Shared InfoSec Language Fosters Shared InfoSec Goals

693643766

While most business leaders agree that cybersecurity has significant value, determining exactly where and how to spend company dollars on training and infrastructure continues to be a point of disagreement within organizations. Intelligent communication using a shared vocabulary, according to a recent Focal Point Data Risk report by the Cyentia Institute, is vital to achieving consensus, and a comprehensive security plan. As the barriers between the c-suite and IS department continue to diminish, thanks, in part, to widespread adoption of a chief information security officer (CISO), a significant problem remains in “the critical, strategic area of cybersecurity measurability.” The solution, proposed by Cyentia, is a “Cyber Balance Sheet, which borrows familiar terminology of assets and liabilities to improve communication and consensus around cyber risk.” Properly assessing corporate position and priorities, ...
Continue Reading...


Amazon’s Facial Recognition Software Sparks Privacy Concerns

Hacker_000050437260_XXXLarge The recent television series Person of Interest, which aired between 2011 and 2016, was premised upon an artificial intelligence (AI) program that could recognize patterns to determine individuals who may become victims of violent crimes. Facial recognition was one of the machine’s abilities, allowing the show’s protagonists to locate and track individuals in and throughout New York City.  The AI in Person of Interest is no longer the stuff of television or of the future. Lawmakers and civil rights groups have expressed their concern about “Rekognition“, a facial recognition software that Amazon developed and sells to law enforcement agencies.  Opponents claim that the software infringes on the privacy rights of innocent Americans and may unfairly profile women and racial minorities. The Washington Post (which is owned by Amazon) reported that ...
Continue Reading...

Litigation Opportunities follow Cryptocurrency Market Vulnerabilities

chart -503640774 This weekend, the Coinrail cryptocurrency exchange based in South Korea fell victim to a “cyber intrusion” causing a 10 percent decrease in bitcoin price, and similar losses across other digital currencies around the globe. Approximately 30 percent of the coins traded on that exchange were “lost” following the attack, valued at approximately $40 million, of which two-thirds were promptly “withdrawn or frozen in partnership with related exchanges and coin companies.” As for the other third, the exchange is reportedly analyzing the server access history, which was also secured, in an effort to recover the coins. As stated on Coinrail’s website, the company was able to save and move 70 percent of total coin/token reserves to a cold wallet, not connected to the internet, to allow the Korean National Police Agency ...
Continue Reading...

The Glacial Movement of Global Cybersecurity

International-Communications--813402032 In the pastoral setting of Le Manoir Richelieu in Charlevoix, Quebec, G7 Summit partners met to discuss a broad spectrum of topics, including the shared values of freedom, democracy, the rule of law, a mutual respect for human rights and common commitment to promote a rules-based international order. Amidst the discussions of freedom, democracy and, yes, tariffs, world leaders issued a “Charlevoix G7 Summit Communique,” which advised: “We will work together to enforce existing international rules and develop new rules where needed, to foster a truly level playing field, addressing in particular non-market oriented policies and practices, and inadequate protection of intellectual property rights such as forced technology transfer or cyber enabled theft.” The G7 Communique included many declarations, including an acknowledgement that “. . . we share a fundamental ...
Continue Reading...

Eleventh Circuit Vacates FTC Order against LabMD as Lacking Specificity Necessary to Protect Due Process Rights

lawsuit The Court of Appeals for the Eleventh Circuit has overturned an FTC cease and desist order enjoining LabMD to install a reasonable data-security program, issued in response to the disclosure of a single computer file containing personal information regarding 9,300 customers. Agreeing with arguments from the now-defunct LabMD, the court determined “that the order is unenforceable because it does not direct LabMD to cease committing an unfair act or practice within the meaning of Section 5(a)” of the Federal Trade Commission Act (15 U.S.C. § 5[a]). The court, after recognizing that the FTC could have issued “a narrowly drawn and easily enforceable order…commanding LabMD to eliminate the possibility that employees could install unauthorized programs on their computers,” overturned the cease-and-desist order that “continue[d] past” the single incident of wrongdoing, to broadly ...
Continue Reading...

The FTC Gang’s All Here – Five New Commissioners Confirmed

iStock_000036136302_Double The Federal Trade Commission (FTC) is widely recognized as the primary federal regulator of cybersecurity and data privacy by virtue of its authority under Section 5 of the Federal Trade Commission Act to take enforcement action against unfair and deceptive trade practices, which authority has been upheld by various courts including the U.S. Court of Appeals for the Third Circuit. For just over a year, the FTC has operated with only two commissioners, one Republican and one Democrat. On April 26, 2018, the United States Senate confirmed five new commissioners, Chairman Joseph J. Simons, Noah Joshua Phillips, Rohit Chopra, Rebecca Kelly Slaughter, and Christine Wilson. Commissioners Simons, Phillips, Chopra, and Slaughter took their seats in early May. Commissioner Wilson will take her seat either when the current term of Commissioner ...
Continue Reading...

Papua New Guinea Shuts Down Facebook…Temporarily

Facebook Logo 21333270_l The democratic government of Papua New Guinea (PNG) has announced a one-month shutdown of Facebook access within the nation, to allow the government to assess the spread of objectionable content, and to “allow information to be collected to identify users that hide behind fake accounts, users that upload pornographic images, users that post false and misleading information on Facebook to be filtered and removed.” While regimes such as Iran, North Korea, and China currently censor the social networking site, PNG is the first democratic nation with constitutional protections for “fundamental rights and freedoms of the individual,” including freedom “of expression,” to block access. In 2011, PNG began formulating and drafting the Cybercrime Code Act in a move to reform the nation’s Information, Communication and Technology (ICT) laws, as one of ...
Continue Reading...

Firewall’s Up: South Carolina Passes First-of-its-Kind Insurance Data Security Act

531050703 South Carolina recently became the first state to pass legislation modeled closely on the Insurance Data Security Model Law that was approved by the National Association of Insurance Commissioners (NAIC) last October. Amid the rising incidence of cyberattacks, cyber security is a key issue facing the insurance sector. South Carolina has taken a proactive step in protecting their business and customers from possible data breaches. The South Carolina Department of Insurance (SCDOI) Data Security Act, signed by the Governor on May 3, 2018, will become effective January 1, 2019. Among other things, all insurers, agents, and other licensed entities doing business in the state will be required to establish a comprehensive, written information security program by July 1, 2019. The Act also requires each insurer provide an annual certification of ...
Continue Reading...

Newsflash: Internet-Connected Devices Are Not Private

868172652 Last week, Amazon confirmed that it’s Alexa-powered Echo device may, in fact, listen in on private conversations, whether or not the device had been intentionally activated by a user. In this “extremely rare occurrence,” a couple’s private conversation was not only recorded, but was sent to a random number in the user’s address book without their permission. Earlier this year, users also reported “unexpected and unwarranted bursts of robotic laughter,” which many found to be extremely “creepy,” and which Amazon characterized as the result of a “false positive.” While this most recent event has created a stir, it certainly is not the first time an Internet-connected device was found to eavesdrop on private conversations. In 2015, for example, Samsung warned that its SmartTVs “captured and transmitted [spoken words] to a ...
Continue Reading...

The SEC Is Focused on Public Company Disclosure of CyberSecurity Risks

693643766 While new data privacy rules in the European Union have dominated the news lately, the U.S Securities and Exchange Commission (SEC) has not so quietly been making waves of its own in the regulation of cybersecurity. In February ,the SEC issued fresh guidance to public companies on the disclosure of cybersecurity issues, both in identifying risks prospectively and in disclosing breaches quickly. It then followed up that guidance in April with its first ever fine of a public company for failing to promptly disclose a data breach. Together, the SEC’s recent actions make it very clear that data breaches at public companies are high on its agenda. On February 21, 2018, the SEC issued guidance to public companies on their disclosure obligations for cybersecurity issues. The two overarching issues from ...
Continue Reading...