ISMS.online News Roundup – 7th November 2019

Welcome

Table of Contents

What can happen in 3 cyber seconds? UK police need to slow down with facial recognition, Boeing’s poor infosec posture threatens security and more in this weeks edition of our information and cybersecurity news roundup!

What Can Happen In 3 Cybersecurity Seconds?

George McGregor of Information Security Buzz poses an interesting question with this headline. Did you know within three seconds there is an average of 0.2 million Google search queries, 9 million sent emails and £34,000 is spent? Within the same time, it can be enough to stop businesses from losing tens of thousands too!

Read the full article here.

Approaches to Cybersecurity: perspectives from the manufacturer and provider

VP of Technology & Engineering, Monitoring and Analytics & Therapeutic Care at Philips, Lori Lazzara has been discussing the need for providers and manufacturers need to work together to enhance cybersecurity. Healthcare IT news delivers a very interesting article.

Read the full article here.

Cybersecurity best practices and risks that everybody should know – Infographic

LoginRadius has put together a cybersecurity infographic, hosted by Security Boulevard. Discover a selection of stats, facts and pointers to take on board.

Read the full article here.

After Brexit, Europe wants cybersecurity pact with UK

According to Michel Barnier at the European Commission, Europe and the UK need to continue working together on cybersecurity. Steve Ranger of ZDnet offers a quick read which sheds more light on the story.

Read the full article here.

10 Charts That Will Change Your Perspective Of AI In Security

AI continues to become a strength in anticipating and removing cybersecurity threats to organisations. As our reliance increases, there are still many who question its potential. Louis Columbus from Forbes presents ten interesting charts which demonstrate the need and potential for AI to aid our defence.

Read the full article here.

Cybersecurity takes center stage at NIST’s third annual DC CyberWeek event

120 attendees were gathered at the National Cybersecurity Centre of Excellence as part of Cyberweek in Maryland. Members of NIST, private-sector and non-profits formed a panel to discuss 5G, Cryptography, Privacy and AI among many more topics. Kristina Rigapoulos covers what occured at the event while highlighting a successful event, now in its third year.

Read the full article here.

After months of worry, BlueKeep vulnerability is now being exploited in mass-hacking campaign

In one of our recent roundups, we highlighted issues around Microsoft’s Bluekeep. Still not resolved, hackers have been exploiting the weakness here to install “money-making crypto-currency mining code”. Graham Cluley’s latest blog provides the details.

Read the full article here.

Cybersecurity takes center stage at NIST’s third annual DC CyberWeek event

While the average cost of data breaches has grown to nearly 2.7 million, organisations can impulsively look for an individual to blame. In truth, the picture can be much bigger. In this article on Infosecurity Magazine, Alex Jinivizian goes into detail which leads to how the real issues can be discovered and addressed.

Read the full article here.

Cyber Security in Your Supply Chain – Is it Time to Review Your Approach?

When GDPR first arrived, businesses rushed to put in place contractual terms with their processors. A result of this was that protection against cyber incidents were overlooked. James Walsh of Finetech Times looks at some questions that may be asked as a result and offers some insights for the benefit of the supply chain.

Read the full article here.

TikTok national security inquiry is the latest US show of force on Chinese access to American data

Social platform TikTok recently acquired another social app “Musical.ly”. The Committee on Foreign Investment in the US (CFIUS) has contacted TikTok’s Chinese parent company Bytedance over concerns that the acquisition poses a security risk, following the possible access to data by the Chinese Government. Lauren Hirsch covers this story for CNBC.

Read the full article here.

Enterprise cybersecurity in 2020: Are you ready?

This interesting piece by EC-Council raises the awareness of considering organisational cybersecurity becoming a part of everyday workflow as opposed to being perceived as a separate layer instead. Highlighting some of recent examples from other companies, this article looks at what areas of business can be affected and what can be done.

Read the full article here.

What can the Millenium Bug teach us about cybersecurity?

Who remembers the millenium bug? A time where eveyone thought computers may stop! Thankfully they didn’t, but the phenonmenon laid some foundations for how information technology and cybersecurity operates today. This interesting read by Annie May Noonan takes a closer look.

Read the full article here.

Businesses know cybersecurity is bad, but still aren’t sure how to fix it

With cybersecurity being the most frequently named risk to organisations today, many are still unsure of how to face the related challenges and lessen the risks involved. David Braue writes for CSO.com on his recent findings.

Read the full article here.

UK Police need to slow down with face recognition says data watchdog

The UK’s data regulator has called for a legal code of practice before police forces can deploy face recognition technology. The New Scientist Staff and Press Association takes a closer look at the story, reporting further comments from th ICO.

Read the full article here.

Hackers who stole personal data of 57m Uber riders and drivers plead guilty

Two hackers pleaded guilty in a U.S court for stealing high volumes of personal data from AWS databases which was owned by Uber and LinkedIn. They also attempted to extort the two companies in exchange for what was stolen. Jay Jay from teiss.co.uk covers this interesting story.

Read the full article here.

Charities report 123 data breaches to the ICO inf the first quarter of 2019/20

The first quarter of 2019/20 contained 125 reports of data breaches from charities, according to a report by the ICO. Kirsty Weakley from civilsociety.co.uk shares the findings among others, while highlighting some of the common causes of these breaches also.

Read the full article here.

Egypt’s parliament approves in principle Personal Data Protection draft law

Egypts house of representatives have initially approved legislation which protects personal data. A draft was submitted in March for debate and following amendments made since then, the law has now been approved. Zawya.com presents more on this story.

Read the full article here.

IG: Social Security’s Information Security Program is ‘Not Effective,’ Says Watchdog

According to an annual review, the National Security Administration has demonstrated that it has an information security program in place, but it has been described as “not effective”. Aaron Boyd, Senior Editor for Nextgov has written an informative piece, looking at the report.

Read the full article here.

Boeing’s poor information security posture threatens passenger safety, national security, researcher says

The Aviation Cyber Security Conference heard from Chris Kubecka, a security researcher who told the audience that Boeing’s poor information security practices threaten national security and aviation safety. In this report by M.J Porup explored what stemmed from this statement, while there is also a video podcast discussing this story.

Read the full article here.

UK: What to Expect From The US-UK Data Access Agreement

October brought about the signing of a new data sharing agreement between the US and the UK, which facilitates the exchange of evidence and the enhancement of co-operation between the two countries. Anna Gaudoin for Mondaq looks closer at the agreement in this informative article.
 

Read the full article here.

Managing data subject access requests more effectively

When it comes to Data Subject Access Requests (DSAR’s), some organisations can be unprepared or have difficulty in responding within the legislated time frame of 30 days. Matt Lock for IT Pro Portal writes on what the implications are and how these requests can be managed.

Read the full article here.

EU institution staff ‘unaware’ of Microsoft data misuse, EU data chief says

It turns out that members of staff who work across EU institutions have not been aware of the extent in which Microsoft collects and stores data when their products and services are used. This has been confirmed to Euractive by the EU’s Data Protection Watchdog.
 

Read the full article here.

Mastercard: Dealing with the complexity of data protection

Derek Ho of Mastercard in Asia has explained how lawmakers and organisations can find the balance of data and privacy as the digital world continues to grow in the region, highlighting consistensy and organisational accountability.

Read the full article here.

This Week in Tweets

Here are this weeks top tweets from the hastag #CyberSecMonth

ISMS Online Rating: 5 out of 5
Share This