x
Cloud misconfigurations are a huge security problem, resulting in the exposure of sensitive data. Despite the risks, many businesses are failing to properly configure their instances, in part due to confusing information from vendors. This is according to a new report from cloud security provider Lightspin, which performed analysis on 40,000 AWS buckets and their cloud storage permissions. The company found that almost half (46 percent) of AWS S3 buckets may be misconfigured and should be deemed insecure.
For all the millions of dollars an organization might spend on security technology, its employees' decisions and actions do the most to keep the company safe, according to the annual Verizon Data Breach Investigations Report. The report examined about 80,000 incidents from 2020 and more than 5,000 confirmed data breaches. Phishing attacks to trick employees into revealing login and personal information came up as the top avenue of incursion. Overall, 85 percent of breaches included a human element and 61 percent related to stolen or misused credentials. Ransomware was found in 13 percent of human-related breaches, and that's where the pain really comes in.
California, Virginia and, most recently, Colorado have adopted comprehensive online data privacy laws – but a state-by-state rather than a federal approach won't be enough to keep the U.S. secure and competitive. That's according to a panel of data privacy experts during a recent discussion of a new study from the R Street Institute, a nonprofit public policy research organization. More than a web of state data privacy laws, federal data privacy legislation would be a stepping stone to a stronger national security framework in the U.S.
The benefits of cloud computing make it impossible to ignore in 2021. The cloud offers the best value in today’s working world in terms of services gained for their cost. That said, security risks can still keep some away from the technology. Rather than being worried and passing on the tools offered by the cloud, getting educated on what the risks are with cloud computing can help you utilize proven software and programs with peace of mind. When it comes to cloud security risks, a lot of the threats posed to businesses all around the world are avoidable. Here’s a handful of risks you should know about when working in the cloud and how to keep your security tight in this new, exciting space.
Volkswagen has revealed a data breach impacting over 3.3 million customers. The majority of impacted individuals are either current or prospective buyers for Audi vehicles. On Friday, the automaker said that a compilation of data used for sales and marketing purposes between 2014 and 2019 was left unsecured and exposed online "at some point" between August 2019 and May 2021. Volkswagen says that first and last names, personal and/or business mailing addresses, email addresses, and phone numbers may have been exposed in the breach, alongside information concerning "vehicle[s] purchased, leased, or inquired about," such as vehicle ID numbers, makes, models, years, and colors.
As ubiquitous as Google Docs has become in the last year alone, a major criticism often overlooked by the countless workplaces who use it is that it isn’t end-to-end encrypted, allowing Google — or any requesting government agency — access to a company’s files. But Google is finally addressing that key complaint with a round of updates that will let customers shield their data by storing their own encryption keys. Google Workspace is adding client-side encryption so that a company’s data will be indecipherable to Google.
WhatsApp has launched its first major privacy-focused advertising campaign in the UK. It follows a customer backlash against changes to its terms and conditions, announced earlier this year. The platform also said it is standing firm against pressure from governments, including the UK, to compromise on the way that it encrypts messages. WhatsApp uses end-to-end encryption, which means messages can only be read on the device which sends one and the device which receives it. WhatsApp itself – and by default its parent company Facebook – cannot view or intercept them, and neither can law enforcement.
Devo Technology announced the results of a report assessing the current state and pace of change with regards to enterprise cloud transformation initiatives and the ramifications on teams running a Security Operations Center. The report found that the global pandemic accelerated business transformation far past the cloud tipping point and uncovered severe and far-reaching implications for security teams.The global pandemic, and associated surge in remote work, accelerated a massive move to the cloud with cloud-first organizations now outnumbering on-premise organizations by a ratio of three-to-one.
Chaos means cash for cybercriminals, setting off a fresh wave of investment for security startups. Armed with data and powered by cloud, the next generation of security services face a growing attack surface as the world’s connected devices are predicted to exceed 75 billion by 2025. Backing up and protecting the hundreds of zettabytes of data created and stored using modern cybersecurity techniques is a Sisyphean task. Digital transformation is changing how the world does business as every sector adopts a data-driven mindset. But cybersecurity seems to be struggling to fully adapt to this new and heavily distributed world.
Cloud adoption has accelerated in the past year as organizations scrambled to support a remote workforce. Despite this rapid adoption and growth, companies often misunderstand a key cloud concept: the shared responsibility model (SRM). The CSP is responsible for security “of” the cloud—think physical facilities, utilities, cables, hardware, etc. The customer is responsible for security “in” the cloud—meaning network controls, identity and access management, application configurations, and data.
A majority of Americans say they would like greater transparency in how companies handle and track their data, an Axway survey shows. The data privacy study asked 1,017 American adults about their general understanding and concerns related to how companies use, handle, and track their data. Respondents have broad concerns over how their data is stored and secured, and people are overwhelmingly supportive of having more control over who sees their personal data.
Businesses forced to comply with a patchwork of state and global privacy rules have turned what was once a cottage industry focused on data and privacy into a multi-billion-dollar sector. Consumers are more connected than ever, causing data flows to a wide variety of companies to grow exponentially. The companies that help other companies process, maintain, and legally maximize use of consumer data are in high demand, and collectively need to mature. These companies are increasingly becoming "platforms for risk management," per Polonetsky.
AI is a hot buzzword in cybersecurity, but just because a security tool is labeled “AI-enabled” or “AI-powered” doesn’t mean the technology will translate easily to your cybersecurity system. Just as AI can be used as a tool to protect against cyberattacks or sniff out cybersecurity threats, it also can be programmed with adversarial machine learning and used to create harmful situations. When considering artificial intelligence components, there are other things, besides security, you need to know. For AI to be most effective at protecting your security system, you need to make sure the components are the right fit.
The widespread transition to remote working has put data privacy under the spotlight and organizations of all shapes and sizes have been forced to take note.According to a new report from privacy compliance technology company TrustArc, the number of enterprises with formal privacy departments rose by 17 percent last year. What’s more, almost half of the 1,600 respondents said they spent most of their time on privacy initiatives, despite the fact the company surveyed staff from a range of departments. The growth was fueled partly by organizations needing to solve the challenges of remote working. Many turned to purpose-built privacy software solutions and built out dedicated teams to make solving privacy challenges possible.
The European Union’s (EU) privacy watchdog has opened two investigations into the use of US-based cloud services by European public sector organizations to see whether they are effectively protecting citizens’ personal data. The first investigation by the European Data Protection Supervisor will look at the use of cloud services provided by Amazon Web Services and Microsoft across the bloc’s public sector bodies and agencies under Cloud II contracts. The second will look specifically at the European Commission’s use of Microsoft Office 365.
It’s still an incredibly young field of research, however firms from Google to IBM believe quantum computing will become a reality in the next decade. In the U.K., a company called Arqit is quietly preparing businesses for cyberattacks in the age of quantum computing. Quantum computers will be able to do specific tasks much faster than classical machines and that could be a problem for today’s encryption standards.
The Biden administration is responding to the growing threat of ransomware attacks with a vigor and seriousness unparalleled in the government’s decades-long battle against hacking. The response to the wave of costly and disruptive attacks involves nearly every facet of the federal government. It was spurred most recently by high-profile ransomware attacks against the energy and food sectors but also by a drip, drip series of hits on schools, hospitals and local governments that collectively demonstrate an unacceptable level of vulnerability across the nation’s vital infrastructure.
Despite most organizations (81 percent) suffering a data breach in the past twelve months, cybersecurity experts still downplay the likelihood of a breach. This is according to a new report from IT giant VMware, based on a poll of more than 3,500 CIOs, CTOs and CISOs, which states that roughly half of respondents fear a material breach will take place in the next year. However, just two in five have updated their security policy and approach to mitigating potential risks.
Security and IT professionals in the Middle East are demonstrating a rising desire to secure critical applications and data, driving higher encryption adoption for newer use cases like containers and IoT platforms, as well as for email and private cloud infrastructures. According to respondents from the region, the most important feature associated with encryption solutions is support for cloud and on-premises deployment. The adoption of encryption for private cloud infrastructure has risen over the past two years and Bring Your Own Key (BYOK) management support was cited as an important feature of cloud encryption solutions.
Fujifilm is investigating a potential ransomware attack that resulted in the company closing down part of its network. The company first noticed the "possibility" of a ransomware attack on June 1 and took swift action to discontinue all compromised systems. In an earlier statement, Fujifilm confirmed that the cyber-attack is preventing the company from accepting and processing orders.
The U.S. Department of Justice is elevating investigations of ransomware attacks to a similar priority as terrorism in the wake of the Colonial Pipeline hack and mounting damage caused by cyber criminals, a senior department official told Reuters. Internal guidance sent on Thursday to U.S. attorney's offices across the country said information about ransomware investigations in the field should be centrally coordinated with a recently created task force in Washington.
As desktop and mobile operation systems integrate cloud storage, syncing data to and from the cloud has become easier than before. Accessing data from anywhere from any device has opened a lot of opportunities for users. However, this also gives access to other people with malicious intent to obtain sensitive files. Five ways to keep cloud storage secure are covered in this article.
A California healthcare provider is informing more than 147,000 people that their personal data may have been exposed in a recent cyber-attack. Scripps Health, which operates five acute-care hospitals in San Diego, among other facilities, took most of its network offline after detecting a ransomware infection at the beginning of May. While the majority of Scripps' network has now been restored, the attack caused four weeks of disruption, with patient appointments' having to be canceled or rescheduled. Employees were forced to rely on offline documentation methods, and ambulances had to be diverted, causing a surge of patients at other local facilities.
Cloud security and web application security demand technology and practices that protect applications and data hosted remotely. The reasons for encrypting cloud data are privacy, security and regulatory compliance — all standard for any successful enterprise. At the bottom of all this is the idea of being intentional about encryption, knowing the standards you need to meet and the specifics of your group’s needs. Properly encrypted data in the cloud can be even more secure than keeping it locally.
Artificial intelligence must be the future for network security, according to Fortinet. With the threat landscape constantly evolving and increasing in complexity, continued digital innovation, technological developments, and the introduction of 5G, coupled with the challenges of accelerated remote working practices and a growing cybersecurity skills gap, have collectively exacerbated the challenges that CISOs face in terms of protecting their companies’ digital assets. There have been significant developments in the artificial intelligence (AI) space that make it an increasingly strategic investment.
A Chinese game developer has accidentally leaked nearly six million player profiles for the popular title Battle for the Galaxy after misconfiguring a cloud database. AMT Games exposed 1.5TB of data via an Elasticsearch server. A research team at reviews site WizCase found the trove, which contained 5.9 million player profiles, two million transactions, and 587,000 feedback messages. Profiles typically feature player IDs, usernames, country, total money spent on the game, and Facebook, Apple or Google account data if the user linked these with their game account.
Cloud computing has made securing data harder than ever. Compounding these challenges, especially in complex, multi-cloud environments, is the ever-growing number of encryption and key management solutions enterprises are using. In addition, 64% of companies say that it is unclear as to who “owns” key management, making this area especially problematic. To combat these issues, companies are developing enterprise-wide encryption strategies.
32% of organizations have seen an increase in device encryption in the past year, according to a Vanson Bourne survey. Additionally, 31 percent noted that their organization now requires all data to be encrypted as standard, whether it’s at rest or in transit, and 24 percent require the encryption of all data when it’s being stored on their systems or in the cloud. Regardless of the increase in the use of encryption, when asked to select up to three main causes of a data breach within their organization, 30 percent of those surveyed report lack of encryption (12%) and lost/misplaced devices containing sensitive corporate information (18%) as main causes. This could be due to the absence of control over corporate data.
Privacy-protecting databases use a number of techniques to guard data. The simplest way to protect individuals’ records in databases may be to assign digital pseudonyms that can be stored in a separate database. Researchers are given only the first database, with the pseudonyms relieving them of the obligation to protect people’s real names. The database with real names may be stored in a second, more carefully protected location — or even completely discarded. More sophisticated approaches use encryption or a one-way function to compute the pseudonym.
The volume of compromised records globally has increased on average by 224% each year since 2017, according to new findings shared by Imperva. There were more records reported as compromised in January 2021 alone (878 million) than for the whole of 2017 (826 million). Alongside the increase in this figure over the past four years, there’s been a 34% rise in the number of reported breaches over the period, and a 131% increase in average number of compromised records per incident, said Imperva security researcher, Ofir Shaty.
Covid-19 forced many companies to rapidly adopt cloud-based technologies in a way that could never have been predicted. Whether it was how we communicated or how we collaborated, businesses needed to find a way to work securely in the new world we are currently operating in, and this has accelerated the adoption of cloud solutions in a short space of time. Many businesses were already beginning to move certain areas of their IT estate from being hosted on-premise or in private rackspace in a data center to being hosted in the public cloud, where computing resources are shared across multiple businesses.
Dealing with cloud accounts that have been compromised is becoming even more expensive as new research from Proofpoint and Ponenom Institute has revealed that cloud account compromises cost organizations over $6m each year. “The Cost of Cloud Compromise and Shadow IT”, the cybersecurity firm and IT security research organization surveyed more than 600 IT and IT security professionals across the US. Of those surveyed, 68 percent said they believe cloud account takeovers present a significant security risk to their organizations.
Digital transformation is not about replacing the analog product with a virtual service. It defines the digital changes brought to the value chain to develop, produce, promote, distribute and sell a product or service. During this process, the data generated can be utilized to understand and boost customers’ experiences and increase efficiency. It allows the company to grow in the competitive market. With an increase in digital innovations, several large-scale companies and entrepreneurs have started implementing digital transformation strategies to reach their target audience
There were over 2300 data breach incidents reported by just 22 of the UK’s police forces in 2020, according to new Freedom of Information data. VPNoverview requested information from the UK’s 45 police forces and received responses from 31. All told, the results revealed a national average of 299 data breaches per police station over the period dating from 2016 to the first four months of 2021. This included a combination of human error — for example, staff emailing sensitive information to the wrong recipient — and malicious third-party attacks.
Absolute security has always been easy. You just pull the disk drive, bury it in a secret location, and then burn the map. Laughing maniacally is optional. The data is secure. Working with data without letting it leak out has always been much harder. Over the decades, mathematicians and computer scientists have been creating better, faster, and more elaborate algorithms that balance the need to keep data secure while making it available to answer questions. Some of the newest algorithms are changing the field by making it possible to accomplish jobs and deliver reports that were once impossible.
Nearly two-thirds of C-level AI leaders can’t explain how specific AI decisions or predictions are made, according to a new survey on AI ethics by FICO, which says there is room for improvement. While there are some bright spots in terms of how companies are approaching ethics in AI, the potential for abuse remains high. There is a general lack of urgency to address the problem, according to FICO’s survey, which found that, while staff members working in risk and compliance and IT and data analytics have a high rate of awareness of ethics concerns, executives generally are lacking awareness.
Many companies seem eager to leverage artificial intelligence and machine learning capabilities, if for no other reason than to be able to let their employees, customers, and business partners know that they’re on the leading edge of technology progress. At the same time, a lot of businesses are looking to enhance the experiences of customers and channel partners, in order to increase brand loyalty, boost sales, and gain market share—among other reasons.
Pizza company Domino’s India suffered a data breach in April that contained 180 million customers’ order records, and a data dump weighing in total of 13TB data dump. Now that data has come to the fore in terms of a searchable portal. You can search for your phone number or email address to check the orders you’ve placed. The dreaded part is that the data contains information about your order location, apart from your phone number and email ID. This makes it easy for scammers or spammers to locate your home and office address.
The convenience of online access to bank accounts, payment apps, crypto exchanges and other transaction systems has created enormous risks, which the vast majority of individuals either choose to ignore or simply don’t understand. The internet has become the new private network and, unfortunately, it’s not so private. Open application programming interfaces, scripts, spoofing, insider crime, sloppy security hygiene by users and much more all increase our risks. In many respects, the convenience of cloud-based services exacerbates the problem. But software built in the cloud is a big part of the solution.
In the expanding universe of AI Ethics discourse, the three most central concepts discussed are bias, discrimination, and privacy. Bias is the pre-condition that leads to discrimination, so we can say there are just two. AI does not own these problems. Professional mathematicians, statisticians, social scientists and actuaries have employed detailed models to justify discrimination and exclusion, principally of the poor and racial minorities, for almost 150 years. Attempts to find solutions by crafting ethically-driven organizations are not sufficient.
Data poisoning attacks against the machine learning used in security software may be attackers’ next big vector, said Johannes Ullrich, dean of research of SANS Technology Institute. Machine learning is based on pattern recognition in a pool of data. Data poisoning is adding intentionally misleading data to that pool so it begins to misidentify its inputs.
Artificial intelligence and machine learning are often touted as crucial tools for automated detection, response, and remediation. Enrich your defenses with finely honed prior knowledge, proponents insist, and let the machines drive basic security decisions at scale. This year’s RSA Conference featured an entire track dedicated to security-focused AI, while the virtual show “floor” featured no fewer than 45 vendors hawking some form of AI or machine learning capabilities.
E-commerce platform Mercari has disclosed a major data breach incident that occurred due to exposure from the Codecov supply-chain attack. Mercari is a publicly traded Japanese company and an online marketplace that has recently expanded its operations to the United States and the United Kingdom. The Mercari app has scored over 100 million downloads worldwide as of 2017, and the company is the first in Japan to reach unicorn status.
Amid the economic crisis due to the ongoing pandemic, IT and cloud security threats are floating around indicating more business-wide loss. As the uncertainty around COVID-19 accelerates, the world will continue to operate remotely. Countries like India are already seeing a massive second wave of the pandemic which has put all businesses behind the doors, yet again – when the nation was slowly recovering.
Companies plan to take extensive actions in the next 12 months to address a broad concern for sensitive data being unprotected in use at the application layer, Entrust and Prime Factors reveal. Results from a recent survey of 600 IT professionals across the US and the UK convey that most companies are taking a variety of actions related to data protection. However, many companies do not address data protection in the applications they control, instead relying on data-at-rest encryption techniques which generally do not protect data-in-use.
Sen. Amy Klobuchar is back with a bill to protect consumer data privacy when collected by large tech platforms like Facebook and Google. Klobuchar has teamed up with a bipartisan group of senators, including Sens. John Kennedy, Joe Manchin, and Richard Burr, to reintroduce the Social Media Privacy Protection and Consumer Rights Act. The privacy legislation would force websites to grant users greater control over their data and allow them to opt out of data tracking and collection.
A survey conducted by Lead to Market reveals a growing conflict between data scientists and data security professionals. Businesses, in their quest for actionable insights, are pressuring data scientists to accelerate analysis, which requires quick access to a business’s library of data artifacts. However, those charged with data security are implementing more access controls and further restricting access to critical data sources. Ultimately, those restrictions are being driven by data privacy, intellectual property requirements and compliance legislation; however, it puts data scientists at odds with data privacy.
Verizon’s data breach report for 2021 frames the degree to which the pandemic has influenced cyber criminal activity, with the focus shifting strongly toward work-at-home infrastructure. 39% of all data breaches in 2020 stemmed from web application compromise, and both phishing and ransomware incidents jumped significantly from 2019. One thing has not changed, however—human negligence continues to be the leading cause of security breaches.
At Google I/O 2021, Google Cloud announced that its new managed machine learning (ML) platform Vertex AI is now generally available. The new platform allows organizations to accelerate the deployment and maintenance of AI models as Vertex AI requires almost 80 percent fewer lines of code to train a model when compared to other competing platforms.
Ransomware groups have always taken a more-is-more approach. If a victim pays a ransom and then goes back to business as usual—hit them again. Or don't just encrypt a target's systems; steal their data first, so you can threaten to leak it if they don't pay up. The latest escalation? Ransomware hackers who encrypt a victim's data twice at the same time. Double-encryption attacks have happened before, usually stemming from two separate ransomware gangs compromising the same victim at the same time. But antivirus company Emsisoft says it is aware of dozens of incidents in which the same actor or group intentionally layers two types of ransomware on top of each other.
Two mega-breaches caused by third parties earlier this year, following the SolarWinds supply chain hack created a growing tsunami of third-party risk for enterprises and government organizations. Security software provider Accellion also suffered a breach in their FTA tool which caused many of their clients to have their data exposed to hackers. A number of high-profile customers were affected, including the Jones Day law firm, Kroger stores and Shell Oil, along with other government and educational institutions. Given the software’s purpose – storing sensitive data for clients – these breaches are sure to cause lots of pain for the victimized companies, and it’s likely more victims will emerge as the investigation continues.
Facebook Inc.‘s failed bid to prevent the impending blockage of data flowing from Europe to the U.S. puts pressure on government officials who are negotiating over privacy protections, according to a former U.S. policy director. The social media giant could be forced to suspend trans-Atlantic data flows following a Friday court ruling that allowed Ireland’s data privacy watchdog to move forward with its review of the legality of Facebook’s handling of personal data on Europeans.
Most organizations that move to multi-cloud environments are not properly configuring their cloud-based services, according to the “2021 Cloud Security Report: Cloud Configuration Risks Exposed” from application lifecycle security company Aqua Security. The report may reinforce growing demand for cloud security posture management (CSPM) software, MSSP Alert believes. The reason: CSPM tools help MSSPs and customers to properly configure and monitor workloads across Amazon Web Services, Microsoft Azure, Google Cloud Platform (GCP) and more.
Google is facing internal concerns that implementing an Android equivalent of Apple's ATT or App Tracking Transparency framework, which offers iOS and iPadOS users the ability to opt-out of tracking across apps and websites, will hurt its more than $130 billion annual spending budget for ads, according to a new report from The Information.
SecureLink released its third-party data breach report with the Ponemon Institute, highlighting the gap between perceived third-party access threats and the security mitigations adopted. The report titled “A Crisis in Third-party Remote Access Security” found that organizations were not implementing the necessary security measures to mitigate third-party remote access risks.
The number of data breaches within organizations has increased by a third as more people worked from home due to the COVID-19 pandemic. According to the Verizon Business 2021 Data Breach Investigations Report, of 29,207 incidents analyzed, 5,258 were confirmed breaches, a third more than last year. The report said breach data showed 61% of breaches involved credential data, while 85% of breaches involved a human element.
U.S. President Biden late Wednesday signed a long-awaited executive order intended to improve the country’s cybersecurity and protect federal networks. The move follows some of the worst attacks against U.S. networks and critical infrastructure including SolarWinds, the Microsoft Exchange hack, and, most recently, the ransomware attack against Colonial Pipeline that took down the country’s largest fuel line...As expected, security professionals expressed mixed reactions to the directive with some applauding the White House’s action and others saying that it doesn’t go far enough.
Fitness technology company Echelon, like Peloton, offers a range of workout hardware — bikes, rowers, and a treadmill — as a cheaper alternative for members to exercise at home. Its app also lets members join virtual classes without the need for workout equipment. But Jan Masters, a security researcher at Pen Test Partners, found that Echelon’s API allowed him to access the account data — including name, city, age, sex, phone number, weight, birthday, and workout statistics and history — of any other member in a live or pre-recorded class.
Google on Thursday released an update for its measurement and analytics products, including a significant privacy update for Google Analytics. The company said the new capabilities stem from its investments in machine learning and modeling and are designed to help marketers operate without cookies and other identifiers on websites and apps.
According to a new Forrester report, "The Tech Executive's Primer On Data Science, Machine Learning, And AI,” a lack of understanding is hampering the ability of business leaders to effectively deploy data science, machine learning and artificial intelligence projects to solve business problems. "All executives need to make strategic decisions about how and where to leverage these technologies, but few leaders have experience with them, so misconceptions abound, causing poor outcomes, wasted resources and resistance to future initiatives," the report said.
It's no secret that digital transformation is driving the modern business world. The concept of perpetual technological change and advancement has become a current that is pulling every business into its eddying and often-turbulent flow. This constant state of change has particularly highlighted a series of digital transformation trends in the areas of privacy and trust. The need to protect consumer data throughout the business process is growing in importance.
Zero trust security is no longer just an option for federal agencies.The Biden administration issued a long-awaited cybersecurity executive order Wednesday that, among other things, requires federal agencies to develop an implementation plan for a zero-trust architecture for security.This mandate falls under a larger push to modernize federal cybersecurity in the wake of the recent cyberattacks that have compromised federal agencies through the exploitation of software made by contractor SolarWinds and flaws in Microsoft’s Exchange software.
People who have been infected with the coronavirus are staring at a new kind of privacy breach, with their leaked health data being allegedly used by insurers and lenders to take a call on, say, their insurance premium, cyber security experts said. They have also warned against potential identity thefts as several Covid-19 patients’ Aadhaar details along with their blood reports, health history, and plasma infusion details are all now available on the dark web.
With most healthcare organisations continuing to digitise services and increasingly move workloads to the cloud, any healthcare technology leader must prioritise cloud data and security in this expanding virtual environment. As digital transformation initiatives continue to expand an organisation’s virtual ecosystem, it is imperative that cyber security and cloud data protection practices are prioritised and baked into the business strategy.
Over the last year, the vast majority of organizations (85%) that use Microsoft 365 have experienced an email data breach, according to data security company Egress. The company said that WFH has "exacerbated" email data breach risks and this has "intensified for Microsoft users, with 67% of IT leaders reporting an increase in data breaches" related to telecommuting. About one-third of IT leaders at companies that are not using Microsoft 365 reported increased WFH-related data breaches, according to Egress.
Faster data breach notification time is emerging as a reliable application of artificial intelligence in the cybersecurity sector, a development that could help other industries better understand their own use of smarter technologies, a leading subject matter expert said on Monday. Dr. Frederic Lemieux, faculty director and professor of the practice for applied intelligence at Georgetown University, suggested that more efficient pattern recognition already is helping global companies spot anomalies in wide swaths of data.
Almost a third of businesses now say they use Artificial Intelligence (AI) in one form or the other, new figures have claimed. A report from IBM found that although AI adoption itself was flat over the last year, businesses plan to make “significant investments” throughout 2021, with another third sharing their desire to invest in AI skills and solutions over the next 12 months.
Given the large number of bricks-and-mortar issues which real estate companies must address daily, it’s unsurprising that issues associated with data privacy and cybersecurity often seem less urgent for many property owners. But recent changes in the law in California, Virginia, New York State and now New York City mean it no longer makes good business sense for real estate companies to delay becoming proactive in addressing privacy and cybersecurity issues.
A database used to operate an Amazon fake reviews scam has leaked in a data breach, with the data trove revealing personal data for at least 200,000 people. The reviews on Amazon have been plagued by fake reviews for quite some time, with fictional high-scoring testimonials propping up the score of products to make them look good on the online retailer's pages. A data breach allegedly shows some of the workings behind one of the scams, as well as hinting at the scale of the problem.
Vaccine passports hold one of the keys to getting the travel industry up in the air again, but they are not without privacy and security challenges. Alex Meehan investigates. For as long as there has been technology, there have been competing standards, and it seems that when it comes to the issue of vaccine passports, not much has changed.
The main pipeline carrying gasoline and diesel fuel to the U.S. East Coast was shut down by its operator after being hit with a cyberattack. Colonial Pipeline Co. operates the 5,500-mile Colonial Pipeline system taking fuel from the refineries of the Gulf Coast to the New York metro area. It said it learned Friday that it was the victim of the attack and “took certain systems offline to contain the threat, which has temporarily halted all pipeline operations.”
94.7% of IT leaders saw an impact to their work-from-home data protection as a result of COVID-19, according to IDC. The survey also unearthed that 90.8% of respondents point to modernizing data protection, including backup and disaster recovery, as a top IT priority that is crucial to their organizations’ overall digital transformation.
Over 20 businesses worldwide announced the creation of the Data Privacy Protocol Alliance (DPPA) yesterday. DPPA is set to build a decentralized blockchain-based data system that it hopes will compete against data monopolies such as Google or Facebook by allowing users to take control of their own data. Specifically, the Data Privacy Protocol Alliance will develop a set of guidelines and specifications for a version of CasperLabs’ layer-one blockchain “optimized for data sharing, data storage, data ownership, and data monetization,” according to the announcement.
Months after Apple’s App Store introduced privacy labels for apps, Google announced its own mobile app marketplace, Google Play, will follow suit. The company today pre-announced its plans to introduce a new “safety” section in Google Play, rolling out next year, which will require app developers to share what sort of data their apps collect, how it’s stored and how it’s used.
Florida Republicans making last-minute changes to internet privacy legislation that died last week ran into a similar stumbling block as Democrats who failed to pass a law in Washington last month: how to enforce it. The statehouses’ disagreements over whether consumers should be able to sue companies for abusing their data illustrate the thorny politics of privacy enforcement and underscore businesses’ fear of litigation, according to elected officials and data-protection experts.
Companies that had the digital tools to meet the demands of the pandemic are now ready to move into phase two of digital transformation, according to a Microsoft executive. This means seeing a return on investment from cloud infrastructure, remote work tools, automation and machine learning. Deb Cupp, Microsoft corporate vice president of worldwide commercial industries, said that the first phase of digital transformation is establishing a cloud-based infrastructure. Companies that had passed this milestone before 2020 were better prepared to cope with the pandemic and are now ready to realize the benefits of this transformation.
Ensuring compliance with data protection laws has become so complicated that companies must make room for regulatory and ethics experts in product engineering processes, privacy executives say. These laws can present a potential risk without a clear process for making sure new products and services comply with them, said Ruby Zefo, chief privacy officer at ride-hailing company Uber Technologies Inc.
The promise of owning content to deliver ads fueled by mobile subscriber data was a powerful lure driving Verizon to acquire two of the web’s oldest and best-known media brands. But despite CEO Hans Vestberg’s eventual disinterest in holding onto the legacy properties of AOL and Yahoo — culminating in the telecom company’s sale of Verizon Media to Apollo Global Management announced earlier this week — digital ad industry execs say regulatory pressures, tech industry privacy moves and internal restrictions on data sharing contributed to Verizon’s decision to unload its media and ad tech properties, including its ad tech stack and identity tech product, ConnectID.
ByteDance’s popular video sharing app TikTok has faced security and privacy concerns from most of the world outside of the company’s native China, but has had particular legal trouble in the EU as of late. As consumer complaints in the region mount, TikTok will be opening a “transparency center” in a bid to address these concerns. TikTok’s “European Transparency and Accountability Centre” is slated to open in Ireland sometime in 2022. The center will reportedly grant EU policymakers and security researchers access to the inner technical and business workings of the app, with a particular focus on reassuring the public that the social media platform is taking child safety and privacy seriously.
The digital transformation times, they are a-changing – and so, too, must digital transformation metrics. “The primary measure of success last year was survival,” says David Cushman, research director in the emerging technology practice at IT consultancy and research firm HfS Research. “Transformation was thrust on so many.” Companies and their IT organizations had no choice but to do what needed to be done – quickly. Speed, Cushman says, was the primary KPI. Having completed any number of initiatives (many that had been on the digital to-do list for some time), organizations are looking at what’s next.
The fact that COVID-19 accelerated the need for digital transformation across virtually all sectors is old news. What companies are doing to propel success under the circumstances has been under the spotlight. However, how they do it has managed to find a place in the shadows. Simply put, the explosive increase in innovation and adoption of digital solutions shouldn’t be allowed to take place at the expense of ethical considerations.
Companies are expected to raise spending over the next few years on technology designed to power data-processing tools installed directly on factory-floor machinery, cell phone towers, train-track signals or store-checkout hardware—instead of in a data center. The goal of edge computing is to improve the performance of production and service applications by processing data where it is being generated and apply it at lightning speed.
One would hope that credit bureau Experian had learned a lesson about data leaks after watching what happened to contemporary Equifax in 2017, but the agency has now followed up a major 2020 breach in South Africa with a new application programming interface (API) security vulnerability that appears to have leaked the credit scores of nearly every American that has one. A partner website allowed anyone with a subject’s name and mailing address to pull up their credit score.
35% of UK IT decision makers admitted that their remote workers have already knowingly put corporate data at risk of a breach in the last year according to an annual survey conducted by Apricorn. This is concerning given that over one in ten surveyed IT decision makers also noted that they either have no control over where company data goes or where it is stored (15%) and their technology does not support secure mobile/remote working (12%).
While Facebook and Apple tussle over the harms and benefits of online advertising, more and more of us are sidestepping the issue by blocking ads completely. Use of ad blocking software like web browsers is surging, especially on smartphones, a study published Monday concludes. The number of people using ad blockers has remained mostly level on personal computers, with 257 million people using them monthly by the end of 2020.
DigitalOcean has emailed customers warning of a data breach involving customers’ billing data, TechCrunch has learned. The cloud infrastructure giant told customers in an email on Wednesday, obtained by TechCrunch, that it has “confirmed an unauthorized exposure of details associated with the billing profile on your DigitalOcean account.” The company said the person “gained access to some of your billing account details through a flaw that has been fixed” over a two-week window between April 9 and April 22.
Cyberattacks against colleges and universities can be fruitful. Few organizations hold the amount and variety of data that higher education does. Thousands, if not millions, of endpoints are ripe for compromise. A large state flagship university houses decades worth of student records, faculty and staff employment information, government-sponsored research and intellectual property and other personally identifiable information (PII) of anyone who ever signed up for an activity on campus. With so much data under one umbrella, data security in schools is key.
Today, roughly five percent of organizations have moved their entire IT infrastructure to the cloud. In five years’ time, however, that number is expected to swell to 64 percent. This is according to a new report from cloud management company CloudCheckr. In its annual Cloud Infrastructure Report, the company says the majority (57 percent) of the organizations it surveyed have more than half of their infrastructure in the cloud today.
A new study carried out by IDC for cloud data management company Zerto reveals that modernizing data protection, including backup and disaster recovery, is an IT priority that is crucial to digital transformation for 90.8 percent of respondents. It also shows that 94.7 percent have seen an impact to their work-from-home data protection as a result of COVID, and that 80 percent of new applications will be deployed in the cloud or at the edge.
In the legal world, and in particular the world of electronic discovery, artificial intelligence (AI) has been around for more than a decade. It is no longer unusual or controversial for organizations to use AI technologies in litigation, especially where large or complex data sets are involved. Legal teams now routinely turn to AI to defensibly accelerate the process of identifying documents likely to be responsive to requests for evidence.
Current and aspiring cybersecurity professionals named cloud security, data analysis and coding/programming as the top three most important skills to possess if you’re looking to join the cyber workforce today. Those findings came from a new survey-based research report from the International Information System Security Certification Consortium, or (ISC)². For its “Cybersecurity Career Pursuers Study,” the non-profit organization polled 1,024 cybersecurity pros across the U.S. and Canada, along with 1,010 cybersecurity job seekers looking to land their first position. Twenty-five percent of the former group and 19% of the latter group said cloud security was one of the two most important technical skills or concepts to learn.
While cloud migration isn't as controversial as it used to be for many organizations, issues about security linger. That's why it's important for security teams to put together a solid program to protect their cloud environments. To do that, it's useful to have a list of action items—high-priority projects—that will serve as the pillars of a robust cloud security program.
Apple is introducing some limitations to the data collection practices that constitute the bread-and-butter of creepy targeted advertising arising from our use of apps. ATT was confirmed earlier this year, and it is a major blow to most modern-day online advertising strategies. The feature requires apps to get users' permission before tracking their data across other companies' apps or websites for advertising purposes...For those that are more reliant on the benefits of targeted advertising, the announcement has rather come as a matter of deep concern. One of the most prominent voices to raise against the new feature has been Facebook's.
6%: Percentage of C-suite leaders who have adopted AI-powered solutions across the organization. The value of artificial intelligence in powering business operations is undeniable. In fact, a recent survey of 700 business leaders and employees found that a full 95% acknowledge that their organization would benefit from embedding AI across the company—into daily operations, products and services.
While the CCP government reserves practically unlimited right to access the personal information of Chinese citizens, technology companies have been subject to fairly stringent data protection rules for some time now. Those rules are now being strengthened in a way that seems to be aimed specifically at tech giants that are in the business of running social media and e-commerce platforms.
Companies are employing multi-cloud strategies that are changing the structure of the cloud industry and the power dynamics that lie within. Multi-cloud infrastructure empowers organizations to mix and match platforms and vendors such that their workloads are not locked into individual cloud providers while the most significant impacts of multi-cloud strategies have yet to be seen, the power dynamics between AWS, Azure, and Google Cloud are slowly shifting.
Given the EU's leaked plans for AI regulation, which calls for a ban on specific types of AI systems, such as those that directly track individuals and create social credit scores, the topic of regulation in the U.S. has been on people's minds. AI is coming, so what can regulators do—and what should they absolutely not do—to protect citizens and consumers while also encouraging technological development?
On Monday, Apple is rolling out a long-awaited privacy feature for iOS. The latest version of the company’s mobile operating system, iOS 14.5, will prompt iPhone and iPad users to opt out of tracking in apps that monitor their behavior and share that data with third parties. This new feature is a significant step for user privacy, as it gives people more control over their mobile phone app data and how it’s used by companies, like Facebook and Google, to target ads. At the same time, the move has frustrated app developers and tech companies that have relied on the reservoir of user data for years, and who fear they’re likely to be cut off from it in the near future.
The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing environment, is pleased to announce the first cohort of Cloud Security Alliance Trusted Cloud Providers. Built upon existing CSA programs, the Trusted Cloud Provider trustmark (which will be displayed on each organization’s Security, Trust, Assurance & Risk (STAR) registry) will assist consumers in identifying cloud providers that demonstrate their commitment to holistic security and are aligned with their individual security requirements.
Regulators in Europe and Washington are racing to figure out how to govern business' use of artificial intelligence while companies push to deploy the technology. On Wednesday, the EU revealed a detailed proposal on how AI should be regulated, banning some uses outright and defining which uses of AI are deemed "high-risk." In the U.S., the federal government has yet to pass legislation specifically addressing AI, though some local governments have enacted their own rules, especially around facial recognition.