Weekly Security Risk Management News Round-Up - 9/16/13

Melissa Stevens | September 20, 2013 | tag:

Below is a summary of risk management and security news you may have missed this week.

Hidden Lynx – the hackers for hire who compromised a security firm

Graham Cluley dives into findings from a recent Symantec study revealing information about the hackers who breached Bit 9 earlier this year.  The group was targeting defense customers, and exploited vulnerabilities in Bit 9's white listing technology to reach them.

According to Symantec’s detailed report, corporate espionage and attacks against government contractors are the order of the day for Hidden Lynx, exploiting zero day Internet Explorer vulnerabilities and distributing malicious Java applets via watering hole attacks.

Read the full post on Graham's blog

Envisioning the security team of tomorrow

The SBIC published a new report this week discussing a topic of common interest amongst CISOs-  the skills shortage in the security community and how companies are working to address these issues now and in the future.  This CSO article summarizes points from the full report, which includes recommendations to treat the security team more as consultants in the company.

In the not so distant future, the security team of tomorrow will include personnel within IT, business units, and departments throughout the organization including legal, procurement, and marketing. The core security team, which is what exists today, will work with the others to coordinate the overall efforts, while focusing their energies on tasks that require specialized knowledge or centralization.

Read the article at CSO online.

Access the SBIC report here.

It's New And Shiny. Be Afraid. Be Very Afraid.

The iPhone and it's Touch ID fingerprint reader continue to be a popular topic in the news.  In this DarkReading article contributed by Securosis analyst Mike Rothman, the author discusses why we need to welcome innovation in new technologies instead of hyping FUD to tear them down.

Yet there are those fear-mongers still operating among us that use unsubstantiated and likely baseless claims to question new technologies. We heard the same stuff a few years ago when the cloud came into vogue. Oh, the cloud is dangerous. They were happy to point out when big cloud providers had availability issues. Conveniently forgetting when your own data center was down due to a faulty firmware upgrade or a rogue backhoe.

Check out the article here and visit the Securosis blog for more commentary from Mike.


Suggested Posts

Get the Weekly Cybersecurity Newsletter.