The week in security: CSO-CEO relationships reviewed as hackers run riot

Even as the importance of privacy protections was reinforced by a survey suggesting people won't sacrifice their online privacy, some suggested that Target had the wrong reporting infrastructure in place by having its CSO reporting to its CIO rather than its CEO.

This issue remains a contentious one, with one IBM strategist arguing that CSOs need to engage executives in the security “team sport” to better keep up with changing security threats – and the head of the ANZ Bank's cybersecurity efforts sharing his experience inculcating a security culture within the highest echelons of that organisation.

Meanwhile, a FireEye expert believes that the real key to ensuring a strong defence is having a stronger focus on real-world testing. This sort of thing requires better security skills, however, with the NSA reportedly having no problem filling cybersecurity jobs.

Symantec shuttered its second attempt at cloud-based file storage and declared it was going to refocus its efforts in other areas. Little wonder: cloud security continues to scare many people and the cloud-storage game is getting trickier and tricker, not the least because of developments like a tool that can collect iCloud backup files without even knowing a person's Apple ID.

Also notching their belts were hackers who stole 650,000 customer records from Domino's Pizza, then sent a mocking ransom demand. Others hacked a Synology NAS device to generate Dogecoins cryptocurrency, while many popular HTTPS sites were still vulnerable to the recently discovered OpenSSL connection hijacking attack. Google pushed out a patch for an OpenSSL vulnerability, while Microsoft was doing the hackers' job for them after a Patch Tuesday fix broke Office 2013 for thousands of users, and revelations confirmed that maliciously crafted files can disable Microsoft security products.

Yet there were also successes on the part of those working against hackers: a UK student developed an antidote for the Simplocker Android-based file-encrypting ransomware, even as researchers debated whether the TowelRoot Android tool was designed for friends or foes. Yet there was little doubt in the motivations of some malicious apps found in the Google Play Store, which would steal credentials used by Amazon Web Services developers.

A government-backed PAS 754 'software trustworthiness' standard was launched to help organisations avoid software failures, while British spying centre GCHQ said it would share technology with private companies and Europe's highest court will review personal data exchange between the European Union and United States.

Apple and Cisco Systems weighed in on Microsoft's side in the fight against a US warrant for email that has been stored overseas. Yet even as the US House of Representatives voted to limit the US National Security Agency's (NSA's) ability to search US records, British spies were apparently allowed to intercept Google and Facebook traffic. Yet with new standards like HTML5 posing new security concerns and internal risks like DNS servers still sitting ducks inside many organisations, warrants may be the least of many organisations' concerns.

Join the CSO newsletter!

Error: Please check your email address.


More about Amazon Web ServicesAmazon Web ServicesANZ Banking GroupAppleCiscoCiscoCSODomino's PizzaFacebookFireEyeGCHQGoogleHouse of RepresentativesIBM AustraliaMicrosoftNASNational Security AgencyNSASymantecSynology

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by David Braue

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place