As more organisations are consuming and offering services in the cloud, they are forever facing challenges by balancing customer experience and the increase of their surveillance capabilities. Enterprises are feeling the brunt of these changes. While cloud, in all its various guises, continues to shape digital strategies, how are security professionals adapting? Not just to cloud technologies, but also to the increased focus on privacy that the GDPR has brought within the overall context of a government that’s eager to increase its powers. Imagine for a moment; if you will, please indulge me on 3 major breaches and if GDPR was enforce –

Just before midnight last Sunday evening (June 17, 2018), Elon Musk sent an email to all staff. He was dismayed, he said, to learn about a Tesla employee "making direct code changes to the Tesla Manufacturing Operating System under false usernames and exporting large amounts of highly sensitive Tesla data to unknown third parties." However, in information security terms, an insider stole sensitive documents from Tesla. The motive is not as important as the act. It seems that Tesla does not operate adequate least-privilege measures, and does not have an internal traffic monitoring system capable of detecting and blocking the unsanctioned exfiltration of gigabytes of data. This failure has left Tesla with a PR nightmare that it must now manage and the incident has also had an impact on the company's share price which dropped more than 6% in trading at the time of writing this.

And with this in mind, enjoy our roundup of stories for this week…

Tesla Breach: Malicious Insider Revenge or Whistleblowing?

Just before midnight last Sunday evening (June 17, 2018), Elon Musk sent an email to all staff. He was dismayed, he said, to learn about a Tesla employee "making direct code changes to the Tesla Manufacturing Operating System under false usernames and exporting large amounts of highly sensitive Tesla data to unknown third parties."

Malicious Insider Revenge or Whistleblowing? |  Kevin Townsend

When Bug Bounty Disclosure goes bad

There are vulnerabilities everywhere, you are a cybersecurity researcher, you then follow the bug bounty program process and share it responsibly with the vendor, then that vendor fixes the issue - but instead of sending the chopper over to you with a care package, they pretend like you didn't exist. Now what to do?.

Vendors, Disclosure, and a bit of WebUSB Madness |  Markus Vervier

How Edward Snowden made us think about and forget the Insider Threat

Five years ago, the news media went into a frenzy after The Guardian revealed details about National Security Agency (NSA) surveillance activities. The news was based on classified documents that former NSA IT contractor Edward Snowden stole while he had privileged access to NSA systems and data. It provided clarity on exactly how powerful the NSA’s information collecting machine was. It also gave new life to the “insider threat.”

Snowden illuminated how nefarious employees and contractors operate. He also cast a shadow over an additional class of insider threat made up of privileged users that includes employees, contractors, partners and executives that operate with their organizations’ best interests in mind. Since Snowden, this “trusted insider” segment has gone under appreciated with respect to risk it is driving and resources it deserves.

Five Years Later: Never forget the insider threat | Dtex Systems

This has been quite a ride we have been on over the past two weeks, many, many data breaches, and many agree cryptomining is becoming the “new” ransomware. I believe the new business model will most likely be: finding all your data online through a subscription service, detecting it, and removing it. I was also really happy to be stuck indoors this past week-end, with the storms here in Cape Town, another two things I am happy to report, One: the Rain! And the second thing: I could stay indoors and catch up on much needed reading and research! A Very Happy and contented camper indeed.

And with this in mind, enjoy our roundup of stories for this week…

Want to catch-up on some reading too?

Both McAfee and Kaspersky have released research reports. Both are freely available and don't need you to surrender any details to access them. Some good stuff from the research community.
McAfee's report showcases new coin miner malware jumped a huge 1,189% in Quarter one while new ransomware attacks dropped 32%.
The decline of ransomware and rise of cryptocurrency mining is a trend that Kaspersky has also seen in its recent ransomware and malicious crypto miners in the 2016-2018 report.

McAfee Labs threats report, June 2018 | McAfee 
Ransomware and malicious crypto miners in 2016-2018 | Securelist

Top Security Concerns On The Minds Of Millennials

So do millennials have the right perspective when it comes to cybersecurity? There are clear advantages to prioritizing these outlooks, rather than spending more money on IT or worrying about the potential of a hack. Additionally, millennials seem more aware and knowledgeable about the nature of cybersecurity, and the digital risks that companies face.

The 4 Top Security Concerns On The Minds Of Millennials |  Larry Alton

A SIEM is a SIEM is a USM Right?

Most other SIEMs come with default content and correlation rules, which are useless because they aren’t aware of what data is coming from the environment. Since our product includes our intrusion detection, asset discovery, vulnerability assessment, and behavioural monitoring in one cloud platform, we can make more effective correlation rules that are applicable across our environments. We have the advantage of knowing where the data is coming from, letting us write correlation rules that will work out of the box. USM also eliminates the work of integrating and maintaining multiple point security products.

SIEM Content Engineer - Why Is It a “Thing”? | Kate Brew

As a massive fan of Jennifer Leggio whom has been in the security industry for 17 years as a marketer, advisor, and writer. Her focus is on security culture, including disclosure, community issues, equality in security, disruptive trends, and even marketing best practices, all subjects very close to my own heart. In a recent write up she focuses on the key points from her Hack in the Box (HITB) Amsterdam keynote from a few weeks ago and covers some of the marketing fails in information security - including logo's and branded vulnerabilities.

What are these? you may ask; well basically there are people that work towards reducing harm and those that contribute to harmful outcomes and the latter tend to lend to all the confusion, fear, uncertainty, and doubt that distracts or disrupts a security practitioner's ability to do his or her job.

Some key points that stand out for me – again Jennifer, this is some great stuff!

• Speak with your management about creating an ethics or standards board.
• Express the end state you want is more truth and better security.
• Share that you are willing to support on a committee to provide guidelines.
• Company doesn't have a coordinated disclosure policy? Build one.
• Require credit for your work.
• Call out marketers, but focus on sharing how to do better vs. focusing just on what sucks.

It needs to be an inclusive and interactive dialogue between technical and non-technical folks, with next steps and outcomes. If we will build it. Will you come?
And with this in mind, enjoy our roundup of stories for this week…

Where Do Cybersecurity Professionals Come From?

When a Mommy cybersecurity professional and a Daddy cybersecurity professional love each other very much they hug each other in a special way to help each other make little cybersecurity professionals.

If only it were so easy! If it were, we wouldn’t have nearly 2.2 million unfilled cybersecurity jobs on the horizon.

We wouldn’t have millions of kids struggling with online and social media addictions on one end of the spectrum and kids with no access to the Internet on the other. So while the straight answer is, we make them, the less straight answer is how?

Where Do Cybersecurity Professionals Come From? |  Pete Herzog

Security by Design: The Network

Security by design is about designing secure environments with clear goals underpinned by real-world constraints. Realistic assumptions and constraints in terms of Business, Personnel, Staffing compliment, their abilities and the IT environment and the entire ecosystem are all critical steps in the security by Design process.
I really enjoyed this detailed take on the logic behind this very misunderstood concept.

Secure by Design: The Network |  Devon Taylor

The Best and Funniest Security Memes

AlienVault recently ran a contest on Twitter to collect the best InfoSec memes from the community. I really had to chuckle at some of these with the compendium blog on these funny as well as educational security memes. Since her blog on IT jokes from 2015 was so well received, maybe this meme thing will catch on too!

The Best and Funniest Security Memes | Kate Brew