May 2, 2018
While cloud providers offer many security measures, organizations are ultimately responsible for securing their own data, their own applications, and their own services in the cloud. We discuss how companies are adapting to new cloud security challenges and the important considerations they need to make before choosing a cloud monitoring solution.
Devesh Panchwagh, deltarisk.com, April 26, 2018
Yesterday, Delta Risk’s Andrew Cook and Infocyte Founder and Chief Product Officer Chris Gerritz presented a webinar on “Threat Hunting Versus Compromise Assessments: What’s the Difference?” In advance of the webinar, Dev Panchwagh spoke with the presenters to gain more insights into this subject, including common misconceptions and the impact of moving to the cloud.
Barry Scott, itportal.com, April 30, 2018
IT professionals can help business decision makers to understand the dimension of the cybersecurity challenge, and how to formulate appropriate solutions, by asking six straightforward questions. The major data breaches of the past year have hit businesses hard. Equifax saw its share price drop by 13 per cent within a day of revealing its breach, and estimates it will end up spending $275 million in clean-up costs this year. Yahoo suffered a $350 million drop in its sale price to Verizon after reporting that data breaches had affected one billion accounts – a number which was later revised to all three billion.
DOD Releases New Guidance Giving Teeth to Cybersecurity Rules to Protect Data Within the Supply Chain
Gaurav Paul, csoonline.com, April 30, 2018
The US Department of Defense issued new guidance on how it might penalize business partners that do not adequately adhere to new security rules codified in NIST SP 800-171. NIST has prescribed a set of 110 security requirements that are derived from a larger standard called NIST SP 800-53 that governs cybersecurity standards for government systems. December 31, 2017 was the designated deadline for implementing the controls as part of DFARS 252.204-7012 to protect confidential unclassified information (CUI).
Derek B. Johnson, fcw.com, May 1, 2018
Nearly every federal employee, even those whose IT experience begins and ends at using a computer for work, is capable of contributing to the protection of U.S. government networks. While CIOs and CISOs bring the expertise and experience needed to manage large IT enterprises, chief financial officers bring money and vision. Their control over an agency’s budget requests and strategic planning process makes them gatekeepers whose support can often mean the difference between getting the necessary funding for critical cybersecurity priorities and simply making do.
Jaclyn Jaeger, complianceweek.com, May 1, 2018
The National Institute of Standards and Technology recently published the first-ever update to its widely adopted Cybersecurity Framework, implementing significant revisions that all sectors can benefit from as they look to improve their cyber-security efforts. NIST first published its voluntary Cybersecurity Framework in February 2014 in response to an executive order issued by the Obama Administration. At the time, the focus of the framework was on 16 critical infrastructure sectors—such as financial services, energy, transportation, communications, and defense.
Rob Wright, zdnet.com, April 30, 2018
Phishing threats continue to evolve and stay one step ahead of enterprise defenses, according to new research from Proofpoint. Proofpoint’s report, titled “The Human Factor 2018,” revealed several trends and techniques for social engineering attacks, including phishing threats, observed in 2017 based on data from more than 1 billion email messages a day. The email security vendor’s report revealed shifts in targeted attacks and techniques used by a variety of threat actors last year.
Jonathan Greig, techrepublic.com, May 1, 2018
Stress permeates every aspect of our daily lives and is now making its way into our digital lives as well. In a survey, Kaspersky Lab found that 81% of Americans and 72% of Canadians suffer from “cyber stress” related to the fear of being hacked or having their personal information stolen. The survey, commissioned by Kaspersky Lab and conducted by research firm Opinion Matters, drew from 2,515 internet users across the United States and Canada, finding that people were overwhelmingly untrustworthy of activity on the internet and stressed over the best ways to protect their digital profiles. However, that also means that users are thinking even more about security.
Andrew Lohn, techcrunch.com, April 18, 2018
The security community is still reeling from the discoveries of the Meltdown and Spectre computer vulnerabilities, and now it seems that a rash of new hardware vulnerabilities called MasterKey, RyzenFall, Fallout and Chimera have been found in the past few months, too. Unlike most previous threats, all these vulnerabilities attack a computer’s hardware, rather than its software. This second release of attacks may be early indications that Meltdown and Spectre have opened a new front in the war between hackers and defenders in the realm of computer chips.
Kevin Zimmerman, westfaironline.com, May 2, 2018
A new report from a Stamford group has found that corporate board members are growing increasingly concerned about cybersecurity – specifically how they feel poorly equipped to deal with the ever-increasing pace of technology and business disruption.