I received an early copy of this year’s Data Breach Investigations Report (DBIR) by @VZDBIR because I'm such a thot leader so I wrote a post with my thots and hot takes about it: kellyshortridge.com/blog/posts/kel…

thread of tl;dr snippets for mortals with no attention span: Yet again, the #DBIR data shows 94.6% of breaches are financially driven.

It's reminder for us to invest in security that addresses reals rather than feels; and a reminder that the best way to hurt attackers, whether at local or macro scales, is to poison their ROI.

1/N

GitLab’s S-1 (IPO filing) mentions security as a risk factor only after:
- managing future growth
- sustaining growth rate
- profitability
- competition
- new / unproven market
- sales & marketing
- “responsible” transparency
- company handbook

What does this tell us? If your security program is inhibiting:
- revenue growth
- profitability
- staying competitive
- adapting to an evolving market
- sales & marketing execution
- company values
…then don’t be surprised when it’s deprioritized. And if it isn’t enabling any of the above, why not?

A “basic” infosec tool (2FA) is what alerted FireEye to nation state activity.

There are a few things we can learn from this, and not just that my screaming into the void / on conference stages is justified.

A thread (0/8):

https://twitter.com/natashabertrand/status/1339380591599497216

1/8 First, let’s recall that Prospect Theory leads humans to overweight small probabilities (like attackers using 0day chains) and underweight large probabilities (like attackers intercepting 2FA).

Lizard brains gonna lizard brain.

See also: swagitda.com/blog/posts/beh…

I’m super excited for this talk by @ChristinaLekati about social engineering through social media at #Hacktivity2019 ! Social engineering isn’t all about charm and luck — it involves a strategy & a plan, always.

You gather everything you can about the org, identify the best target based on ROI (highest reward + lowest risk of detection), then craft a story to approach them.

- @ChristinaLekati

TIL F500 firms won 41% of R&D awards in 1971, but only 6% in 2006. In general, despite increases in science, we aren’t seeing increases in productivity.

This paper explores why, & I’m gonna highlight some interesting things from it in this thread: nber.org/chapters/c1425…

1/14 First, if you wanted a history of corporate labs, this paper is your nerding-out haven.

Turns out antitrust policy mid-century discouraged M&A & led corporations to focus on internal R&D for innovation (vs acquiring it). Maybe renewed antitrust focus will bring them back?

2/14

@snare @IanColdwater I am so glad to be your token (former) i-banker contact ✨

unfortunately my former i-banker stock advice is limited to those who have adorable dogs named Seymour, but my general advice is:
* choose a company you think will exist in 10 years
* buy stock
* hold 10 years @snare @IanColdwater Do not think you can “hack” the equity markets... you can’t, & people with many millions of $$$ will always do it better.

Don’t put all your net worth in one stock. Don’t panic when markets dip, so only invest an amount that won’t screw you. Wait to sell as long as you can.

Super pumped for this panel about detecting attacks at scale w/ @jessfraz @argvee @mhil1 @BradMaio SecOps hierarchy of needs was created in the 1970s, as pointed out by @argvee, & we’re constantly rethinking how to do detection. She thinks we’re in the early days of this current 5 year detection cycle — this time, catalyst is the cloud

I was wondering why my Canarytoken (a file folder) was triggering & discovered the culprit was chrome.exe. Turns out @googlechrome quietly began performing AV scans on Windows devices last fall. Wtf m8? This isn’t a system dir, either, it’s in \Documents\ Here’s the source on the Windows device scanning: support.google.com/chrome/answer/… “Chrome helps you find suspicious or unwanted programs on your Windows computer.”