The Tanium 10: SEC Discloses Cyber Breach | Are Passwords Passé?

Susan Nunziata Posted on 09.22.17 — by Susan Nunziata

Welcome to The Tanium 10, our weekly roundup of the news that matters most to security and IT professionals. Each week, we spotlight the 10 stories, trend reports, and research that caught our eye—all to help you keep up with what’s happening in our fast-paced industry. We value your feedback. Once you’ve read this week’s insights, please email me here and tell me what you think.

The Tanium 10

The Tanium 10 for the week ending September 22, 2017:

  1. The U.S. Securities & Exchange Commission (SEC) disclosed it was hacked last year. In a prepared statement Sept. 20, the SEC said the incident was caused by a software vulnerability in its Electronic Data Gathering, Analysis, and Retrieval (EDGAR) filing system. The EDGAR system processes more than 1.7 million electronic filings in any given year. Last month, the organization found out the hack may have resulted in illegal trading.
  2. New regulations from the EU, the U.K., and Australia will push firms to disclose hacks and security breaches. The drive for transparency is, in part, borne out by a 164% rise in cyberattacks this year from 2016.
  3. Are passwords passé? Major companies are experimenting with solutions such as biometrics in hopes of creating a seamless access experience for customers and employees, one that’s frustration-free while providing meaningful security.
  4. Google and Microsoft are offering new cybersecurity options for their cloud customers. Google Cloud Platform (GCP) users can access open source toolkits in the Forseti Security community, which was developed by GCP and its customer Spotify. Microsoft’s Azure confidential computing service is designed to ensure user control of data while it is being processed and to protect against malicious actors, malware, and third parties accessing data without consent.
  5. Because we all need more to worry about, researchers have built proof-of-concept malware that can jump airgaps by using the infrared capabilities of a network’s surveillance cameras to transmit data.
  6. Does your organization have a culture of cybersecurity?
  7. The US Department of Homeland Security (DHS) directive to halt federal agencies’ use of Kaspersky products offers some wiggle room. Agencies are asked to report on whether removing the software would affect system compliance with federal information security requirements and/or if removal could put agencies at increased risk.
  8. At this week’s TechCrunch Disrupt event, Heather Adkins, Google’s Manager of Information Security, said she thinks of the NSA as a state-sponsored threat in the same way as China and Russia
  9. CCleaner, a popular system maintenance tool for Microsoft Windows devices, had a malicious malware implanted in its software, according to security researchers at Cisco Talos. The malware is said to have affected 2.27 million users.
  10. The good news: A new study finds spending on cybersecurity education is at an all-time high. The bad news: increased user education has not reduced attack success.

And another thing…

A study funded by the U.S. government reveals a key finding about the potential for catastrophic head injury when small drones fall from the sky. Surprising exactly no one, the research shows heavier drones have greater potential to cause head trauma than lighter ones. Your tax dollars at work, friends.

Like what you see? Click here and sign up to receive The Tanium 10 in your inbox every Friday.