Friday Five: 2/16 Edition
Data protection jobs, Bitcoin phishing, and Amazon S3 leaks -- catch up on the week's infosec news with this roundup!
1. Data Protection Officers See Job Offers Skyrocket With Looming European Regulation by Salvador Rodriguez
From the Christian Science Monitor via Reuters: a story on the boon the European Union's General Data Protection Regulation (GDPR) has had on the data protection officer job market. How's this for a statistic: DPO job listings in Britain on the Indeed job search site have increased by more than 700 percent over the past 18 months. It’s skyrocketed from 12.7 listings per every 1 million in April 2016 to 102.7 listings per 1 million in December.
Another week, another cryptocurrency scam. This was a big one - almost incomprehensible - $50 million stolen by a group based in Ukraine through a phishing campaign. According to Graham Cluley, reporting on Cisco Talos' research for Tripwire, attackers purchased Google Adwords ads designed to mimic the legitimate Blockchain.info website. By poisoning the ads the group was able to rake in $50 million in Bitcoin over three years.
Not exactly a read but a podcast worth carving 10 minutes out of your day for: John Pescatore of the SANS Institute describes how some CISOs need to refocus their efforts on IoT security. By spending time solely on day-to-day security work, CISOs are overlooking the IoT impact. "When you look at the internet of things devices, it's a very heterogeneous world. There are all kinds of different operating systems and software and communications standards," Pescatore told Information Security Media Group this week.
These Amazon S3 server leaks are relentless. The latest, containing information belonging to a company bought by FedEx, Bongo International, surfaced Thursday. Data including 112,000 files - like drivers' licenses, national ID cards, work ID cards, voting cards, and utility bills - was floating around in the online ether. Researchers with Kromtech Security Center discovered the exposed data, according to ZDNet, which released an embargoed article in tandem with the firm's research.
Promising news from the Homeland of Security, which on Valentine's Day said they'd recently launched a new internal supply chain cybersecurity initiative to help determine where government agencies and private companies need to fine tune their security. Jeanette Manfra, who serves as the National Protection and Programs Directorate (NPPD) Assistant Secretary for the Office of Cybersecurity and Communications (CS&C), disclosed the news at a Brookings Institution event. "We need to have improved ability for DHS, [General Services Administration], the intel community to be in a position to help inform procurement decisions by the federal government and other agencies throughout the civilian government. We're working on building those mechanisms and DHS' role in pulling that altogether, and also working with industry experts to refine what are the supply chain risks that we should be concerned about."