The Biggest Cybersecurity Crises of 2019 So Far

https://www.wired.com/story/biggest-cybersecurity-crises-2019-so-far/

And we're only halfway through 2019...

Find more posts tagged with

Comments

Interesting article thanks for sharing.

I thought of sharing it on my LinkedIn and internally at work but then I changed my mind. On one hand, it shows how important cybersecurity is, but on the other hand, I feel like people are getting used to seeing compromises. It's becoming normal I guess.

Also, since I moved to consulting, one of the lessons I learned (by myself..) is that telling people about the risks of something might not always be the best approach..I try to frame it positively...

What do you think? curious to hear your thoughts on this.

I guess I want to know how you guys and girls share those breach stories and how can we make use of them?

UnixGuy

Relevant:
https://www.independent.co.uk/travel/news-and-advice/british-airways-hack-credit-card-data-breach-fine-security-a8992876.html

cyberguypr

Agree with @UnixGuy on resetting the baseline. My first thought when I saw the threads title was "business as usual". We are not seeing anything new. It's the exact same stuff over and over.

tedjames

In my agency, if we find something that may benefit our general staff, we turn it into a lesson that can be disseminated as a note of caution. Tell them what happened, tell them how it could affect them (Make it hit home by showing them how it could cost them money, reputation, etc.), and then show them how they can try to avoid it. We call it Cyber Threat Intelligence. It's part of our security awareness program. A little education goes a long way.

ansionnachcliste

UnixGuy said:

Relevant:
https://www.independent.co.uk/travel/news-and-advice/british-airways-hack-credit-card-data-breach-fine-security-a8992876.html

I'm very nosy and interested in finding out who is managing the security within organizations that fall victim to a breach

, especially after the Equifax breach and the whole "Music Major" story.

It helps me choose my career path and with such decisions.

Incident began: June 2018
First disclosed: September 2018
Security and Compliance Manager leaves position: December 2018 after being there for nearly 12 years

I see a lot of experienced and older generation security leads not being able to take the heat or perhaps resigning at a convenient time.
I often wonder how I would react in such a situation.

Perhaps this isn't a resignation but a mutual agreement between both parties?

cyberguypr

22k user enterprise here. For us the most effective way is showing the actual repercussions. The positive vibe absolutely does not work here. It's only when people see how bad it can go that they have the "dang, I better don't be that guy" moment.

NetworkNewb

Just secretly plant a virus or malware on a random user's machine once or twice a year. Tell the user they clicked on something they obviously shouldn't have... And then fire that person. Let everyone know about this and make sure to make it clear this is what happens for those that aren't careful!

(doesn't have to be a real virus/malware of course...)

tedjames

ansionnachcliste said:
I see a lot of experienced and older generation security leads not being able to take the heat or perhaps resigning at a convenient time.
I often wonder how I would react in such a situation.

Perhaps this isn't a resignation but a mutual agreement between both parties?

I've known people that were asked to resign. Essentially, you're fired without having to use the F word. I've known others that were given a month to find another job...or else.

LonerVamp

ansionnachcliste said:

UnixGuy said:

Relevant:
https://www.independent.co.uk/travel/news-and-advice/british-airways-hack-credit-card-data-breach-fine-security-a8992876.html

I'm very nosy and interested in finding out who is managing the security within organizations that fall victim to a breach , especially after the Equifax breach and the whole "Music Major" story.
It helps me choose my career path and with such decisions.

Incident began: June 2018
First disclosed: September 2018
Security and Compliance Manager leaves position: December 2018 after being there for nearly 12 years

I see a lot of experienced and older generation security leads not being able to take the heat or perhaps resigning at a convenient time.
I often wonder how I would react in such a situation.

Perhaps this isn't a resignation but a mutual agreement between both parties?

Just curious what "older generation" has to do with this? I mean, if you are any age and manage the security of an enterprise that gets so thoroughly owned that "jail time" is regularly brought up for your executives...yeah, it's not about being able to "take the heat," it's "you failed at your job, get the hell out."

*Anyone* can fall victim to a major breach. It's simple economics, regardless your perceived skill or experience. Hopefully, good managers will manage and reduce risk and impact enough to stay successful.

I'll also not deride anyone for their past career choices if they've made a change into cyber security. And at management levels, things do change somewhat (and yet don't, but that's a different discussion) and it's often about how business-wise you are rather than how well you can write firewall rules or tune EDR or test controls or read splunk logs... I'm also curious how this helps you make decisions with your career path?

jeremy_dfir

I would start stressing the need for technical/hands-on CISO, but you will all get bored by the lecture

That being said, i would start by extending visibility as much as possible (perimeter and endpoint).

And as @cyberguypr said. Same stuff over and over again.....

UnixGuy

jeremy_dfir said:

I would start stressing the need for technical/hands-on CISO, but you will all get bored by the lecture

That being said, i would start by extending visibility as much as possible (perimeter and endpoint).

And as @cyberguypr said. Same stuff over and over again.....

you have a valid point. While a CISO is a business role, I believe CIO/CTO/CISO need a minimum level of technical knowledge (I'd say 10+ yrs of technical, 10+ business...or something close to that..)