The week in security: Breach costs arrested but CISOs risk the axe over reporting

The latest study of data-breach costs found Australian businesses bucking global trends by driving down the average cost of data breaches. There was little shelter for CISOs however, with warnings that they could increasingly risk losing their jobs if they can't improve their reporting of security postures before the breaches happen.

Might be time to not only invest in training, but to consider the best way to develop a digital risk plan and sell it to the board. And that includes more than simply pointing out that the average breach now costs over $4 million – although one CEO decided to take a stand against a DDoS extortion attack over a far smaller potential loss.

A study concluded that the majority of companies lack adequate controls to protect their business-confidential documents, while Gartner warned that DDoS defences are weak albeit starting a turnaround and other work concluded that 60 percent of businesses had a security breach in 2015.

This, as the malevolent Angler exploit kit inexplicably went silent – leading some to suspect its author or authors had been arrested. Also arrested was a Chinese worker who is alleged to have stolen the source code of a clustered file system from his US employer for the benefit of a Chinese government body. And, along related lines, 'spam king' Sanford Wallace was sentenced to 2.5 years in prison for a Facebook phishing scam.

A Flash Player zero-day exploit was found to be used in the wild by a cyberespionage group and even Adobe was warning of the risks, while security wonks at Kaspersky Labs said they knew who had created it. Meanwhile, Apple made moves to hasten the extinction of Flash by announcing it would turn off Flash in Safari 10 by default.

Security giant Symantec snatched up security vendor Blue Coat for $US4.65 billion, while VMware launched a new endpoint-security tool and security vendor Recorded Future was partnering with other vendors to strengthen the use of threat intelligence.

Also attracting interest in the new-technology department is blockchain, which some warned isn't ready for mainstream development yet. Another emerging trend in security is machine learning, which some see as a way of improving the corporate response to new attacks by ransomware that, by some accounts, is now hiding in email attachments with .JS extensions.

It's all part of a ransomware explosion that is requiring businesses to take a new approach to their usage of SIEM platforms and new approaches to cloud file-storage security, such as those that are gaining traction amongst government agencies here and abroad.

A new US bill to protect cloud-based documents from government searches was stalled in the US Senate in the wake of the Orlando shootings. This, ironically, as revelations suggested a massive FBI facial recognition database was not measuring up to privacy and accuracy requirements. Yet that's still better than in China, Gartner said, where privacy is still an elusive goal for those doing business in the country.

Also in US political news, a group of Russian hackers breached Democrat Party computers in an apparent search for documents relating to the party's strategy against rival Donald Trump; a rival hacker claimed responsibility and posted the files online to prove it.

Tags hackingpatch managementadobeattacksCISOsdata breachesflash playerCost of a data breach

Show Comments