Saturday, December 14, 2019


Not sure if this is a really big emergency or if they need to declare an emergency to free up funds and other resources. Something tripped an alarm at 5AM but nothing identified until 11AM? Stay tuned.
New Orleans Declares State Of Emergency Following Cyber Attack
The City of New Orleans has suffered a cybersecurity attack serious enough for Mayor LaToya Cantrell to declare a state of emergency.
The attack started at 5 a.m. CST on Friday, December 13, according to the City of New Orleans’ emergency preparedness campaign, NOLA Ready, managed by the Office of Homeland Security and Emergency Preparedness. NOLA Ready tweeted that "suspicious activity was detected on the City’s network," and as investigations progressed, "activity indicating a cybersecurity incident was detected around 11 am." As a precautionary measure, the NOLA tweet confirmed, the City’s IT department gave the order for all employees to power down computers and disconnect from Wi-Fi. All City servers were also powered down, and employees told to unplug any of their devices.
During a press conference, Mayor Cantrell confirmed that this was a ransomware attack. A declaration of a state of emergency was filed with the Civil District Court in connection with the incident.
It's not known what ransomware malware was used during the attack, and Mayor Cantrell has said that no ransom demand has been made at this point in time.




It’s always something.
Multi-Cloud Security Is the New #1 IT Challenge for Businesses
Most businesses now have an IT infrastructure that makes use of multiple cloud services providers. A new study from Business Performance Innovation (BPI) Network finds that multi-cloud security has become the biggest immediate IT challenge for businesses, as the authorization and authentication handoffs between these different services provide ample opportunity for things to go wrong.
The mass movement of businesses to a multi-cloud provider model can be traced back to a number of things: a desire to not be locked in to one vendor’s products, lack of necessary tools from a single vendor (or that vendor not offering those particular tools at a competitive price point), and network improvements such as lower latency and downtime.
There is, however, a widespread errant belief that somehow a multi-cloud setup is inherently more secure. This can be true, but only if sensitive data is exclusively stored on and accessed from a private part of the cloud that is properly monitored and managed by IT staff. What tends to happen in reality is that these disparate cloud components end up being difficult to integrate and train company personnel on. This leads to all sorts of mishaps, from misconfigured storage buckets being breached to vendors being given access to a much higher level of sensitive data than is required.




For my Security students.
CCPA FAQ
I am pleased to announce my new CCPA FAQ that covers all the key details of the California Consumer Protection Act.
With the CCPA effective date looming in just over two weeks, many people are have a lot of questions about what the Act requires and how they should be prepared to comply.
I also have a number of other CCPA resources including a whiteboard that distills the requirements of the law into one page and a training guide that discusses the CCPA’s training requirements and makes recommendations for how organizations can meet these requirements.




There must be another way, but does its size or culture make it unavailable to India?
India shuts down internet once again, this time in Assam and Meghalaya
The shutdown of the internet in Assam and Meghalaya, home to more than 32 million people, is the latest example of a worrying worldwide trend employed by various governments: preventing people from communicating on the web and accessing information.
And India, the world’s second largest internet market with more than 650 million connected users, continues to exercise this measure more than any other nation.




For every Ying there is a Yang. (Making your lawyers work for a change?)
The AI Transparency Paradox
In recent years, academics and practitioners alike have called for greater transparency into the inner workings of artificial intelligence models, and for many good reasons. Transparency can help mitigate issues of fairness, discrimination, and trust — all of which have received increased attention. Apple’s new credit card business has been accused of sexist lending models, for example, while Amazon scrapped an AI tool for hiring after discovering it discriminated against women.
At the same time, however, it is becoming clear that disclosures about AI pose their own risks: Explanations can be hacked, releasing additional information may make AI more vulnerable to attacks, and disclosures can make companies more susceptible to lawsuits or regulatory action.
Last is the importance of engaging with lawyers as early and as often as possible when creating and deploying AI. Involving legal departments can facilitate an open and legally privileged environment, allowing companies to thoroughly probe their models for every vulnerability imaginable without creating additional liabilities.
Indeed, this is exactly why lawyers operate under legal privilege, which gives the information they gather a protected status, incentivizing clients to fully understand their risks rather than to hide any potential wrongdoings. In cybersecurity, for example, lawyers have become so involved that it’s common for legal departments to manage risk assessments and even incident-response activities after a breach. The same approach should apply to AI.


(Related) Even more work for lawyers.
Facebook The Plaintiff: Why The Company Is Suddenly Suing So Many Bad Actors
When Facebook caught the New Zealand–based company Social Media Series Limited selling likes from fake users on Instagram, the tech giant did something out of character. It sued.
The lawsuit, filed in April, was a departure from Facebook’s previously less confrontational approach to those it caught abusing its platform. When people and companies ran afoul of its policies, Facebook would slap them with bans and cease-and-desist letters but rarely took them to court. But in a turbulent moment for the company — with antitrust investigations mounting and US presidential candidates seeking to break it up the social media giant is attempting to demonstrate it’s serious about cleaning up its act. And that means sending a message via the courts.




Perspective. Another Amazon monopoly?
Watch out, UPS. Morgan Stanley estimates Amazon is already delivering half of its packages
Amazon is already delivering about half of its own packages in the U.S., according to a Morgan Stanley estimate on Thursday, and will soon pass both United Parcel Service and FedEx in total volume.
Amazon Logistics is the e-commerce giant’s in-house logistics operation. Morgan Stanley said Amazon Logistics “more than doubled its share” of U.S. package volumes from about 20% a year ago and is now shipping at a rate of 2.5 billion per year. For comparison, Morgan Stanley estimates UPS and FedEx have U.S. shipping volumes of 4.7 billion and 3 billion packages per year, respectively.”
We see more of this going forward as our new bottom-up US package model assumes Amazon Logistics US packages grow at a 68% [compound annual growth rate from 2018 to 2022],” Morgan Stanley said.



No comments: