Authentic8 Blog Author: Gerd Meissner

Gerd writes, produces, edits, and manages content at Authentic8. Before, he covered information technology and data security as a journalist and book author in the US and in Europe.

5 Must-Read Resources for Compliance and IT Leaders in Investment Firms

Regulated investment firms use the web to gather market intelligence, to access data aggregation tools and business apps, and to communicate via webmail and social media.

While many (if not most) business functions have shifted to the web and cloud apps, including IT security, the primary tool used by research analysts and investment managers remains stuck in IT’s past: the locally installed browser. A holdover from the 1990s, the local browser’s inherent weaknesses make it notoriously difficult to manage, monitor, and secure against web-borne exploits.

This has created a growing compliance blindspot for buy-side and sell-side firms. At the same time, the pressure from federal and state regulators is steadily increasing. Registered investment advisers are one example. By subjecting 17% of firms to OCIE examinations in FY 2018, the SEC already exceeded its own ambitious goal (15%) in this group alone for this year.

Chief Compliance Officers, CISOs and CTOs in the industry have been put on notice. One simple

5 Must-read Resources for SOC and Threat Intelligence Professionals

Have SOCs made enterprise IT more secure? Over the past months, multiple surveys, research reports and white papers on the success of Security Operations Centers (SOCs) and threat hunting were published that attempt to answer this question.

From various angles, researchers have gauged the impact SOCs and threat intelligence gathering (manually and automated) have on improving the IT security posture of companies in the U.S. and worldwide.

Businesses made significant investments in AI/machine learning-based automated threat detection and prevention tools over the past year. So what do they have to show for it?

If you’re planning a SOC or devising the budget plan for an existing one, check out the reports reviewed below for useful facts and actionable insights.


1) Security Operations Centers: Not a Success Story (Yet)

Security operations centers (SOCs) are facing critical staffing and retention issues that prevent them from realizing their full potential. This is one key takeaway from the new report The Definition of

2017 in Review: Data Breach Statistics and Trends

What were the biggest data breaches in 2017? Did the federal government's cybersecurity fare better, two years after the disastrous OPM hack in 2015?

Did ransomware live up to, or even beat, the dire predictions? Which industries were targeted or hacked most?

We have pulled together summaries, surveys and posts worth returning to, for use as a quick reference to consult when working on IT security presentations, cybersecurity plans and requests for budget or approvals in the year ahead:

The Biggest Hacks, Leaks and Data Breaches in 2017

...presented in 28 (illustrated) slides by ZDnet, with links to more in-depth information.

Source: ZDNet

ABA Tech Report 2017: Security

What does the American Bar Association’s 2017 Legal Technology Survey Report reveal about data security in the nation’s law firms? David G. Riess, attorney at Clark Hill PLC, summarizes.

Source: ABA Tech Report

2017 in Review: Data Breach Statistics and Trends - Authentic8 Blog illustration

Largest Healthcare Data Breaches of 2017

78 healthcare data breaches in 2017 that affected more than 10,000+ records

Noteworthy Reads, Pics & Tweets

Earlier this month, we asked our circle of InfoSec Luminaries: "Which cybersecurity-related book, video, movie, podcast, GIF, or epic tweet can you recommend?"

Their tips make for worthwhile reads and relaxed browsing (not only) over the holidays. Enjoy!

Steve Durbin, Information Security Forum

I’m going to play safe and go with The Cyber Risk Handbook: Creating and Measuring Effective Cybersecurity Capabilities by Domenic Antonucci.

I highlight it not because I wrote one of the chapters but because it tries, and I’d say succeeds, in covering the whole range of challenges associated today with operating in cyberspace in a readable manner whilst suggesting practical approaches from a range of well known and respected contributors.

If you want to understand how to get to grips with cyber, read this book. Now! It’s also available for Prime delivery via Amazon, Kindle download and Audio download. The perfect gift!

Dr. Fred Scholl, Monarch Information Networks

WTF?: What’s the Future and

News Media: Easy Target on Twitter?

CNN host Anderson Cooper said someone hijacked his Twitter account while he was asleep. The incident serves as a reminder that the Twitter feeds of (media) brands have become high-value targets for pranksters, online criminals and hacktivists.

How can news organizations and journalists better protect themselves against having their Twitter accounts hijacked or sabotaged?

CNN's initial announcement in December came after a tweet from Cooper's handle called President Trump a “tool” and a “pathetic loser.” CNN tweeted that “someone gained access” to his account.

The account wasn't "hacked", technically. It turns out that Cooper's assistant left his phone - which was logged in to the Twitter account - unattended at the gym. So goes the story, at least, and they're