Week in review: Top cyber attack sources, serverless botnets, CFO as best cybersecurity friend

Here’s an overview of some of last week’s most interesting news and articles:

Repairnator bot finds software bugs, successfully submits patches
Can a bot create valid, high-quality fixes for software bugs more rapidly than a human can, and get them accepted by human developers and permanently merged in the code base?

How to make the CFO your best cybersecurity friend
Good cybersecurity is extremely expensive, and bad cybersecurity is, well… even more expensive. It’s very important to be able to clearly illustrate the ROI of any cybersecurity project to your CFO so he or she can rationalize the level of spending that good security requires.

Most consumers worry about cybercrime, but are not aware of what can be done about it
There is a high level of concern among consumers about the risks associated with cybercrime from their smart devices, and one in four claims to be a victim of a cyberattack. Yet, the vast majority of consumers are unaware of what they can do to protect themselves or feel they’ve already taken sufficient safety measures, according to Grange Insurance.

USA and China identified as top cyber attack sources
NSFOCUS released its H1 Cybersecurity Insights report, which analyzed traffic from January 1, 2018 to June 30, 2018.

How science can fight insider threats
The scale of the insider threat problem is revealed in the 2018 Verizon Data Breach Investigations Report, which notes that 28 percent of all data breaches involved insiders.

Serverless botnets could soon become reality
We have been accustomed to think about botnets as a network of compromised machines – personal devices, IoT devices, servers – waiting for their masters’ orders to begin their attack, but Protego researchers say that many compromised machines are definitely not a requirement: botnets can quite as easily be comprised of serverless functions.

Increased dark web activity putting merchants and consumers at risk
In a joint report, IntSights scoured the Clear and Dark Web to assess retail data and goods being sold illegally, new cyber scam tactics and how cybercriminals impersonate brands online to trick unknowing consumers.

Organizations want to threat hunt, but can’t due to lack of time, skills and visibility
Fidelis Cybersecurity asked cybersecurity leaders, security architects and security analysts about the evolution of their cyber defense strategies, including post-breach detection and response, as well as threat hunting.

Seven key digital disruptions CIOs may not seeing coming
Gartner revealed seven digital disruptions that organizations may not be prepared for. These include several categories of disruption, each of which represents a significant potential for new disruptive companies and business models to emerge.

Safeguarding hybrid-cloud infrastructures through identity privilege management
Most enterprises have embraced the advantages a cloud infrastructure can bring to their computing, storage, network or other needs, and many are juggling multiple cloud platforms, some private and other public. This comes with an unprecedented levels of automation that allows enterprises to scale to new heights in efficiency, but also introduces new risks and an increased probability of a security incident.

Phishing attacks becoming more targeted, phishers love Microsoft the most
Vade Secure compiles a list of the top 25 “phishers’ favorites” each quarter by tallying the number of new phishing URLs they detect.

Security budgets are rising, but is it enough?
A majority of companies (54 percent) are worried that they will soon outgrow their security solutions, according to Threat Stack. While budgets are expected to increase by 19 percent over the next two years, organizations are struggling with a disconnect between security and DevOps and are facing difficulties in determining where to allocate this budget in the face of rapidly evolving infrastructure.

Why you should take an operational approach to risk management
Many companies treat risk management and business continuity as different entities under the same workflows, and that is a mistake; to be optimally effective, the two must be combined and aligned.

IoT has potential to innovate, but is it secure?
While the Internet of Things has the potential to drive the next wave of online innovation, it needs to be grounded on secure networks that prevent cyber criminals from hacking into the myriad of IoT-enabled devices that they are increasingly connecting.

The risk to OT networks is real, and it’s dangerous for business leaders to ignore
Data from the new CyberX CyberX Global ICS & IIoT Risk Report shows major security gaps remain in key areas such as plain-text passwords, direct connections to the internet, and weak anti-virus protections.

Bitdefender releases GandCrab ransomware decryption tool
Bitdefender released a decryption tool for recent versions of GandCrab, the world’s most prolific ransomware.

Building shared digital identity using blockchain technology
Amit Jasuja details how a blockchain-based shared digital identity solution could look like.

Most security professionals fear AI attacks
Artificial intelligence has been a major topic of discussion in recent times – with good reason.

New infosec products of the week​: October 26, 2018
A rundown of infosec products released last week.

Are you protecting your users and sensitive O365 data from being leaked? Learn how Specops Authentication for O365 can help.