We have two weeks of news to catch up with because I was travelling last week and wasn’t able to submit to the editor in time.
But that just means double the security fun. So let’s just jump right into it.
Helping The Smaller Businesses
Small and mid-sized businesses have most of the same cybersecurity concerns of larger enterprises. What they don't have are the resources to deal with them. A new initiative, the Cybersecurity Toolkit, is intended to bridge that gulf and give small companies the ability to keep themselves safer in an online environment that is increasingly dangerous.
- GCA cyber security toolkit | GCAtoolkit
- Mastercard, GCA Create Small Business Cybersecurity Toolkit | Dark Reading
Security Isn’t Enough. Silicon Valley Needs ‘Abusability’ Testing
It is time for Silicon Valley to take the potential for unintended, malicious use of its products as seriously as it takes their security. From Russian disinformation on Facebook, Twitter, and Instagram to YouTube extremism to drones grounding air traffic, Tech companies need to think not just about protecting their own users but about abusability: the possibility that users could exploit their tech to harm others, or the world.
Hackers Wipe US Servers of Email Provider VFEmail
Email provider VFEmail.net were compromised and disks formatted. Every VM, file server, and backup server was lost.
No ransom demand, no notice, just attack and destroy.
CISO Spotlight: Security Goals and Objectives for 2019
Rick Holland shares his security goals and objectives for 2019, which has some great insights and tips such as hyperfocusing on process / program improvements, establishing a security and risk playbook, avoiding ‘expense in depth’, eating their own BBQ, and investing in the team.
- CISO Spotlight: Security Goals and Objectives for 2019 | Digital Shadows
Court Camera Used to Spy on Juror’s Notebook
Some defense attorneys in San Juan County worry that Sheriff Ron Krebs has a finger on the scales of justice after learning he used a courtroom security camera to surreptitiously zoom in on defense documents and a juror’s notebook during a criminal trial last week.
The incident has drawn outrage from criminal and civil-rights attorneys and frustration from the county prosecutor, and prompted a rare weekend hearing during which a judge dismissed misdemeanor assault and trespass charges against a Lopez Island man after finding the incident amounted to government misconduct that had violated his right to a fair trial.
- Sheriff’s use of courtroom camera to view juror’s notebook, lawyer’s notes sparks dismissal of criminal case | Seattle Times
We Need to Kill the ‘Security Analyst’
This is a rational and well-grounded piece talking about the skills gap, how it’s perceived and what can be done to address some of the apparent shortages.
It’s not so much about trying to find and throw more bodies at the problem, but rather, finding the right kind of people and placing people in the correct roles.
- We Need to Kill the ‘Security Analyst’ | Mark C, Medium
When You Can’t Do Awesome Things, Because of Crushing Bureaucracy
The term ‘thought leader’ is thrown about with reckless abandon to the extent that it is viewed as a derogatory term. But Haroon Meer is probably among the few who are worthy of the title, and most of his posts give me something new to think about. This one is no different.
NHS Cybersecurity Needs to be a Qualified Success
A freedom of information request which revealed a lack of cyber and information governance training may be something of a red herring. But that doesn’t mean there isn’t valuable work to be done on creating a cyber-qualified NHS IT workforce.
- NHS cybersecurity needs to be a qualified success | Digital health
Cards Used at 137 Restaurants Exposed by Point-of-Sale Breach
North Country Business Products point-of-sale and security solutions provider with roughly 6500 customers around the US mdwest has disclosed a data breach which led to the exposure of payment information for clients who used their credit and debit cards at 137 restaurants.
According to the company's data breach notification, North Country first observed that suspicious activity was present on some of its clients' networks on January 4 and a joint investigation with a third-party cybersecurity forensic firm established that the cause was malware deployed on its partner restaurants' networks.
- Cards Used at 137 Restaurants Exposed by Point-of-Sale Breach | Bleeping Computer
The RSA Shortlist
RSA is just a couple of weeks away - arguably one of the largest business-focused security conferences, and soon the masses shall descend on San Francisco.
There’s usually something for everyone there, but how can you find the talks that are best for you? Well, maybe not the best talks for you, but Thom Langford has listed out some of the sessions he’s most interested in. Maybe it can inspire you to shortlist your own sessions:
- My RSA 2019 itinerary | Thom Langford
Not wanting to be outdone my Thom, I came up with my own list of vendors I’d like to meet, or who seem pretty cool and interesting.
- The RSA 2019 shortlist | J4vv4D
Other Things I Hearted
- How to procrastinate | Stella McKenna, Medium
- The Importance of Working For A Boss Who Supports You | Forbes
- Women Helping Women Isn't Just A Rallying Cry. It's Good Business | Refinery29
- Why Mark Zuckerberg’s writing style erodes our trust in Facebook | Slab