These are some of the cybersecurity stories CTOvision is tracking. For others see our portal into all things cybersecurity and cyberwar.
Facebook lets advertisers target users based on sensitive interests
CTOvision has been tracking the Facebook data issues for quite a while and will continued to keep you in the loop (see The Ethics Of AI and Big Data: Facebook and Cambridge Analytica Are Writing New Case Studies For Us All). One high interest piece in related to the Cambridge Analytica data breach scandal highlights how Facebook has been under vigorous scrutiny from users as well as many governments across the world. Now a new investigation will further mar Facebook's reputation. With GDPR imminent, a new Guardian investigation had found that Facebook lacks privacy controls for information inferred about users, including sensitive details used in ad targeting. Read about how Facebook may be letting ad providers access sensitive user information on The Guardian.
What The Board Needs To Know About the GDPR
Executives in businesses around the globe have been tracking The European Union's (EU) General Data Protection Regulation (GDPR), which goes into effect 25 May 2018. Those who operate primarily in the EU have had plenty of time to focus on this and no excuses for not paying attention. Those who operate primarily elsewhere also have no excuse to not be aware of the GDPR and should have already assessed how things should change because of these new rules. We have found, however, that many firms in the EU and the US and elsewhere are still not paying enough attention to these very serious rules. Admittedly our sample size is small and this may not be reflective of the majority of firms, but we have seen indications that many firms are adopting a strategy of putting their collective head's in the sand or not really doing a serious assessment of the potential impact of GDPR on the firm. For more see: GDPR
Get DMARC Done To Help Fight Cyber Attacks
The Domain-based Message Authentication, Reporting & Conformance (DMARC) security protocol enables organizations to protect their email domains from being used by spammers and phishers to trick employees, customers and trading partners. Without DMARC implemented, scammers and criminals can easily “spoof” an email domain to steal money, trade secrets or even jeopardize national security. DMARC weeds out fake emails (known as direct domain spoofing) deployed by spammers and phishers targeting the inboxes of workers in all sectors of society. According to the 2017 Symantec ISTR report, 1 in 131 emails contained malware, the highest rate in 5 years. One of the most helpful providers of actionable information on DMARC is the Global Cyber Alliance.
For more on DMARC see: Global Cyber Alliance Release: Perhaps the most important of the 2018 RSA Conference Season and: Government Matters TV Explores Email Security Standards, DoD IT and Cloud Security with Bob Gourley
Companies Turn to War Games to Spot Scarce Cybersecurity Talent
Companies have found a new way to tap scarce cybersecurity talent. Profile of UK government's annual Cyber Security Challenge that tests contestants' abilities during cyberwar simulations and is used by companies to hire staff — Realistic scenarios help wannabe cybersecurity experts strut their stuff — A major shipping company is under attack. Source Bloomberg.
Intel did not tell U.S. cyber officials about chip flaws until made public
A new revelation that Intel did not disclose the Spectre and Meltdown flaws even though it knew about it could mean that Intel could be fined by the US authorities. Letters from Intel, Alphabet, and Apple to Congress say Intel didn't disclose Spectre and Meltdown flaws to US cyber security officials before news leaked. Source Reuters.
There are also new reports of vulnerabilities in hardware summarized by Bloomberg here. This report features insights from Yuriy Bulygin, expert in computer vulnerabilities. He spent most of his career at Intel Corp. studying security flaws in chips, including several years as the company’s chief threat researcher, until last summer. So you can believe him when he says he’s found something new: His latest research, set to be published on May 17, shows hackers can exploit previously disclosed problems in microprocessors to access a computer’s firmware—microcode that’s stored permanently inside processors and other chips—to get to its most sensitive information. “The firmware has access to basically all the secrets that are on that physical machine,” he says.
Apple, Cisco team up with insurance companies to offer cyber policy discounts
While cyber insurance is the best way to protect your business against data breaches and hacking attacks, expensive policies deter small and medium businesses from buying cyber insurance. Apple and Cisco have decided to tap into this lucrative market in partnership with insurer Allianz and insurance broker Aon. The foursome will offer discounted cyber insurance to businesses that primarily use their equipment. Read about the discounted cyber insurance on Reuters.
Are you on distro for our Cybersecurity and Cyberwar weekly? Sign up for that one plus others at CTOvision Newsletters.