Pew Center Survey Finds Americans Lack Understanding of Cybersecurity Measures Most ‘typical’ users simply don’t understand security because it’s “magic” to them Basics must be understood by average Jane - attackers count on you not knowing How do you take knowledge and push to enterprise, while keeping up with consumers? Link: http://www.pewinternet.org/2017/03/22/what-the-public-knows-about-cybersecurity/   Suspect Charged in USD 100m Whaling Scheme $100 Million dollar - from just two companies How would your executives (and those supporting staff) fare against this attack? More importantly, how does your “awareness” program deal with this? Link: https://www.justice.gov/usao-sdny/pr/lithuanian-man-arrested-theft-over-100-million-fraudulent-email-compromise-scheme   Google's Android Security 2016 Year in Review Report: Android Security Improving Overall, Google is making great strides The fragmentation problem isn’t getting better for legacy devices that have long life-spans Going forward, things appear to be set up for faster, more OTA updates regularly - but that’s only for NEW stuff What is the state of your enterprise mobile policy? Link: http://static.googleusercontent.com/media/source.android.com/en//security/reports/Google_Android_Security_2016_Report_Final.pdf   U.S., U.K. warn airports, nuclear facilities of cyberattacks Confusing - threat to airports seems to be from hiding explosives in laptops/mobile devices Threat to Nuclear Plants (ICS) seems to be of a cyber nature to legacy systems Big picture issue works for enterprises too - legacy systems are a target Link: https://www.scmagazine.com/us-uk-warn-airports-nuclear-facilities-of-cyberattacks/article/648163/   Neiman Marcus data breach settlement tells us plenty about the ROI of security We’ve been saying this for a while - proportional security is what’s needed There is no such thing as “secure” - why do many CISOs still push for it? A settlement of $1.6M is likely cheaper than total cost of big security program What would $1.6M spending on security mean? Can you define “good enough” security? Link: http://www.computerworld.com/article/3186285/retail-it/neiman-marcus-data-breach-settlement-tells-us-plenty-about-the-roi-of-security.html