ISMS.online News Roundup – 26th September 2019

Welcome

Table of Contents

The news app that’s putting data privacy first; pragmatically approaching information security; the parallels between cybersecurity and noir films; Google wins privacy court case; new NIST Privacy Framework draft open for scrutiny and more, all in this week’s Information and Cybersecurity News Roundup!

European Cyber Security Month 2019

The European Cyber Security Month (ECSM) is an annual EU awareness campaign in October, that seeks to educate citizens and organisations alike on the value cybersecurity as well as on the significance of information security while outlining some simple guidelines that can be taken to safeguard their data, whether its personal, financial and/or professional.

The overall objective of the event is to boost awareness, reshape behaviours and provide resources for everyone on how to defend themselves online, with this year aiming to demonstrate that cybersecurity is a shared responsibility. This goal can be seen in the themes of this year:

  • Cyber Hygiene: setting up and maintaining a regular routine, checks and overall behaviours necessary to remain secure online.
  • Emerging technologies: use the latest emerging technologies to stay tech-wise and safe.

Find out more here.

‘Right to be forgotten’ on Google only applies in EU, court rules

In this intriguing article for the Guardian, Sarah Marsh outlines how the EU’s highest court ruled that the ‘right to be forgotten’ online does not extend beyond the boundaries of the European Union, making it a huge win for Google. Marsh continues by explaining what this right is and the consequences for the rest of the world, due to this verdict.

Read the full article here.

NIST to Finalize Privacy Framework Soon

By the end of the year, the National Institute of Standards and Technology hopes to publish its highly-anticipated privacy framework. NIST has published an updated draft and will be accepting feedback through Oct. Scott Ferguson discusses the objectives of this framework and what it means for data privacy in this excellent article for Bank Info Security.

Read the full article here.

BankThink California’s privacy reforms can drive national legislation

Recent changes to CCPA have been made to correct previous errors in the legislation and provides leeway on a few requirements. These have fallen short of industry hopes, further uniting industry leaders in advocating for federal law on privacy. Quyen Truong for American Banker discusses in this fantastic article what those hopes are and what agreement is required to create a unified national framework of privacy rights and practices.

Read the full article here.

The News App That’s Testing a Promising Way to Build In Privacy From the Ground Up

App developer Canopy has launched a news app that uses differential privacy to allow businesses to generate personalized experiences without compromising your privacy. Victoria Song discusses the implications of this for data privacy and businesses in this interesting article for Gizmodo.

Read the full article here.

Illuminating the CISO’s ICS Blind Spot May Improve Cyber Resilience

In terms of cyber-resilience, Industrial Control Systems, Building Management Systems and other Operational Technology Systems are falling behind. Asaf Weisberg explores the consequences of this and the compliance impacts of cyber-incidents in this wonderful post for InfoSecurity.

Read the full article here.

Two Widely Used Ad Blocker Extensions for Chrome Caught in Ad Fraud Scheme

Two of Chrome’s most well known adblocker applications have been discovered stuffing cookies in millions of users’ internet browsers to fraudulently create affiliate revenue from referral systems. Swati Khandelwal discusses how web extensions can enhance your browsing experience, in this brilliant post for The Hacker News, but nonetheless pose an enormous threat to your privacy and safety.

Read the full article here.

Top CEOs Now Pushing For Federal Privacy Legislation

In an open letter to Congress, 51 top U.S. CEOs called for rapid implementation of new federal legislation on privacy. In this wonderful article for CPO, Nicole Lindsey investigates the justification behind this letter and the significance of uniting businesses with one key method of thinking about private privacy.

Read the full article here.

The declining shelf life of data privacy

The frequency of new data breaches and abuse cases has so significantly increased that, unless a violation of stolen documents is within nine or ten-figure range, it no longer makes the news. Gautam Goswami for ITPro Portal explores what IT experts can do to counter data breaches in this intriguing article.

Read the full article here.

What Is Unified Threat Management? A Pragmatic Approach to Information Security

Organisations are investing more on cybersecurity, still this year we have seen an increase in safety risks, from anything like cryptojacking attacks to supply chain compromises, making it clear that companies to need a better strategy to deal with emerging risks of infosec. Douglas Bonderud for Security Intelligence explores in this fantastic article what you need to know about the future of effective information security.

Read the full article here.

Facial recognition continues to divide opinion

Raconteur has released this thought-provoking article in which Emily Hill investigates how progress towards the use of facial recognition for payment systems might seem inevitable, but it raises issues as global tech giants flourish on gathering and profiting from our personal data. Hill continues by exploring how the concept of digitally harvesting and storing our faces raises much more than just a few concerns.

Read the full article here.

IoT device manufacturers missed more than 100 vulnerabilities, argues new security research

IoT News released this wonderful article presenting how in a recent study the Independent Security Evaluators (ISE) discovered 125 vulnerabilities across 13 IoT systems that were analyzed. ISE carried out its studies by obtaining root shells on 12 of the units, enabling them to take full control of them.

Read the full article here.

Why trust at face value can’t fix the civil service email leaks

Recently, email security in the civil service came to the forefront after a spike in the number of high-level leaks resulting in the loss of jobs for senior politicians and diplomats. Matt Radolec explores the problems surrounding unlimited access to email in this compelling article for Open Access Government, the significance of suitable levels of security and what needs to be changed to avoid more government leaks of this manner.

Read the full article here.

27 nations ink cybersecurity pledge

Doug Olenick reports in this stellar article for SC Magazine how 27 nations signed a declaration today reinforcing the dedication to creating a framework for responsible state behaviour in cyberspace. The announcement was made as a conference was scheduled for the UN General Assembly in New York.

Read the full article here.

NCSC highlights cyber threats to universities

According to the National Cyber Security Centre, hostile nation-states present a significant long-term cyber risk to UK universities. Mark Say, for the UK Authority, discusses in this wonderful article where these risks stem from and how it eases a cyber attacker’s goal.

Read the full article here.

WannaCry is still the smallpox of infosec. But the latest strain (sort of) immunises its victims

WannaCry – the file-scrambling ransomware that in May 2017 infamously shut down Britain’s NHS and a number of other organisations globally – remains a risk to this day, as infosec researchers have discovered new variants. For the Register, Gareth Corfield discusses in this thought-provoking article how to best safeguard yourself from such an attack.

Read the full article here.

The Cybersecurity 202: Lawmakers want to bring back top White House cybersecurity post

In this fantastic Washington Post article, Joseph Marks investigates how a new official is set to take control over the national security strategy of the White House, just hours after President Trump appointed former hostage negotiator Robert C. O’Brien as his latest national security adviser, while some Democratic lawmakers are advocating for cybersecurity to get more attention.

Read the full article here.

Only 31% of Employees Get Annual Training on Cyber Security

The Chubb’s Third Annual Cyber Report shows that staff education is essential to preventing cyber attacks for small businesses but organisations are still not driven to safeguard their cyber exposure. In this fascinating article, the results of this study are explored by Michael Guta for Small Business Trends and what companies can do to avoid attacks.

Read the full article here.

Property Industry Responds As Smart Buildings Open Up New Cybersecurity Threats

With the need to make commercial properties more energy-efficient and user-friendly, smart buildings have produced significant and unwanted results by creating new threats for cybersecurity. Tess Bennett is investigating how these facilities have provided new targets for cybercriminals in this wonderful article for Which-50.

Read the full article here.

Four Signs You’re Not Taking Cybersecurity Seriously Enough

In this compelling article for Chief Executive Nathan Resnick describes how an attack could erase all of your prior attempts to create a good business if your executive team does not give cybersecurity the emphasis it needs.

Read the full article here.

NHS staff get new cyber security guidance

This excellent article has been released by the UK Authority describing how the NHS Digital Data Security Center has developed guidelines to assist health and care organisations increase their cybersecurity by teaching employees good practice.

Read the full article here.

Want to be a cyber expert?

As organizations around the world are increasing their defences against cyber threats, there has been a dramatic increase in demand for cybersecurity experts. However due to a shortage in the number of experts, they cannot satisfy this, so more and more organisations are turning to students to meet this need. Casey Tonkin discusses the experiences of organizations that have knowledge bringing cyber students into the workplace in this brilliant article for ACS Information Age.

Read the full article here.

Cyber-noir: Cybersecurity and popular culture

The narratives surrounding cybersecurity draw close parallels on certain aesthetic themes which, like noir films, are associated with moral ambiguity. James Shires introduces the term ‘ cyber-noir ‘ in this fascinating article for the Contemporary Security Policy Journal to describe the incorporation of noir elements into expert discourses on cybersecurity.

Read the full article here.

Texas starts mandatory cybersecurity training for government employees

IT officials in Texas are beginning the process of enforcing a law passed previously this year requiring that almost all state and local government staff undergo annual cybersecurity training. Benjamin Freed explores the significance of this law in defending the state from cyber attacks, in this wonderful post for State Scoop, after 22 local authorities were targeted in a single ransomware attack.

Read the full article here.

10 Ways AI And Machine Learning Are Improving Endpoint Security

Traditional methods to securing endpoints depending on a specified device’s hardware features do not stop breach efforts today, as attackers combine AI, machine learning, bots, and new social engineering methods to undermine and obtain access to these restrictions. In this informative article for Forbes, Louis Columbus discusses how AI and machine learning are growing to be efficient tools to fight ever more automated, well-orchestrated cyber attacks.

Read the full article here.

Achieve your information security goals with us

ISMS Online Rating: 5 out of 5
Share This