This week in our blog, we offer a snapshot of cybersecurity, privacy and data security news of interest to the executive suite.  Periodically, we’ll recap insights from the growing cadre of voices in this space as well as lend our own views on the issues that impact executive governance of cyber risk and response.

Many takeaways this month from articles that further our understanding of cybersecurity concerns and issues starting with:

Who’s afraid of the Dark (Web)?

Applying Threat Intelligence and What is the Dark Web?
CSO Online
… With regard to the Dark Web, we learn how it came about with the help of US intelligence agencies, the difference between the Dark Web and the Deep Web, the initial roles to support dissidents, how the dark side developed, legitimate uses, and how threat intelligence can infiltrate the Dark Web to improve intelligence programs. The discussion of threat intelligence includes the application of threat intelligence in a corporate environment …

And excuse me, but is your hat white or black? —

At what point do white hat hackers cross the ethical line?
In recent months the news of Chris Roberts alleged hacking of an in-flight entertainment system and possibly other parts of the Boeing 737 have sparked a wave of controversy. Public opinion was originally on Roberts’ side, but the recent publication of the FBI affidavit changed that drastically. According to the affidavit, Roberts admitted to doing a live “pen-test” of a plane network in mid-air…

Speaking of being in the dark

Business Resilience Lacking in Most Firms, Finds Accenture
Computer Weekly
Most firms are failing to build business resilience in the face of an increasing onslaught of cyber attacks, a survey by IT services firm Accenture has revealed. Nearly two-thirds of C-suite executives polled said cyber attacks occur daily or weekly, yet only a quarter said…

You, and You, and You, Could be the Weakest Link
In the world of cybersecurity, there is a technique called social engineering which aims to find the weakest link in a company’s defense. The basic premise is that it’s easier to exploit weaknesses in people than technology, although, as we’ve seen, both are eminently doable. Social engineering commonly is referred to as hacking humans–relying on human propensity to trust other people.

A crack in the foundation let’s in some light

Criminal Charges Filed in Massive Alleged Cyber Insider Trading Ring
Federal authorities announced criminal charges against a massive alleged insider trading ring that reaped tens of millions of dollars in illicit profits by gaining unauthorized access to – and subsequently trading on – news releases announcing various mergers and acquisitions in numerous industries. The case, which is thought to be the largest of its kind brought to date, may herald a previously-unseen era of hackers seeking to profit off their efforts by coordinating with unscrupulous traders.

And the wattage grows

Companies hope cybersecurity experts in the boardroom can counter hacks
Los Angeles Times
The board of directors at construction and engineering company Parsons Corp. needed to fill a seat two years ago. Naturally, they wanted someone with communication and leadership skills. They also needed someone new: an expert to help them battle computer hackers, cyberthieves, electronic spies, digital vandals and anybody else out to wreak havoc in a connected world.

US allies pledge to fight ISIS in cyberspace
The Hill
Pledging to fight criminals and terrorists in cyberspace with the U.S., two American allies are strengthening their own ties. India and the United Arab Emirates (UAE) this week issued a joint statement vowing to cooperate on bolstering their cyber skills in a region under a growing threat of terrorism from the Islamic State in Iraq and Syria (ISIS)…

The government had its hands full this month

Chinese Spies Targeting Personal Emails of Top Obama Admin Officials: NSA Leak
Washington Times
The personal email accounts of several high-ranking White House officials have been directly targeted by Chinese cyberspies — and some are still actively under attack, according to U.S. intelligence reports. NBC News obtained a classified document from an internal National Security Agency presentation given…

IRS Says Breach of Taxpayer Data Far More Widespread Than It First Thought: 610,000 Taxpayers at Risk
The Washington Post
An attack by hackers who stole sensitive personal information from thousands of taxpayers was far more widespread than the Internal Revenue Service first disclosed, officials said Monday as they released new estimates that 610,000 Americans were affected. The revelation more than doubles the number of estimated victims…

15,000 government emails revealed in Ashley Madison leak
The Hill
Thousands of clients using the affair-oriented Ashley Madison website listed email addresses registered to the White House, top federal agencies and military branches, a data dump by hackers revealed. The detailed data, released Tuesday, will likely put Washington, D.C., on edge. The nation’s capital reportedly has the highest rate of membership for the site of any city

But couldn’t come to a decision on countermeasures —

Senate Punts Cyber Bill after Reaching Deal on Amendments
The Hill
Senators are punting a major cybersecurity bill to at least September after reaching an agreement Wednesday afternoon lining up the initial amendments to be offered. The Cybersecurity Information Sharing Act (CISA), which facilitates the exchange of cyber threat information between companies and the government…

Presidential candidates offered a lot of opinions on cybersecurity

In GOP Debate, Cyber Security is the New National Security
Defense is a perennial topic in any presidential election season. But during the first Republican debate in Cleveland tonight, the candidates fought not about increasing the number of troops and tanks on the ground, but about how to enhance the country’s cyber security…

That drew some opinion on their opinions —

Let’s School the Presidential hopefuls on Cybersecurity
In the build up to the 2016 US election, both Democratic and Republican presidential hopefuls are talking about cybersecurity—and specifically state-sponsored hacks. Cybersecurity is the hot-button national security issue on the campaign trail…

And federal contractors got a whiff of what may lie ahead

OMB Weighs In on Cybersecurity: Office of Management and Budget
National Law Review
In the wake of data breaches in the private sector of Target and Sony and the colossal data breaches in the Office of Personnel and Management resulting in the theft of personnel records of more than 21.5 million federal employees and contractors, the Office of Management and Budget (OMB) issued draft guidance on Tuesday to strengthen cybersecurity protections in federal acquisitions…

“The Diplomat” played a card on the China syndrome —

Cyber Attacks: Why Retaliating Against China Is the Wrong Reaction
The Diplomat
The Office of Personnel Management breach – the worst in U.S. history – is a graphic testament to the White House’s ongoing inability to identify and secure its most critical data. In this case, it lost control of incredibly sensitive and detailed information on federal employees in a breach for which China is the “leading suspect,” according to CIA chief James Clapper…

And executives shout out

6 Observations About Cybersecurity Based on Two New Surveys
Cybersecurity incidents and attacks have become almost daily news, and two new surveys give voice to the executives and cybersecurity professionals struggling to defend their organizations.

Get shouted at —

Consumers May Be the Big Losers When Companies Hide Cybersecurity Problems
The Washington Post
A group of security researchers were prepping for a major reveal in 2013: They planned to disclose at a D.C. cybersecurity conference how a security flaw in luxury vehicles could let bad guys break in without keys and start the cars. But Volkswagen stopped them, winning an injunction in a British court after arguing that publishing a paper…

And hear there’s comfort in numbers

Sisense CEO on Improving Cybersecurity by Applying Big Data Analytics
Cybersecurity and big data analytics are two set of technologies that are frequently mentioned by CEOs and CIOs as top investment priorities. But what about marrying the two? Many organizations are not yet there. For example, a recent survey of government cybersecurity professionals found that 86 percent of respondents believe big data analytics could help improve cybersecurity, but only 28 percent are currently fully leveraging big data for security purposes…


SDI #CyberTuesday offers insights and commentary on cyber risk management by SDI’s trusted cybersecurity, privacy and data security experts, skilled practitioners whose decades of experience working for governments and corporations around the world distinguish them as strategists and crisis managers.

You can view previous blog posts on cyber risk management here.

August 25, 2015