The Tanium 10: 5 Things To Tell Your Board About Security | Congress Looks At Bug Bounties

Susan Nunziata Posted on 11.03.17 — by Susan Nunziata

Welcome to The Tanium 10, our weekly roundup of the news that matters most to security and IT professionals. Each week, we spotlight the 10 stories, trend reports, and research that caught our eye—all to help you keep up with what’s happening in our fast-paced industry. We value your feedback. Once you’ve read this week’s insights, please email me here and tell me what you think. See something you’d like to discuss further? Join the conversation in our Tanium User Community.

The Tanium 10

The Tanium 10 for the week ending November 3, 2017:

  1. Wondering what to tell your Board of Directors about cybersecurity? James Lam, a cybersecurity expert who’s been advising boards for a quarter century, has some ideas: Double down on the basics; establish a cybersecurity risk policy; ask for an effective risk report with qualitative assessments and quantitative analytics; provide credible challenge and oversight of the cybersecurity program; and focus on people and culture. Now you know.
  2. U.S. legislators are bug-eyed about bug bounties. Three bills wending their way through Congress are aimed at rewarding “cash prizes” to researchers who uncover bugs. Unfortunately, even sophisticated businesses often underestimate the amount of work that goes into operating these programs.
  3. Researchers at the University of Maryland, whose athletic teams are known as the Terrapins, are the latest to best Google’s reCaptcha audio accessibility feature. The team defeated the challenge in “less time than it takes to play the audio challenge.” Those are some fast turtles.
  4. As threats evolve, enterprises must adapt. And that means global spending on threat intelligence is expected to reach $12.6 billion by 2025, a 4X increase from 2016. That’s the conclusion of a new report from Grand View Research, a market research firm.
  5. If not AI, then what? The Information Systems Audit and Control Association says 1 million cybersecurity jobs worldwide will go unfilled this year. That’s why outfits like IBM and PricewaterhouseCoopers are pushing innovative uses of AI for cybersecurity (subscription required).
  6. The general counsels of FacebookGoogle, and Twitter testified before U.S. Congressional panels investigating disinformation campaigns carried out over their networks by Russian state actors. While acknowledging they were unwittingly used to sow discord in the US, the representatives pushed back on proposed legislation requiring them to disclose who is buying political advertisements. Say what?
  7. Even as Apple is projecting big sales for its iPhone XTencent’s Keen Labuncovered four bugs in the latest iOS that enable malware to run on an iPhone 7 via WiFi.
  8. The new Automated Indicator Sharing (AIS) program is seen by officials as a linchpin of the government’s strategy to form a public-private cybersecurity information exchange. Acting federal Chief Information Security Officer Grant Schneider says, “[A] big chunk of our future of being able to share threat and indicator information is going to be across the AIS platform.” If only private-sector organizations would sign up…
  9. Are you planning to change how you deal with cybersecurity in the year ahead? You’re not alone. SolarWinds MSP, an IT services provider, surveyed 400 businesses in the U.S. and U.K. and found 80% of them plan to change how they deal with security in the coming 12 months. Among the findings: 17% plan to switch their current provider; 10% plan to cease outsourcing in favor of in-house management; and 49% plan to outsource security for the first time.
  10. Circle with Disney, a parental control system to manage devices on home networks, issued 23 bug patches last weekend. An exploited device could be used to attack others and create far more havoc than Boo did in Disney’s Monsters Inc.

And another thing…

Avoid tricks next Halloween. Have the right treats. FiveThirtyEight, the statistical analysis website, pitted dozens of candies against one another to see which was the people’s choice on Allhallows Eve. Reese’s Peanut Butter Cups grabbed the top spot. Fans of Good & Plenty may lose their sugar buzz to know it came in last in this less-than-scientific experiment.

Like what you see? Click here and sign up to receive The Tanium 10 in your inbox every Friday.