War is merely the continuation of policy by other means. Interesting, but I’m not sure I agree with their conclusions.
https://thenextweb.com/news/experts-explain-cyberattacks-havent-played-huge-role-russian-ukraine-war
Experts explain why cyberattacks haven’t played a huge role in the Russia-Ukraine war
… We are political scientists who study the role of cybersecurity and information in international conflict. Our research shows that the reason pundits on both sides of the argument got it wrong is because they failed to consider that cyber and military operations serve different political objectives.
Cyber operations are most effective in pursuing informational goals, such as gathering intelligence, stealing technology, or winning public opinion or diplomatic debates. In contrast, nations use military operations to occupy territory, capture resources, diminish an opponent’s military capability, and terrorize a population.
Learn from the mistakes of others.
Ca: SLGA business partners should have figured out on their own that their data may have been stolen: minister
Geoff Leo reports on what sounds like an utterly unsatisfactory response by the government to questions as to why it didn’t directly notify those affected of a breach:
The minister responsible for the Saskatchewan Liquor and Gaming Authority (SLGA) says the Crown corporation didn’t directly notify its business partners that their data may have been stolen in a hack because those companies should have figured it out on their own.
According to a Dec 28 news release, SLGA’s computer systems were the target of a “cyber security incident” on Christmas Day. It said that at that time, “SLGA does not have any evidence that the security of any customer, employee or other personal data has been misused.” The organization repeated that line in communications with business partners.
Three weeks after the hack, the organization alerted employees that their data may have been stolen and offered them credit monitoring services.
At that time, it gave no such notification to SLGA’s suppliers, vendors or licensees.
So the government told them they had no evidence, but then only told some of those affected when the risk level changed after they did find evidence. They didn’t directly update/notify the others?
[…]
In an email, SLGA told CBC it is required by law to notify people whose data may have been unlawfully accessed and may be misused. The organization said rather than notify the potential victims directly, it decided to use the “indirect notification” approach, posting an update on its website.
SLGA says in a written statement on its website that Saskatchewan’s privacy commissioner has given the thumbs up to this indirect approach in cases “where the privacy breach is potentially very large or you may not be able to identify the affected individuals.”
Ah, the old “indirect notification approach,” otherwise known as “We can’t be expected to act responsibly after we were breached, so you’re kind of on your own.”
Unbelievable. At the very least, the government should have plastered big press releases in national media and popular provincial media.
Read more at CBC.
h/t, Brett Callow, who has his own thoughts on the matter.
Any limitations on time or treasure? Can they recover from the poster or the complainer?
Google must investigate links for false information, says top EU court adviser
Molly Quell reports:
If someone asks for links to be removed from Google because they are false, the company must look into the claim, said an adviser to the European Court of Justice in a non-binding opinion issued Thursday.
Advocate General Giovanni Pitruzzella found that, when Google is asked to remove something from its search results, it is responsible for fact-checking the results. The underlying case arose in Germany and involves two financial service providers accused of malfeasance by a purported extortion blog.
Read more at Courthouse News.
Contrary to expectations…
Ransomware negotiations are taking longer (and that’s a good thing)
It's taking longer to negotiate ransomware demands. That is a good thing.
Law firm BakerHosteler, which handles more than 1,250 cyber-related incidents a year, said in its annual Data Security and Incident Response report that the typical ransomware negotiation for its clients in 2021 lasted eight days. That is roughly twice as long as the five days in 2020.
… BakerHostetler's statistics provide a platform- and negotiator-independent look at how enterprises with high-end legal advice handle breaches. All single-company-based statistics are biased toward a customer base. In 2019, BakerHostetler clients paid on average three times as much as those using Palo Alto's incident response team, a possible consequence of the size of the firms involved. In 2020, that dropped to twice as much, even as statistics for the average payments for both skyrocketed. But in 2021, BakerHostetler clients' average payments dropped from $795,000 to $510,000, with PAN's client's jumping from $311,000 to $570,000, the first time the law firm's client base paid less. BakerHostetler thinks time of negotiation might be a reason why.
If time is not a scarce resource, the negotiating advantage is back in the hands of the consumer. Between 2020 and 2021, the average ransomware payment dropped by a third among BakerHostetler clients. And the difference was particularly pronounced in those who spent more time negotiating.
Because they have to?
How CISOs Can Manage the Intersection of Security, Privacy & Trust
There’s an old adage among cyber security professionals: “You can’t protect what you can’t see.” And with data exploding literally everywhere, it has become increasingly hard to protect. In fact, the World Economic Forum estimates that by 2025, the volume of data generated each day will reach 463 exabytes globally. To put that number into perspective, one exabyte is equivalent to one billion gigabytes. Chief Information Security Officers (CISOs) are already required to guard sprawling corporate and customer data at all costs or risk hefty legal and compliance fines; however, they now face an even tougher challenge.
Deploying a robust data privacy program is a complex job for CISOs who wear many hats these days – in fact, the CISO job description keeps growing and growing. CISOs are often asked by the Chief Privacy Officer (CPO), compliance and legal teams to provide data protection solutions that span security, privacy and legal issues. On top of that, they must keep employee data safe while balancing security with user productivity. They often have accountability directly to the Board, who is constantly asking for ROI on security investments to protect the organization from a brand-damaging data breach.
Not untypical. Management often underestimates the cost of new technology.
https://insidebigdata.com/2022/04/08/comet-reveals-machine-learning-survey-results/
Comet Reveals Machine Learning Survey Results
Comet, the provider of the leading development platform for enterprise machine learning (ML) teams, announced the results of its recent survey of machine learning professionals.
Hundreds of enterprise ML team leaders were asked about their experiences and the factors that affected their teams’ ability to deliver the level of business value their organizations expected from ML initiatives. Rather than attaining desired outcomes, however, many survey respondents revealed that they lack the right resources, or they shared that the resources they have are often misaligned. As a result, many AI initiatives have been far less productive than they could be.
Backgrounder…
What is spear phishing? Examples, tactics, and techniques
Spear phishing is a targeted email attack purporting to be from a trusted sender. Learn how to recognize—and defeat—this type of phishing attack.
Tools & Techniques. I need to practice this more.
https://www.bespacific.com/go-beyond-the-search-box-introducing-multisearch/
Go beyond the search box: Introducing multisearch
Google Blog: “How many times have you tried to find the perfect piece of clothing, a tutorial to recreate nail art or even instructions on how to take care of a plant someone gifted you — but you didn’t have all the words to describe what you were looking for? At Google, we’re always dreaming up new ways to help you uncover the information you’re looking for — no matter how tricky it might be to express what you need. That’s why today, we’re introducing an entirely new way to search: using text and images at the same time. With multisearch in Lens, you can go beyond the search box and ask questions about what you see. Let’s take a look at how you can use multisearch to help with your visual needs, including style and home decor questions. To get started, simply open up the Google app on Android or iOS, tap the Lens camera icon and either search one of your screenshots or snap a photo of the world around you, like the stylish wallpaper pattern at your local coffee shop. Then, swipe up and tap the “+ Add to your search” button to add text…” The antithesis of key word searching – now search is image based – using photos you take to replace creating a query.
No comments:
Post a Comment