Cybersecurity News of the Week of, October 8, 2017

Cyber Security News



from our friends at Citadel Information Group



Individuals at Risk

Identity Theft

Fear Not: You, Too, Are a Cybercrime Victim!: Maybe you’ve been feeling left out because you weren’t among the lucky few hundred million or billion who had their personal information stolen in either the Equifax or Yahoo! breaches. Well buck up, camper: Both companies took steps to make you feel better today. KrebsOnSecurity, October 4, 2017

Former Equifax CEO says breach boiled down to one person not doing their job: In a continued effort to pass on any responsibility for the largest data breach in American history, Equifax’s recently departed CEO is blaming it all on a single person who failed to deploy a patch. Tech Crunch, October 3, 2017

The Equifax Hack Has the Hallmarks of State-Sponsored Pros: In the corridors and break rooms of Equifax Inc.’s giant Atlanta headquarters, employees used to joke that their enormously successful credit reporting company was just one hack away from bankruptcy. They weren’t being disparaging, just darkly honest: Founded in the 19th century as a retail credit company, Equifax had over the years morphed into one of the largest repositories of Americans’ most sensitive financial data, which the company sliced and diced and sold to banks and hedge funds. In short, the viability of Equifax and the security of its data were one and the same. Bloomberg, September 29, 2017

Cyber Privacy

USPS ‘Informed Delivery’ Is Stalker’s Dream: A free new service from the U.S. Postal Service that provides scanned images of incoming mail before it is slated to arrive at its destination address is raising eyebrows among security experts who worry about the service’s potential for misuse by private investigators, identity thieves, stalkers or abusive ex-partners. The USPS says it hopes to have changes in place by early next year that could help blunt some of those concerns. KrebsOnSecurity, October 2, 2017

Cyber Defense

Should Apple iPhone X Trust Facial Recognition for Security?: Your face is the future of smartphone security. Apple made that clear last week when it unveiled the pricey iPhone X, which trades in the familiar home button and TouchID fingerprint scanner for a new camera system that unlocks the device using facial recognition. Scientific American, October 2, 2017

Cyber Warning

4 ways you can get hacked through your smartphone: The relationship between smartphones and securing personal information can be complicated. Yahoo, October 6, 2017

Malware That Hijacks Your Computer to Mine Cryptocurrency Is Swarming Across the Internet: An increasing number of websites are turning the computers of unsuspecting visitors into cryptocurrency miners. Aside from slowing down CPU performance, these tools violate the privacy of users. Futurism, October 6, 2017

Hackers Are Using LinkedIn to Tailor their Phishing Attacks Just for You: Hackers have begun using LinkedIn, the popular social network for business professionals, to create better phishing attacks. Already, one breach – at Vevo – has been attributed to the practice. HashedOut, October 5, 2017

Information Security Management in the Organization

Security Leadership

Leaderships’ evolving role in cybersecurity: As the volume and severity of computer crime has grown, one group has stayed somewhat quiet about the issue: CEOs. Cybersecurity is a difficult topic for many business executives to discuss. They aren’t comfortable with the technology and they worry that speaking out will betray their naïveté. They fear being breached but are reluctant to discuss their own vulnerability. They may even assign security a lower priority because it doesn’t have a clear ROI. Altogether, this creates the impression that they don’t care about an issue that may actually worry them a great deal. CSO, October 3, 2017

Information Security Management and Governance

8 Tough Questions Every CISO Should Be Ready to Answer: When a major security incident, such as the recent massive Equifax data breach, grabs headlines, CEOs start asking more questions about data security. BankInfoSecurity, October 5, 2017

Cyber Awareness

New Report: 7 in 10 employees lack the awareness needed to prevent common cyber incidents: Bothell, Wash., Oct. 3, 2017 /PRNewswire/ — Seven in 10 employees lack the awareness to stop preventable cybersecurity incidents, according to the second-annual State of Privacy and Security Awareness Report, released by MediaPro. Business Insider, October 3, 2017

Cyber Defense

81% of organizations fail to properly address cloud vulnerabilities, report says: RedLock’s recent Cloud Security Trends details the rise of data exposures, changes in cloud security, and what businesses need to do to address these issues. TechRepublic, October 6, 2017

The Five Tenets of Cyber Security: In the two day MGT433 Securing the Human course, we start the class by defining what risk is. Security awareness is nothing more than a control to manage human risk. To manage risk, you have to first define it. What stuns me is how often security professionals that have been in this field 5, 10 or even 15 years are so lost in the technical weeds they forget (or never truly learned) the fundamentals of what we do. So, just to recap for those of us who have forgotten (and those who are new to the field), here are the five key tenets of cyber security. SANS, October 5, 2017

Cybersecurity skills shortage leads more organizations to outsource CISO and other talent Do you have confidence that your in-house security personnel has the knowledge, experience and technology to defend against cyberattacks? If so, there’s a chance that you may be fooling yourself. CSO, October 5, 2017

How Businesses Should Respond to the Ransomware Surge: Modern endpoint security tools and incident response plans will be key in the fight against ransomware. DarkReading, October 5, 2017

Cybersecurity in Society

Cyber Crime

FDIC hit by 50+ breaches in a two year period: A new report suggests that the FDIC could have been breached numerous times between 2015 and 2016, leading to the leak of PII data. TechRepublic, October 6, 2017

World’s Biggest Data Breaches – Interactive map of world biggest data breaches, leaks and hacks. Information is Beautiful, September 10, 2017

Breaches up 27%, losses up 23% in 2017 Ponemon – Accenture Cost of Cyber Crime Study: Over the last two years, the accelerating cost of cyber crime means that it is now 23 percent more than last year and is costing organizations, on average, US$11.7 million. Whether managing incidents themselves or spending to recover from the disruption to the business and customers, organizations are investing on an unprecedented scale—but current spending priorities show that much of this is misdirected toward security capabilities that fail to deliver the greatest efficiency and effectiveness. Ponemon, 2017

Cyber Attack

EFF fights off phishing attack – Phish For the Future: This report describes “Phish For The Future,” an advanced persistent spearphishing campaign targeting digital civil liberties activists at Free Press and Fight For the Future. Between July 7th and August 8th of 2017 we observed almost 70 spearphishing attempts against employees of internet freedom NGOs Fight for the Future and Free Press, all coming from the same attackers. EFF, September 27, 2017

Cyber Defense

National Cyber Security Awareness Month 2017: As hacks, data breaches, and other cyber-enabled crime become increasingly commonplace, this year’s National Cyber Security Awareness Month is an important reminder of the need to take steps to protect yourself and your family when using the Internet. Launched in 2004 by the Department of Homeland Security and the National Cyber Security Alliance, the annual campaign held every October is designed to help the public stay safe online and to increase national resiliency in the event of a cyber incident. FBI, October 2, 2017

Cyber Freedom

US Top Law Enforcement Calls Strong Encryption a ‘Serious Problem’: BOSTON—Top U.S. law enforcement and policy makers touched the third-rail issue of encryption Wednesday with several high-ranking officials lamenting their inability to crack open phones, laptops and communications protected with strong encryption. ThreatPost, October 6, 2017

States work together to improve cybersecurity management: With protection from cyberthreats an ever-present concern for IT leaders at all levels, five states presented their approaches at NASCIO’s annual conference in Austin. GovernmentTechnology, October 4, 2017

National Cybersecurity

Russian Theft of NSA Secrets: Many Questions, Few Answers: Hackers working for Russia gained access to the home computer of an NSA employee in 2015, pilfering highly classified material and spying code that was apparently detected by Kaspersky Lab’s anti-virus software (see Report: NSA Secrets Stolen From Computer Using Kaspersky Software). BankInfoSecurity, October 5, 2017

Russian government hackers used antivirus software to steal U.S. cyber capabilities: Russian government hackers lifted details of U.S. cyber capabilities from a National Security Agency employee who was running Russian antivirus software on his computer, according to several individuals familiar with the matter. The Washington Post, October 5, 2017

Interview w Jeremy Rabkin, co-author, Striking Power. Evolving cyberwar rules: In a delightfully iconoclastic new book, Jeremy Rabkin and John Yoo take the air out of 75 years worth of inflated claims about the law of war. They do it, not for its own sake, though God knows that would be enough, but as prelude to discussing how to use the new weapons – robots, space, and cyber — that technology makes possible. Brian Egan and I interview Jeremy Rabkin about these and other aspects of “Striking Power: How Cyber, Robots, and Space Weapons Change the Rules for War.” Steptoe Cyberblog, September 25, 2017<

Secure the Village

SecureTheVillage Leadership Council Member Michael Gold Nominated as a Leader in Cybersecurity Law by Los Angeles Business Journal: LOS ANGELES—Jeffer Mangels Butler & Mitchell LLP (JMBM) is pleased to announce that Michael A. Gold, co-chair of JMBM’s Cybersecurity & Privacy Group and co-author of the Cybersecurity Lawyer Forum, has been nominated by the Los Angeles Business Journal as a “Leader in Law” in the area of Cybersecurity. Michael is a member of the SecureTheVillage Leadership Council. Cybersecurity Lawyer Forum, October 5, 2017

Cyber Miscellany

The Coming Software Apocalypse & What Might Prevent It: There were six hours during the night of April 10, 2014, when the entire population of Washington State had no 911 service. People who called for help got a busy signal. One Seattle woman dialed 911 at least 37 times while a stranger was trying to break into her house. When he finally crawled into her living room through a window, she picked up a kitchen knife. The man fled. The Atlantic, September 26, 2017

SecureTheVillage Calendar

Glendale Tech Week: SecureTheVillage and Citadel President Stan Stahl will join Louie Sadd, Datastream Managing Partner and SecureTheVillage Leadership Council member, and other cybersecurity panelists. October 12, 10:00 – 11:00, Glendale Central Library.

Securing Our Village & Our Country’s Election Process. Stan Stahl to Speak at Impact Roundtable: Our freedoms and democratic way of life are under attack — and we must act now to create a cybersecurity-sensitive culture. Event Date: Friday October 13, 2017

SecureTheVillage: Cybersecure Los Angeles 2017 — Get Cyber Prepared: SecureTheVillage joins UCLA Extension for its first cybersecurity conference. Learn from leading information security professionals and law enforcement, including: information security providers, cyber-insurance, financial services, law, the FBI, LA County District Attorney’s Office, and more. Leave with SecureTheVillage’s Information Security Management and Leadership ResourceKit: A practical guide for implementing an information security management and leadership program in your organization. October 19, 9:00 – 2:00, UCLA Extension, Figueroa Courtyard

The post Cybersecurity News of the Week, October 8, 2017 appeared first on Citadel Information Group.

Jeff Snyder's, SecuirtyRecruiter.comSecurity Recruiter Blog, 719.686.8810