INFOSECURITY NEWSLETTER

May 2, 2018

[White Paper] Understanding The Challenges of Cloud Monitoring and Security

While cloud providers offer many security measures, organizations are ultimately responsible for securing their own data, their own applications, and their own services in the cloud. We discuss how companies are adapting to new cloud security challenges and the important considerations they need to make before choosing a cloud monitoring solution.

Download My Copy

Q&A Part II: Common Misconceptions About Threat Hunting and the Impact of Moving to the Cloud

Devesh Panchwagh, deltarisk.com, April 26, 2018

Yesterday, Delta Risk’s Andrew Cook and Infocyte Founder and Chief Product Officer Chris Gerritz presented a webinar on “Threat Hunting Versus Compromise Assessments: What’s the Difference?” In advance of the webinar, Dev Panchwagh spoke with the presenters to gain more insights into this subject, including common misconceptions and the impact of moving to the cloud.

Read More


Six Cybersecurity Questions to Ask the C-Suite Now

Barry Scott, itportal.com, April 30, 2018

IT professionals can help business decision makers to understand the dimension of the cybersecurity challenge, and how to formulate appropriate solutions, by asking six straightforward questions. The major data breaches of the past year have hit businesses hard. Equifax saw its share price drop by 13 per cent within a day of revealing its breach, and estimates it will end up spending $275 million in clean-up costs this year. Yahoo suffered a $350 million drop in its sale price to Verizon after reporting that data breaches had affected one billion accounts – a number which was later revised to all three billion.

Read More

DOD Releases New Guidance Giving Teeth to Cybersecurity Rules to Protect Data Within the Supply Chain

Gaurav Paul, csoonline.com, April 30, 2018

The US Department of Defense issued new guidance on how it might penalize business partners that do not adequately adhere to new security rules codified in NIST SP 800-171. NIST has prescribed a set of 110 security requirements that are derived from a larger standard called NIST SP 800-53 that governs cybersecurity standards for government systems. December 31, 2017 was the designated deadline for implementing the controls as part of DFARS 252.204-7012 to protect confidential unclassified information (CUI).

Read More


For Better Cybersecurity, Be Nice to Your CFO

Derek B. Johnson, fcw.com, May 1, 2018

Nearly every federal employee, even those whose IT experience begins and ends at using a computer for work, is capable of contributing to the protection of U.S. government networks. While CIOs and CISOs bring the expertise and experience needed to manage large IT enterprises, chief financial officers bring money and vision. Their control over an agency’s budget requests and strategic planning process makes them gatekeepers whose support can often mean the difference between getting the necessary funding for critical cybersecurity priorities and simply making do.

Read More

Interpreting the New NIST Cybersecurity Framework

Jaclyn Jaeger, complianceweek.com, May 1, 2018

The National Institute of Standards and Technology recently published the first-ever update to its widely adopted Cybersecurity Framework, implementing significant revisions that all sectors can benefit from as they look to improve their cyber-security efforts. NIST first published its voluntary Cybersecurity Framework in February 2014 in response to an executive order issued by the Obama Administration. At the time, the focus of the framework was on 16 critical infrastructure sectors—such as financial services, energy, transportation, communications, and defense.

Read More

Phishing Threats Still Dwarf Vulnerabilities, Zero-Days

Rob Wright, zdnet.com, April 30, 2018

Phishing threats continue to evolve and stay one step ahead of enterprise defenses, according to new research from Proofpoint. Proofpoint’s report, titled “The Human Factor 2018,” revealed several trends and techniques for social engineering attacks, including phishing threats, observed in 2017 based on data from more than 1 billion email messages a day. The email security vendor’s report revealed shifts in targeted attacks and techniques used by a variety of threat actors last year.

Read More

Why Improved Cybersecurity Education can Help Reduce Employee ‘Cyber Stress’

Jonathan Greig, techrepublic.com, May 1, 2018

Stress permeates every aspect of our daily lives and is now making its way into our digital lives as well. In a survey, Kaspersky Lab found that 81% of Americans and 72% of Canadians suffer from “cyber stress” related to the fear of being hacked or having their personal information stolen. The survey, commissioned by Kaspersky Lab and conducted by research firm Opinion Matters, drew from 2,515 internet users across the United States and Canada, finding that people were overwhelmingly untrustworthy of activity on the internet and stressed over the best ways to protect their digital profiles. However, that also means that users are thinking even more about security.

Read More


What do Meltdown, Spectre and RyanFall Mean for the Future of Cybersecurity?

Andrew Lohn, techcrunch.com, April 18, 2018

The security community is still reeling from the discoveries of the Meltdown and Spectre computer vulnerabilities, and now it seems that a rash of new hardware vulnerabilities called MasterKey, RyzenFall, Fallout and Chimera have been found in the past few months, too. Unlike most previous threats, all these vulnerabilities attack a computer’s hardware, rather than its software. This second release of attacks may be early indications that Meltdown and Spectre have opened a new front in the war between hackers and defenders in the realm of computer chips.

Read More

Cybersecurity Leading Corporate Board Directors’ Concerns, Stamford Firm Finds

Kevin Zimmerman, westfaironline.com, May 2, 2018

A new report from a Stamford group has found that corporate board members are growing increasingly concerned about cybersecurity – specifically how they feel poorly equipped to deal with the ever-increasing pace of technology and business disruption.

Read More

Sign Up for Our Newsletter

financial newsletterhealthcare newsletter
Infosecurity Newsletter Archive

June 2018: 6th

May 2018: 2nd, 9th, 30th

April 2018: 4th, 11th, 18th, 25th

March 2018: 7th, 14th, 21st, 28st

February 2018: 7th, 14th, 21st, 28th

January 2018: 3rd, 10th, 17th, 24th, 31st

December 2017: 6th, 13th, 20th

November 2017: 1st, 15th, 29th

October 2017: 4th, 11th, 18th, 25th

September 2017: 6th, 13th, 20th, 27th

August 2017: 2nd, 9th, 16th, 23rd, 30th

July 2017: 5th, 12th, 19th, 26th

June 2017: 7th, 14th, 21st, 28th

May 2017: 3rd, 10th, 17th, 24th, 31st

April 2017: 5th, 12th, 19th, 26th

March 2017: 1st, 8th, 15th, 22nd, 29th

February 2017: 1st, 8th, 13th, 22nd

January 2017: 4th, 11th, 18th, 24th

December 2016: 7th, 14th, 21st, 28th


top cyber incident pain points