Each morning MSSP Alert broadcasts a quick lineup of news, analysis and chatter from across the global managed security services provider, SOC (security operations center) and IT outsourcing ecosystem.
Here’s the update for Thursday, August 23, 2018.
9. Identity and Access Management: Here are the seven trends that will shape the future of identity management, according to Ping Identity's most recent CISO Advisory Council meeting.
8. Patch Management Challenges: The typical organization needs 38 days to patch a vulnerability, according to tCell's Q2 2018 "Security Report for In-Production Web Applications."
7. MSSPs, IoT and Medical Device Security: CynergisTek and Asimily are partnering to provide a joint security assessment for medical devices. The joint offering will provide healthcare providers with the ability to identify all devices connected to the network and the relationship between those devices, the capability to discover any existing risks or anomalies in the network, ability to discover and prioritize devices and vulnerabilities, and recommendations for mitigation and program improvement, the companies say. CybergisTek has been gaining momentum as a healthcare-focused MSSP.
6. Privacy Shield Regulation: European Union and U.S. officials are gearing up to review the Privacy Shield data agreement for the second time, and experts predict that Privacy Shield's continued viability is likely to hinge on how much weight EU policymakers choose to give to competing input from their U.S. counterparts and EU lawmakers, Law360 reports. Privacy Shield defines whether and how data can be stored and moved between EU member countries and the United States. Google, Facebook, Microsoft and more than 3,500 other companies have vowed to support Privacy Shield, the report says.
5. Cyber Insurance - Texas Cities: The Houston City Council on Wednesday unanimously agreed to spend $471,000 on cyber insurance, The Houston Chronicle says. The insurance policy can cover up to $30 million in expenses related to security breaches in the city’s network, including crisis response, recovery of losses and answers to legal claims stemming from cyberattacks, the report says. In Texas, the city of Dallas has about $10 million in cyber insurance coverage, but the cities of Austin and San Antonio have no coverage at all, according to a report presented to council’s Transportation, Technology and Infrastructure committee on Aug. 13.
4. Cyber Insurance - Policies: Chubb has surpassed American International Group (AIG) to become the largest cyber underwriter in the US, according to data by AM Best, Intelligent Insurer reports. According to the data:
- Chubb INA Group had $284.4 million in cyber direct premiums written in 2017, up from $133.5 million in 2016.
- AIG’s cyber direct premiums written in 2017 were roughly unchanged at $227.6 million in 2017 after $228.3 million in the previous year.
- Third placed was XL Catlin America Group which underwrote $177.9 million of cyber risk in 2017 after $160.8 million in 2016.
3. Cyber Insurance - Coverage Gaps: Roughly 24 percent of U.S. executives surveyed say their firm has no cybersecurity insurance, and only 32 percent of U.S. firms said their cybersecurity insurance covers all risks, according to Ovum.
2. SIEM: empow, which specializes in security information and event management (SIEM, has earned six patents and 10 more pending. The patent momentum involves empow's use of artificial intelligence (AI) -- including natural language processing (NLP), machine learning and cause-and-effect analytics -- to combat cyber attacks, the company says.
1. Federal Cybersecurity Contract: Booz Allen Hamilton, a Top 100 MSSP, has earned a $1 billion contract to enhance cybersecurity capabilities across six federal agencies.
