ICYMI: £1m CISO; WannaCry; Terror kit; GDPR penalties; Dutch rank
ICYMI: £1m CISO; WannaCry; Terror kit; GDPR penalties; Dutch rank

CISO salaries may soon hit £1 million - but few qualified for top roles

CISO salaries have long headed upwards and may soon hit £1 million.  New data has highlighted the central importance of the CISO to the enterprise, reflected in their ever increasing pay packets. At the very top end, CISOs can expect to earn between £597,000 and  £878,000 a year and even within SMEs, where infosec budgets are often tighter, salaries average out at a plump £171,000 and go as high as £256,000.

The European figure still trails behind the US where CISOs can expect to earn US$273,000 (£209,000) annually, according to SecurityCurrent.  The global consultancy, DHR international, revealed the job market's current estimation of the position in a recent study, but also noted a lack of candidates suitable for these top roles.  More....

WannaCry fallout: is hoarding exploits, delaying fixes ever justified?

The fallout from the WannaCry attack continues to spread fear, uncertainty and doubt across the globe. However, there are a couple of interesting issues that have emerged from this pretty unprecedented (in scale at least) cyber-attack, so, is vulnerability hoarding ever acceptable, and ditto for the patches that fix them?

Here's the thing: despite all the government denials over the years, pretty much everyone and their aunt in the security business knows that it isn't just the criminal element that swallows up zero days.  Stuxnet put that particular argument to bed a few years back now. More.... 

Terror exploit kit evolving into greater danger - drops multiple exploits

A new exploit kit is evolving at pace, adding more exploits, and becoming more discerning, according to security researchers.  According to a blog post, researchers at Talos recently identified a new exploit kit they named Terror. The malware has come to the fore just as other kits, such as Angler, have largely disappeared.

Researchers Holger Unterbrink and Emmanuel Tacheau said that the malware appeared last year carpet-bombing the victims with many exploits at the same time, no matter if the exploit matched the victim's browser environment or not. They added that in the meantime, the malware has greatly improved since then. More...

Punitive penalties will drive GDPR compliance says analyst/CISO forum

Reputation, jobs, customer services, data theft and legal costs are all dwarfed by the prospect of company-killing fines and it is these which are driving the moves to GDPR compliance.

At the IT Security Analyst and CISO Forum Debates hosted by Eskenzi a range of distinguished panellists grappled with a range of issues facing the industry, from GDPR to data breaches, reputation, hiring and the IOT.

Are organisations ‘Betting the house on GDPR'?  All other considerations are dwarfed by the threat of fines of up to four percent of global turnover which has succeeded in catching the attention of the board, and delegates in the GDPR panel agreed that it's the spectre of these fines which is the best way to get money from the board to implement the changes needed – along with explaining how much effort would be needed to be put in to avoid top end fines.More ...

7 countries'  cyber security ranked: Netherlands ‘nearly up to speed'

The Netherlands has made great strides in implementing its cyber-security strategy, says latest CRI report, but says it still needs to address issues with funding and decision-making.

The report, The Netherlands Cyber Readiness at a Glance by Melissa Hathaway and Francesca Spidalieri, assessed the country against seventy unique indicators grouped into seven categories. Published by the Potomac Institute for Policy Studies in the US, the report is the eighth in a series and ranks Netherlands alongside seven other countries on their cyber-security efforts, with the US, France, Japan, Germany, UK, India and Italy also analysed. There is also a foundational report, The Cyber Readiness Index 2.0: A Plan for Cyber Readiness.

The report was funded by the Netherlands' National Coordinator for Security and Counter-terrorism. More...