Home Podcasts Videos Guest Posts Q&A My Take Bio Contact
 

Privacy

 

PODCAST: The case for rethinking security — starting with smarter management of privileged access logons

By Byron V. Acohido

Two cybersecurity trend lines have moved unremittingly up the same curve over the past two decades — and that’s not a good thing.

Year-in and year-out, organizations have steadily increased spending to defend their networks — and they continue to do so, with no end in sight. Research firm MarketsandMarkets estimates that the global cybersecurity market size will grow from $137.85 billion in 2017 to $231.94 billion by 2022, a compound annual growth rate of 11.0%.

Related podcast: Much stronger security can come from simple ‘Identity Access Management’ improvements

At the same time, the damage and disruption caused by malicious hackers has also continued to rise, with no end in sight. One recent measure of this comes from a survey of senior officials at 120 large enterprises, conducted by research firm Forrester and sponsored by Centrify, a leading supplier of identity and access management (IAM) technologies.

 

C-level executives disclosed to Forrester that two thirds of their companies had been breached multiple times –  a startling five times on average over the past two years. What’s more, respondents indicated these break-ins occurred evenly all across the network, at endpoints, servers, data bases and in software-as-a-service systems. …more

GUEST ESSAY: What ‘Fight Club’ taught me about protecting my online personas

By Thomas Yohannan

Dissociative identity disorder, AKA multiple personality disorder, is a human condition by which the victim’s personality becomes fragmented into two or more distinctive states.

DID has long been a rich topic for Hollywood screen writers. The movie Fight Club, in which Edward Norton and Brad Pitt portray polar opposite personalities of the main protagonist, is a classic example.

Related podcast: Phil Lieberman calls for resetting the C-suite mindset

DID sufferers subvert themselves in self-contained sets of memories, behaviors, attitudes, even perceived age. This is done so that the victim can insulate certain fragile areas of his or her psyche, and thus is able to function with a sense of security in otherwise threatening environments, psychologically speaking.

It may not be a bad idea …more

MY TAKE: Why Uber’s flaunting of disclosure laws should ignite security regulations

Think it was a mere coincidence that Uber disclosed its catastrophic data breach late in the afternoon on the Tuesday before Thanksgiving?

Fat chance. Uber’s new CEO Dara Khosrowshahi almost certainly calculated the diminished notoriety to be gained by announcing the hack on the eve of the year’s most distraction-packed, four-day weekend.

Related article: The implications of Deloitte breach on heels of SEC, Equifax hacks

Uber discovered it had been breached 14 months ago, in October 2016. The ride-hailing pioneer has admitted losing personal information for 57 million customers (myself included) and 600,000 drivers.

(UPDATE. 6 am, Nov. 29, 2107. Uber has clarified that it lost personal information for about 50 million passengers and 7 million divers, some 600,000 U.S. drivers. That includes losing the driver’s license numbers for all 7 million drivers. On that basis, Washington Attorney General Bob Ferguson has filed a multimillion-dollar lawsuit against Uber. Under Washington’s data loss disclosure law, companies must notify victims of any loss of driver’s license numbers. “Washington law is clear, when a data breach puts people at risk, businesses must inform them,” Ferguson said, in announcing what he billed as a multimillion-dollar lawsuit. “Uber’s conduct has been truly stunning. There is no excuse for keeping this information from consumers.”)

A lot of water has gone under the bridge in 14 months. Uber officials could not have missed the fireworks surrounding high-profile breach disclosures by Equifax, the U.S. Security and Exchange Commission, Deloitte, Yahoo, fast food chain Sonic and international law firm Appleby.

As those organizations bit the bullet, Uber took these steps behind closed doors:

•Paid the hackers $100,000 to delete the data and stay silent about the theft

•Head-hunted, recruited and hired a new CEO, namely Khaosrowshahi

•Tossed its chief security officer, Joe Sullivan, and his deputy, under the bus …more

MY TAKE: How I came to cover two great ‘beats’ in my journalism career

By Byron V. Acohido

I’ve had the great good fortune to spend most of my career as a “beat reporter” covering two astounding beats.

The articles you see here on LastWatchdog are the work of my second great beat, which I’ve been immersed in since approximately 2004: cybersecurity. Or to put a finer point on it, I live and breathe developments having to do with the for-profit leveraging of the Internet, by both good guys and bad guys.

A journalist couldn’t ask for a richer topic. Cybersecurity affects how we live, work and play. Cybersecurity, at this moment, underpins the profound shifts in culture, economics, politics and national security we are all experiencing.

Related: Univerisity of San Diego lists LastWatchdog as top cybersecurity blog for 2017

Related: VPNMentor includes LastWatchog as Top 20 security blog

I’ve won my fair share of recognition for my work as a journalist. This can be attributed mainly to practicing the craft professionally since 1977, and being blessed to work alongside iconic mentors and inspiring colleagues. I reached the pinnacle of my profession covering my first great beat, aviation safety, for the Seattle Times. I was awarded the 1997 Pulitzer Prize for Beat Reporting for my coverage of a deadly design flaw incorporated into the rudder actuator of Boeing 737 jetliners.

That said, two recent acknowledgements of the work I’m doing here at The LastWatchdog on Privacy & Security are top of mind at this moment. I’d like to thank the University of San Diego for naming LW as one of the top cybersecurity blogs of 2017. And my gratitude also goes out to  vpnmentor.com for placing LW on its list of Top 20 online security blogs of 2017. …more

MY TAKE: The way forward, despite overwhelming cyber threats

By Byron V. Acohido

NEW YORK CITY – Cyber Connect 2017 cybersecurity summit that just wrapped up at the beautiful Grand Hyatt located adjacent to Grand Central Station here in the Big Apple. I got the chance to be on the other side of the interview, sitting down with John Furrier and David Vellante, co-hosts of The Cube. We did it live; here’s the recorded stream.

Q&A: How the ‘PKI ecosystem’ could be the answer to securing the Internet of Things

By Byron V. Acohido

Google is making a big push to compel website publishers to jettison HTTP and adopt HTTPS Transport Layer Security (TLS) as a de facto standard, and it’s expanding use of this important encryption technology.

Secure Sockets Layer (SSL) and its successor, Transport Layer Security (TLS), are the underpinnings of secure online transactions. They come into play in the form of digital certificates issued by Certificate Authorities (CAs) —  vendors that diligently verify the authenticity of websites, and then also help the website owners encrypt the information consumers type into web page forms.

This robust protection gets implemented by leveraging an encryption and authentication framework called the public key infrastructure (PKI.) This all happens in the blink of an eye when you visit …more

Q&A: Cisco privacy chief Dennedy says good privacy practices can improve bottom line

By Byron V. Acohido

When Facebook founder Mark Zuckerberg infamously declared that privacy “is no longer a social norm” in 2010, he was merely parroting a corporate imperative that Google had long since established.

That same year, then-Google CEO Eric Schmidt publicly admitted that Google’s privacy policy was to “get right up to the creepy line and not cross it.” Indeed, the privacy of any consumer who spends any time on the Internet is owned several times over by the likes of Google, Facebook, Microsoft, Apple, Twitter, LinkedIn and other media companies and cloud service providers.

Canada and Europe require corporations to give individuals the clear choice to “opt in” to any services that collect behavioral data useful for profiling an individual. But in …more