Managed Security Services Provider Morning News: 11 December 2017
Each morning MSSP Alert broadcasts a quick lineup of news, analysis and chatter from across the global managed security services provider, SOC (security operations center) and IT outsourcing ecosystem.
Here’s the lineup for Monday, December 11, 2017:
12. Cyber Insurance Market Forecast: Cyber insurance spending will hit about $29.2 billion in 2015, up dramatically from $2.2 billion in 2014, according to Progressive Markets. That’s a 27.46 percent compound annual growth rate (CAGR) during the forecast period. But despite the hype, critics warn that cyber insurance often comes with loopholes that leave businesses at continued risk for cyber losses. Related: More Cyber Insurance News, Analysis and Research.
11. Cybersecurity Deadline: U.S. Department of Defense (DoD) contractors face a key cybersecurity compliance deadline that kicks in December 31, 2017. Some of the details are here. We’ll share more perspectives later today.
10. Repeat Hacker Attack: Cyber criminals took a second swing at the Mecklenburg County, N.C., government late last week after county officials rejected a demand for money following a ransomware attack, Government Technology reports. To mitigate the latest attack attempts, the county blocked employee access to DropBox and Google Documents.
9. IoT Security – Apple Vulnerability: An Apple HomeKit vulnerability in iOS 11.2 allows unauthorized control of accessories including smart locks and garage door openers, according to 9to5 Mac Apple has rolled out a server-side fix that now prevents unauthorized access from occurring while limiting some functionality, and an update to iOS 11.2 coming next week will restore that full functionality, the report says.
8. Bypassing AV Security: enSilo released cybersecurity research at Black Hat Europe revealing how cybercriminals can take advantage of Microsoft Windows features to slip malicious ransomware and other threats past most updated, market-leading AV and NGAV security products protecting corporate laptops, servers and other sensitive devices. Details are in this “Lost in Transaction” presentation…
7. GDPR Compliance: OXIAL has launched a GDPR compliance platform for midmarket financial services firms. The offering, called GDPR Express, promises to address General Data Protection Regulation (GDPR) compliance within 90 days or so of deployment. It uses a “digitized approach to ensure every requirement for GDPR compliance is met,” the company claims. Hmmm… Those claims sound a bit lofty to us. Companies must achieve GDPR compliance by May 25, 2018, according to the European Union regulation requirements.
6. Conference Security: At the massive CES conference next month in Las Vegas, show organizers will roll out a LiveSafe app to alert show’s organizers about emergencies — and vice versa. The app surfaces roughly three months after a mass shooting in Las Vegas killed 58 people and injured 546 people.
5. Amazon AWS Single Sign On: Amazon has launched AWS Single Sign-On (SSO), a cloud SSO service that makes it “easy to centrally manage SSO access to multiple AWS accounts and business applications. It enables users to sign in to a user portal with their existing corporate credentials and access all of their assigned accounts and applications from one place,” the company says. We’re checking to see if the service will extend to non-AWS platforms…
4. Multifactor Authentication: —Exostar has launched Exostar Mobile ID — a multifactor authentication app for smartphones and tablets. The app has achieved Level 3 SAFE-BioPharma certification under the FICAM trust framework, Exostar asserts.
3. Cyber Talent: Women hold only 13 cent of the chief information security officer (CISO) roles within Fortune 500 companies, according to Forrester Research. Moreover, only 11 percent were previously employed by law enforcement, and 4 percent have military backgrounds. A separate survey finds 45 percent of industrial organizations lack a reliable leader for cybersecurity…
2. Robert Herjavec Describes Cyber Trends: Cyber security is no longer a niche or adjunct industry, according to Shark Tank veteran Robert Herjavec, CEO of Herjavec Group — a Top 100 MSSP for 2017. Much like the Internet or the cloud, cybersecurity is now “here to stay” and “it’s just getting bigger” because of real threats, hackers, foreign nation states and regulations, Herjavec told BNN. We’ll share more thoughts soon.
1. MSP Security Operations Centers: Should you build one or outsource to a third-party SOC? Attend our webcast this Thursday, December 14, to find the pros and cons of each approach.