (the SEC as a group is non-partisan, with no more than three out of its five commissioners allowed to belong to the same party).

Read More

Why Data Science Is Becoming So Important in Cybersecurity

Inside Big Data Editorial Team, insidebigdata.com, February 26, 2018

Ultimately data science is enabling the cyber-security sector to move from assumption to facts. For the last decade the cybersecurity sector has been driven by FUD concerns – fear, uncertainty and doubt. Spend on cybersecurity was justified by the rationale that ‘if we don’t have XYZ widget then you only have yourselves to blame when bad stuff happens.” And the bad stuff is only increasing.

Read More

Global Security Leaders: Cybersecurity Has Become a National Priority

Matt McLaughlin, biztechmagazine.com, February 26, 2018

In decades past, chief executives in many organizations considered cybersecurity a secondary issue. As billions in costs piled up in recent years, along with blaring news headlines of massive data breaches and the ouster of top executives from global brands, security took on a new level of importance, becoming a top priority for many organizations. But even that may not be enough.

Read More


Study Shows Increasing Use of AI for Cybersecurity

Enterprise Innovation Editors, enterpriseinnovation.net, February 26, 2018

Malware sophistication is increasing as adversaries begin to weaponize cloud services and evade detection through encryption, used as a tool to conceal command-and-control activity. To reduce adversaries’ time to operate, security professionals said they will increasingly leverage and spend more on tools that use AI and machine learning, according to the 11th Cisco 2018 Annual Cybersecurity Report (ACR). Findings from the Report show 39% of organizations are reliant on automation, 34% are reliant on machine learning, and 32% are highly reliant on AI in their battle against threats and potential threats.

Read More

3,000 Databases With 200 Million Unique Accounts Found on Dark Web

Waqas Amir, hackread.com, February 23, 2018

Dark Web is a strange place where one can conduct all sorts of illegal activities including selling illegal drugs, weapons, social security numbers, documents and stolen data. Recently, the social engineering experts at breach notification website Hacked-DB discovered a massive trove of data containing login credentials of millions of users on the dark web.

Read More

Sign Up for Our Newsletter

financial newsletterhealthcare newsletter
Infosecurity Newsletter Archive

June 2018: 6th

May 2018: 2nd, 9th, 30th

April 2018: 4th, 11th, 18th, 25th

March 2018: 7th, 14th, 21st, 28st

February 2018: 7th, 14th, 21st, 28th

January 2018: 3rd, 10th, 17th, 24th, 31st

December 2017: 6th, 13th, 20th

November 2017: 1st, 15th, 29th

October 2017: 4th, 11th, 18th, 25th

September 2017: 6th, 13th, 20th, 27th

August 2017: 2nd, 9th, 16th, 23rd, 30th

July 2017: 5th, 12th, 19th, 26th

June 2017: 7th, 14th, 21st, 28th

May 2017: 3rd, 10th, 17th, 24th, 31st

April 2017: 5th, 12th, 19th, 26th

March 2017: 1st, 8th, 15th, 22nd, 29th

February 2017: 1st, 8th, 13th, 22nd

January 2017: 4th, 11th, 18th, 24th

December 2016: 7th, 14th, 21st, 28th


top cyber incident pain points