CyberSecurity: Top of the News (11 March, 2019)

Senate Panel Equifax Investigation Findings Released(March 8, 2019)


 A Senate panel investigation into the 2017 Equifax breach found that the company again and again neglected to take adequate precautions to protect the consumer data it held. The panel’s report makes several recommendations, including that “Congress should pass legislation that establishes a national uniform standard requiring private entities that collect and store PII to take reasonable and appropriate steps to prevent cyberattacks and data breaches.”
Editor’s Note

[Neely]
Equifax has lots of company: a recent study found most of the fortune 100 companies had similar problems. The argument for stability or status quo, versus the expense of regression testing, possible downtime, to apply updates and security fixes is not new and has to be baked into the business. Reliance on regulatory requirements alone is insufficient. Until security is immutable in the board room this will continue.
Read more in:
– www.theregister.co.uk
: Tech security at Equifax was so diabolical, senators want to pass US laws making its incompetence illegal
– www.carper.senate.gov: How Equifax Neglected Cybersecurity and Suffered a Devastating Data Breach: Staff Report (PDF)

RSA Panel: The Five Most Dangerous New Attack Techniques and How to Counter Them(March 7, 2019)


 At the Five Most Dangerous New Attack Techniques and How to Counter Them panel at the RSA conference in San Francisco on Thursday, March 7, Ed Skoudis, Heather Mahalik, and Johannes Ullrich described attack techniques and remediations and answered questions from audience members.
Read more in:
– www.rsaconference.com
: The Five Most Dangerous New Attack Techniques and How to Counter Them (video)

GAO Chief Enumerates High Risk List Issues for Legislators(March 6, 2019)


 Head of the US Government Accountability Office (GAO) Comptroller General Gene Dodaro spoke to panels at both the House and the Senate regarding the GAO’s recently published High Risk List, which examined 35 areas in “federal programs/operations that are vulnerable to waste, fraud, abuse, and mismanagement, or that need broad reform.” Dodaro told members of the Senate panel that the administration’s National Cyber Security Strategy, released last fall, provides “no implementation plan, definition of responsibilities, or metrics.” Dodaro told the House panel that federal IT systems have the same “material weaknesses” every year, due in part to legacy IT systems. Dodaro also questioned federal agency heads’ attention to known cybersecurity issues, saying that the problems lack “top-level management attention.”
Read more in:
– fcw.com
: Cyber strategy short on specifics and metrics, says GAO
– www.meritalk.com: Comptroller Questions Priority Given by Agency Heads to Cybersecurity Issues
– www.gao.gov: HIGH-RISK SERIES: Substantial Efforts Needed to Achieve Greater Progress on High-Risk Areas (Highlights)
– www.gao.gov: HIGH-RISK SERIES: Substantial Efforts Needed to Achieve Greater Progress on High-Risk Areas (full report – PDF)



Categories: Cyber news

Tags: , ,

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.