At a glance.
- Annual SOC Performance Report is out.
- Burnout as a security issue.
- Caffeine phishing.
- The work of the CISO after the Uber verdict.
- Research on the Budworm espionage group.
- County election workers targets of phishing.
- Google Translate spoofed for credential harvesting.
- CISA and FBI publish advisory on foreign election influence operations.
- Starlink service interruptions reported.
- Reports: Germany's cybersecurity chief faces scrutiny over alleged ties to Russia.
- Renewed activity by Polonium.
- Emotet ups its game.
- COVID-19 small business grants as phishbait.
- Impersonating Intrusion Truth.
- LDS Church discloses data compromise (possibly related to espionage).
Annual SOC Performance Report is out.
Devo’s annual SOC Performance Report was released Tuesday, surveying professionals about the state of the SOC. 77% of respondents believe that their SOC is “essential” or “very important” to their company’s cybersecurity strategy. The minority who believed their SOC fell short cited lack of visibility into the attack surface and difficulties hiring and retaining skilled employees as the root problems. Cyber risk compliance, threat detection, and incident response and remediation were the most prominent SOC services delivered currently. Threat hunting and cloud-native capabilities were the top two services SOCs planned to add within the year. For more on the state of the Security Operations Center, see CyberWire Pro.
Burnout as a security issue.
Tessian Tuesday morning blogged the results of a study of overworked CISOs, and how fatigue and burnout pose a security risk. The study found that CISOs are working significant amounts of overtime, upwards of two extra days a week. This amounts on average to 16.5 extra hours a week, an increase of eleven hours over the past year. Three quarters of CISOs report difficulty “switching off” from work. Burnout seems correlated with the size of the organization. Considering just one threat, phishing, the respondents cited distraction as the reason they failed to detect a scam. (A separate survey by Forrester found that security teams can spend up to 600 hours per month on threats caused by human error.) More on CISO performance may be found at CyberWire Pro.