Infosec links July 16, 2014

2014: The Year Extortion Went Mainstream - Brian Krebs - Krebs on Security

Extortion has been around for a while, but it looks like it might be the hot new strategy for online criminals to make money. The idea is that you get a letter in the mail requesting that you pay the extortionists in bitcoins or have your business or person languished online via negative publicity. Of course there’s also the good ol crypto locker malware that encrypts your hard drive and holds all your data hostage until you pay. Fun times.

The 5 Biggest Cybersecurity Myths, Debunked - Peter W. Singer and Allan Friedman - WIRED

Interesting list about the five cyber security myths:

  • Cybersecurity is unlike any challenge we have faced
  • Every day we face "millions of cyber attacks"
  • This is a technology problem
  • The best (cyber) defense is a good (cyber) offense
  • "Hackers" are the biggest thread to the internet today

You may not agree with all of them, but they should at least make you think about several issues involving information security.

The State of Metric Based Security - Gavin Millard - Infographic

Metrics are something I’ve always wanted to get into. This infographic doesn’t discuss how to do metrics, but instead looks at who is doing metrics and to what effect. Good read if you want to see how companies are viewing metrics within information security. I’m planning on having a future podcast about the topic.