Authentic8 Blog Author: Gerd Meissner

Gerd writes, produces, edits, and manages content at Authentic8. Before, he covered information technology and data security as a journalist and book author in the US and in Europe.

5 Must-read Resources for SOC and Threat Intelligence Professionals

Illustration: 5 Must-read Resources for SOC and Threat Intelligence Professionals - Authentic8 Blog

Have SOCs made enterprise IT more secure? Over the past months, multiple surveys, research reports and white papers on the success of Security Operations Centers (SOCs) and threat hunting were published that attempt to answer this question.

From various angles, researchers have gauged the impact SOCs and threat intelligence gathering (manually and automated) have on improving the IT security posture of companies in the U.S. and worldwide.

Businesses made significant investments in AI/machine learning-based automated threat detection and prevention tools over the past year. So what do they have to show for it?

If you’re planning a SOC or devising the budget plan for an existing one, check out the reports reviewed below for useful facts and actionable insights.

*

1) Security Operations Centers: Not a Success Story (Yet)

Security operations centers (SOCs) are facing critical staffing and retention issues that prevent them from realizing their full potential. This is one key takeaway from the new report The Definition of

2017 in Review: Data Breach Statistics and Trends

Illustration: 2017 in Review: Data Breach Statistics and Trends - Authentic8 Blog

What were the biggest data breaches in 2017? Did the federal government's cybersecurity fare better, two years after the disastrous OPM hack in 2015?

Did ransomware live up to, or even beat, the dire predictions? Which industries were targeted or hacked most?

We have pulled together summaries, surveys and posts worth returning to, for use as a quick reference to consult when working on IT security presentations, cybersecurity plans and requests for budget or approvals in the year ahead:

The Biggest Hacks, Leaks and Data Breaches in 2017

...presented in 28 (illustrated) slides by ZDnet, with links to more in-depth information.

Source: ZDNet

ABA Tech Report 2017: Security

What does the American Bar Association’s 2017 Legal Technology Survey Report reveal about data security in the nation’s law firms? David G. Riess, attorney at Clark Hill PLC, summarizes.

Source: ABA Tech Report

2017 in Review: Data Breach Statistics and Trends - Authentic8 Blog illustration

Largest Healthcare Data Breaches of 2017

78 healthcare data breaches in 2017 that affected more than 10,000+ records

Noteworthy Reads, Pics & Tweets

Earlier this month, we asked our circle of InfoSec Luminaries: "Which cybersecurity-related book, video, movie, podcast, GIF, or epic tweet can you recommend?"

Their tips make for worthwhile reads and relaxed browsing (not only) over the holidays. Enjoy!

Steve Durbin, Information Security Forum

I’m going to play safe and go with The Cyber Risk Handbook: Creating and Measuring Effective Cybersecurity Capabilities by Domenic Antonucci.

I highlight it not because I wrote one of the chapters but because it tries, and I’d say succeeds, in covering the whole range of challenges associated today with operating in cyberspace in a readable manner whilst suggesting practical approaches from a range of well known and respected contributors.

If you want to understand how to get to grips with cyber, read this book. Now! It’s also available for Prime delivery via Amazon, Kindle download and Audio download. The perfect gift!

Dr. Fred Scholl, Monarch Information Networks

WTF?: What’s the Future and

News Media: Easy Target on Twitter?

Illustration: News Media: Easy Target on Twitter? - Authentic8 Blog

CNN host Anderson Cooper said someone hijacked his Twitter account while he was asleep. The incident serves as a reminder that the Twitter feeds of (media) brands have become high-value targets for pranksters, online criminals and hacktivists.

How can news organizations and journalists better protect themselves against having their Twitter accounts hijacked or sabotaged?

CNN's initial announcement in December came after a tweet from Cooper's handle called President Trump a “tool” and a “pathetic loser.” CNN tweeted that “someone gained access” to his account.

The account wasn't "hacked", technically. It turns out that Cooper's assistant left his phone - which was logged in to the Twitter account - unattended at the gym. So goes the story, at least, and they're

5 Must-Read Cybersecurity Resources for Law Firms

Illustration: 5 Must-Read Cybersecurity Resources for Law Firms - Authentic8 Blog

A recent survey of law firms found that nearly one-third of the respondents didn’t know who was responsible for risk management within their organization. What will their corporate clients make of that?

According to the research reviewed for this post, client cybersecurity audits are becoming the new normal for law firms. Many companies are no longer willing to entrust their legal matters to firms without subjecting them to a client audit first.

The same holds true when Big Law is looking to partner with smaller practices in local markets. Potential partners who cannot demonstrate that and how they protect sensitive client information against data breaches will lose valuable business and connections to a competitor in the region who can.

For this post, we have collected resources that provide up-to-date insights and guidance that help law firms with their cybersecurity planning and client audit preparation:

*

1. Why Are So Many Law Firms Unaware That They Suffered a Data Breach?

The second edition