INFOSECURITY NEWSLETTER

May 9, 2018

[Webinar] Threat Hunting Versus Compromise Assessments: What’s the Difference?

View our on-demand webinar to learn why you need to devote resources to threat hunting and compromise assessments, whether it’s through dedicated teams or third-party services.

Download My Copy

Advice for New CISOs: How to Get a Head Start on Information Security Governance

Lynn Shiang, deltarisk.com, May 3, 2018

A new Chief Information Security Officer (CISO) starting the first day on the job has many challenges to juggle – navigating infrastructure complexity, keeping up with ever-changing compliance and regulatory requirements, working through team skills shortages, and overcoming inadequate funding. In April, the Ponemon Institute surveyed more than 500 CISOs to assess their level of preparedness for a data breach.

Read More


Do Public Clouds Make it More Difficult to Get Visibility Into Data Traffic?

Help Net Security Staff, helpnetsecurity.com, May 2, 2018

Data shows that over 90% of enterprises are concerned about data and application security in public clouds, while nearly 60% of respondents reported that public cloud environments make it more difficult to obtain visibility into data traffic. 87% of enterprises had also suffered downtime of an hour or more during their last network outage, which according to Gartner, can cost a company as much as $5,600 per minute, as well as impact customer satisfaction.

Read More

How the GDPR Could Spark a Lean Data Revolution and Help Companies Control Data Costs

Dan Patterson, techrepublic.com, May 9, 2018

Karen Schuler, head of data and information governance for BDO USA, talked with TechRepublic about her recent report detailing how the GDPR will change the way companies approach data.

Read More


Toward Transitive Data Privacy and Securing the Data You Don’t Share

Anshu Sharma, techcrunch.com, May 8, 2018

We are spending a lot of time discussing what happens to data when you explicitly or implicitly share it. But what about data that you have never ever shared? We all share DNA  —  after all, it seems we are all descendants of a few tribes. But the more closely related you are, the closer the DNA match. While we all know we share 50 percent DNA with siblings, and 25 percent with first cousins  —  there is still some meaningful match even between distant relatives (depending on the family tree distance).

Read More

[Opinion] How can SOC Analysts Hunt More Efficiently? By not Hunting

Ryan Stolte, csoonline.com, April 12, 2018

The National Institute of Standards If you ask a Security Operations Center (SOC) analyst, “What’s your biggest challenge when hunting threats?” The majority will give a response like this, “We have a lot of disparate tools that we need to correlate together to identify what are actual threats vs. false positives and noise.” The problem has plagued SOC analysts for years and is only getting worse as the proliferation of data, and lucrativeness of stealing it continues. Buried in alerts, SOC analysts scramble to manually decipher which ones need immediate attention.

Read More

Preventing the Cloud from Becoming a Digital Dumping Ground

Javvad Malik, infosecurity-magazine.com, May 8, 2018

The Infosec CIA triad of Confidentiality, Integrity, and Availability are just as applicable today as they were many years ago. In recent years, confidentiality has gone out the window as celebrities’ personal photos from their own devices are leaked with reckless abandon; ransomware, or IoT-powered DDoS attacks render information and websites unavailable; and fake ads, news, or trending topics leave you questioning whether anything online has any ounce of integrity. The trifecta effect of bring your own device (BYOD), cloud adoption, and the Internet of Things have forced security teams and security vendors to re-think and re-architect how security is implemented.

Read More

Thousands of Companies Are Still Downloading the Vulnerability That Wrecked Equifax

Jonathan Greig, fortune.com, May 7, 2018

When the news emerged that Equifax had succumbed to a colossal data breach from mid-May through July of last year, consumers were livid—in part because the ransacking was entirely preventable. Hackers stole 148 million people’s names, Social Security numbers, birthdates, home addresses, and more sensitive information, as of the major credit bureau’s last count in March, and worse yet, it happened two months after software fixes for the vulnerabilities at fault had been made available.

Read More


Phishers Use New Method to Bypass Office 365 Safe Links

Eduard Kovacs, securityweek.com, May 8, 2018

Cybercriminals have been using a new method to ensure that the URLs included in their phishing emails bypass the Safe Links security feature in Office 365, cloud security company Avanan revealed on Tuesday. Safe Links, offered as part of Microsoft’s Office 365 Advanced Threat Protection (ATP) solution, is designed to protect organizations against malicious links delivered through emails and documents.

Read More

Properly Framing the Cost of a Data Breach

Jeremy Wittkop, darkreading.com, May 8, 2018

The expenses and actions typically associated with a cyberattack are not all created equal. Here’s how to explain what’s important to the C-suite and board. There is a lot of research, including Ponemon’s annual Cost of a Data Breach study, which does a good job of quantifying the average cost of each record lost across a large sample of records. Ponemon reasearch also provides some really interesting information related to the difference between direct and indirect costs of a breach across multiple countries. It is a must-read for me every year as soon as it is released.

Read More

Sign Up for Our Newsletter

financial newsletterhealthcare newsletter
Infosecurity Newsletter Archive

June 2018: 6th

May 2018: 2nd, 9th, 30th

April 2018: 4th, 11th, 18th, 25th

March 2018: 7th, 14th, 21st, 28st

February 2018: 7th, 14th, 21st, 28th

January 2018: 3rd, 10th, 17th, 24th, 31st

December 2017: 6th, 13th, 20th

November 2017: 1st, 15th, 29th

October 2017: 4th, 11th, 18th, 25th

September 2017: 6th, 13th, 20th, 27th

August 2017: 2nd, 9th, 16th, 23rd, 30th

July 2017: 5th, 12th, 19th, 26th

June 2017: 7th, 14th, 21st, 28th

May 2017: 3rd, 10th, 17th, 24th, 31st

April 2017: 5th, 12th, 19th, 26th

March 2017: 1st, 8th, 15th, 22nd, 29th

February 2017: 1st, 8th, 13th, 22nd

January 2017: 4th, 11th, 18th, 24th

December 2016: 7th, 14th, 21st, 28th


top cyber incident pain points