Home Podcasts Videos Guest Posts Q&A My Take Bio Contact
 

Guest Blog Post

 

GUEST ESSAY: The Facebook factor: Zuckerberg’s mea culpa reveals intolerable privacy practices

By Elizabeth A. Rogers, Adrienne S. Erhardt and Ryan T. Sulkin

In the words of the Nobel Prize writer Bob Dylan, “The times, they are a-changin.’” Revelations in the press about Facebook’s current privacy problems, and a new comprehensive European Union privacy framework that impacts American businesses, may be changing the climate towards more data privacy regulations by United States lawmakers.

As technology and uses for data surge ahead at breakneck speed, however, the testimony of Facebook CEO Mark Zuckerberg seemed to highlight both the public’s and lawmakers’ limited understanding of the impact that dizzying advancement has on individual privacy and on our society at-large.

Related article: Good privacy practices can improve bottom line

Against these rapidly changing times, the challenge now is for …more

GUEST ESSAY: How data science and cybersecurity will secure ‘digital transformation’

By Roger Huang

In today’s environment of rapid-fire technical innovation, data science and cybersecurity not only share much in common, it can be argued that they have an important symbiotic relationship.

A fundamental understanding of the distinctions – and similarities – of these two fields is good to have. Both must flourish separately and together to fuel “digital transformation” in a way that makes our connected world as  secure as it needs to be.

Related article: Machine-learning does heavy-lifting

Data science focuses more on data structures, algorithms and computability. Cybersecurity emphasizes knowledge of systems administration, architecture, operating systems and web applications. However, both data science and cybersecurity rely on proficiency across a shared base of technical knowledge.

Both …more

GUEST ESSAY: Rising workplace surveillance is here to stay; here’s how it can be done responsibly

By Elizabeth Rogers

People often recite the cynical phrase that ‘privacy is dead.’  I enthusiastically disagree and believe, instead, that anonymity is dead.

One area where this is being increasingly demonstrated is in the workplace. Employee surveillance has been rising steadily in the digital age. And because it’s difficult, if not impossible, to keep ones digital work life separate from ones digital private life, the potential for abuse to happen while carrying out an employee surveillance program is real.

Related video: SXSW panel hashes over employee monitoring

However, I firmly believe that, together, we can preserve the employee privacy through clearly stated social ‘contracts’ and fair enforcement of same.

Let’s begin with the notion that employees, unless advised otherwise, have a right to privacy in the workplace. However, the scales also tip in favor of the employer to monitor threats to  the company’s intellectual property.

Unique ties

Employers and employees share a unique relationship built on trust.  When it comes to assets of the company, it is in the mutual interest of both that they stay protected.  Generally, employees will sign a contract, in the form of a Non-disclosure Agreement that yields to the …more

PODCAST: Why companies need a strategy to manage compliance, now more than ever

By Byron V. Acohido

Businesses are embracing the public cloud at an accelerated pace — and for good reason. By tapping hosted services,  companies of all sizes and in all verticals are finding fresh, dynamic ways to engage with employees, suppliers, partners and customers.

Related articles: 5 things to do to prep for GDPR

However, as companies race to mix and match cloud-delivered storage, processing power and business apps from the likes of Amazon Web Services, Microsoft Azure and Google Cloud, unforeseen gaps in traditional perimeter network defenses are turning up. Smitten by the benefits of cloud computing, many companies have not bothered to fully address the “shared responsibility” model for security underlying the public cloud.

By the same token, ever-opportunistic cyber criminals have already begun pouncing on these emerging exposures. Emergent cloud computing vulnerabilities have gotten a lot of attention by the cybersecurity community, as well they should.

Much less well understand, and, yet, quite possibly a much more clear and present risk for many thousands of companies is the risk of non-compliance. It turns out that in rush to move to the cloud, companies have created many more opportunities for violating the matrix of industry standards and government regulations that touch on data handling and data privacy. …more

GUEST ESSAY: How Orbitz’s poor execution of a systems upgrade left data exposed

By Natalie Williams

In case you thought it had been a suspiciously long time since a massive data breach was announced, well, here you go. Just a couple of days ago, Orbitz (part of the massive travel conglomerate Expedia) revealed that during the second part of last year, the personal data of many of their users was breached.

And by “many,” I mean somewhere in the neighborhood of 880,000. And while Orbitz promises that no Social Security Numbers were compromised, a lot of other data was: names, dates-of-birth, even email and street addresses. And, of course, credit card  information. Let’s not forget that.

Related podcast: Why 2018 will be the year of the CISO

Importantly, this was not a phishing attack. It was a system hack, and although the exact method is unknown, the hackers did target an older Orbitz platform (not Orbitz.com), as well as a partner sites (separate occasions), and were able to access records still embedded in it.

 And unlike with Equifax, this also doesn’t appear to be a situation in which administrators followed blatantly terrible password security practices. These data loss situations are always somewhat harder to assess, since they can’t be directly traced back to a clear and specific bad decision. They’re also harder to pass judgement on or attempt to provide solutions for, for the same reason. And yet, anytime this much data is exposed, there’s a serious issue. Something wasn’t adequately protected—someone wasn’t doing what they were …more

GUEST ESSAY: Surveillance cam hack shows potential for ransomware collateral damage

By David Smith

The recent charges, and subsequent arrest, of two Romanians alleged to be responsible for a widespread hack of surveillance cameras in our nation’s capitol raises a number of intriguing questions.

Why hack surveillance cameras? What nefarious activity might escape law enforcement’s notice while these particular cameras went dark?

Related articles: Surveillance cams are trivial to hack

The U.S. Secret Service had every right to be alarmed with the sudden compromise of so many cameras around Washington D.C.  According to an affidavit from the case, the hackers “participated in an intrusion into and taking control of approximately 123 internet-connected computers used by the Metropolitan Police Department of the District of Columbia (“MPDC”) to operate surveillance cameras … which computers could then be used to send the ransomware-laden spam emails.”

Based on this assertion, it appears the computers controlling the cameras were the hackers’ target objective — not the cameras themselves. This is an important distinction.  It would seem that the Romanian hackers were not ideologues seeking to make a political point. In fact, it appears they had no interest, at all, in the basic functions served by the hacked cams.

It is likely that they simply found vulnerable systems, which happened to be cameras, and then swiftly infected them with ransomware. In that scenario, they hoped for a quick ransom payment by the owners of the underlying computers. And while the attackers controlled these computers, the systems could also be redirected to help spread ransomware to other systems and devices.

Material harm

Sen. Mark Warner, D-Virg., hit the nail on the head when he observed: “These reports highlight just how vulnerable our systems are to fast-proliferating ransomware threats.” In this situation, the affected devices just happened to be surveillance cameras. Aside from the time and effort necessary to remove the ransomware and bring the systems back online, no other reported harm came from the cameras going dark for a period of time. …more

GUEST ESSAY: U.S. ‘chip’ adoption reduces card scams — but drives up new account fraud

By Robert Capps

Identity theft and fraud hit an all-time high in 2017, according to the 2018 Identity Fraud Study released last week by Javelin Strategy & Research.

Among Javelin’s key findings fraudsters claimed 1.3 million more victims in 2017, with $16.8 billion stolen. That’s a record high since 2003 when the firm first began tracking identity theft and fraud.

Related article: How a 19-year-old ran a bogus credit card empire

The retail and the financial services industry have put great effort and resources into stopping identity theft crimes. However, the complexity of fraud continues to rise, and there has been a shift towards other prevalent types of identity fraud taking place online, such as identity theft and new account fraud.

Javelin’s findings tell us that with the adoption of embedded chip cards now widespread in the U.S., criminals have begun to shift their fraud operations away from physical stores, favoring online transactions, new account fraud, and identity theft. While credit card information remained the most targeted for new account fraud, there has been significant growth in the opening of new intermediary accounts. Payment services are increasingly being targeted by fraudsters.

Capps

For the first time ever, Social Security numbers (35%) were compromised more often in breaches than credit card numbers (30%). These trends demonstrate that personal information is under siege, and protecting sensitive data with legacy methods is futile in the age of mega breaches. …more