Managed Security Services Provider (MSSP) News: 16 May 2018
Each morning MSSP Alert broadcasts a quick lineup of news, analysis and chatter from across the global managed security services provider, SOC (security operations center) and IT outsourcing ecosystem.
Here’s the lineup for Wednesday, May 16, 2018.
9. Security Lab: EY, a Top 100 MSSP, has launched a new Internet of Things/Operational Technology (IoT/OT) Security Lab embedded within the EY wavespace flagship in Warsaw. The lab allows clients to prototype cyber risk defense and IoT solutions for industrial critical infrastructure such as power grids, transportation systems, utilities networks and more in a test environment, EY says.
8. Cleaning Up Facebook: The social network has discovered and eliminated 837 million pieces of spam, 583 million fake accounts, 21 million instances of nudity and sexual activity, 3.5 million posts depicting violent content, 2.5 million examples of hate speech, and 1.9 million pieces of terrorist content in the first quarter, according to Barron’s.
7. Homeland Security: The U.S. Department of Homeland Security on Tuesday unveiled a new national strategy for addressing the growing number of cyber security risks as it works to assess them and reduce vulnerabilities, Reuters notes. Ironically, The White House on the same day eliminated the position of cyber security coordinator after President Donald Trump’s first appointee for the job departed last week, Reuters adds.
6. FBI Advice on Digital Defenses: The FBI has released an article on building a digital defense against identify theft.
5. Mexico Cyber Security: Mexico’s central bank said on Tuesday that it was creating a cyber security unit, following a hack on a domestic payments system at the end of April that affected Mexican banks, Reuters says.
4. Research: RedLock’s latest Cloud Security Trends report reveals:
- 25% of organizations have cryptojacking activity within their cloud environments, up from just 8% last quarter – representing a 3X, or 212% increase.
- 49% of databases in the cloud are not encrypted, down from 82% a year ago.
- Compliance in the cloud is still a struggle — organizations fail 30% of CIS Foundations best practices, 50% of PCI requirements, and 23% of NIST CSF requirements, on average
3. Atlanta Ransomware Fallout: Atlanta’s 2019 budget process has been delayed by a March ransomware attack that scrambled a swath of government data, temporarily closing courts, halting bill payments and slowing other key services in the most devastating “ransomware” assault on a major U.S. city, Reuters says.
2. Penetration Testing – Got Consent?: Without a proper consent form in place, penetration testing firms are breaking the Computer Misuse Act and could also be liable under various other Acts, depending on data which is discovered during the test, Tripwire notes.
1. White Label MSP Services: Winquest Cybersecurity Services has unveiled a white-labeled cybersecurity package for MSPs. The services include vulnerability assessments, penetration testing, incident response, security awareness training, consulting and more, the company says.