We should start by addressing the elephant in the room. In the past week WannaCry has dominated the news and still looks to be the topic on the tips of everyone’s tongues.
There’s probably not much to add without repeating much of what has already been said.
- A Twitter moment capturing much of the early and subsequent commentary on WannaCry
- Making sense of WannaCry
- Ongoing WannaCry vulnerability spreading through SMB vulnerability
- Microsoft: TechNet’s Coverage?
SOCs are maturing, but need more automation
The survey indicates that SOCs need more automation, particularly for prevention and detection.
There are two sides to automation. One part is to understand the workflows that are needed, in other words what is the playbook to follow once certain events occur. The second part is around having technology that is tightly integrated so that the automation can occur across the IT stack. Neglecting one at the cost of the other can greatly reduce effectiveness.
Data keeps getting stolen
Getting media attention when there’s a data breach is a great thing. However, some days it feels as if fatigue has set in and breaches are reported and shoulders are shrugged as if it was a normal an occurrence as the bus being late.
Despite growing regulation, and better technologies, companies seem to repeat the same errors repeatedly, resulting in huge data losses.
Before WannaCry hijacked all security conversations this past week, GDPR has remained a popular topic. While it is good to see awareness of the upcoming regulation, it also invites a lot of uninformed commentary. Many claims are made about the implications, and frankly hijacking the conversation to suit an InfoSec and technology narrative.
AI continues to be touted and discussed wide and far, with many potentially interesting security applications.
In the UK, AI is being used to determine which criminals will get bail. Working with academics, Durham Constabulary has developed HART (Harm Assessment Risk Tool) an algorithm that analyses crime data and predicts whether an arrested suspect is likely to pose a risk if released from custody.
United Flight Attendant Accidentally Leaked Door Codes Online
This is an interesting story after a flight attendant posted door codes to the flight deck online. It probably poses some additional questions, such as, whether all cockpits share the same codes, are the codes ever changed? When airline staff retire, leave, or are fired – do they change the codes? It’s all very confusing.
I hacked the law, and made millions by insider trading. OK, so maybe that’s not quite as catchy as the song, but law firms are a treasure trove of data. As hackers broke into prominent NY-based law firms obtained sensitive plans for upcoming mergers, acquisitions, and used the information to make money trading shares using non-public information.
Their spree was short-lived though, as the alleged hackers have been fined $9m. Proving that in this case, crime didn’t pay. But it’s not just law firms that need to remain vigilant. PR agencies, accountants, consultancies, and all firms in between need to be wary of the value of their clients data and ensure appropriate security controls are put in place – not just to protect the data, but also to be able to quickly detect any breaches.