Not
sure if this is a really big emergency or if they need to declare an
emergency to free up funds and other resources. Something tripped an
alarm at 5AM but nothing identified until 11AM? Stay tuned.
New
Orleans Declares State Of Emergency Following Cyber Attack
The
City of New Orleans has suffered a cybersecurity attack serious
enough for Mayor LaToya Cantrell to declare a state of emergency.
The
attack started at 5 a.m.
CST on Friday, December 13, according to the City of New Orleans’
emergency preparedness campaign, NOLA Ready, managed by the Office of
Homeland Security and Emergency Preparedness. NOLA Ready tweeted
that
"suspicious activity was detected on the City’s network,"
and as investigations progressed, "activity indicating a
cybersecurity incident was detected around 11 am."
As a precautionary measure, the NOLA tweet confirmed, the City’s
IT department gave the order for all employees to power down
computers and disconnect from Wi-Fi. All City servers were also
powered down, and employees told to unplug any of their devices.
During
a press conference, Mayor Cantrell confirmed that this was a
ransomware attack. A declaration of a state
of emergency was filed with
the Civil District Court in connection with the incident.
… It's
not known what ransomware malware was used during the attack, and
Mayor Cantrell has said that no ransom demand has been made at this
point in time.
It’s
always something.
Multi-Cloud
Security Is the New #1 IT Challenge for Businesses
Most
businesses now have an IT infrastructure that makes use of multiple
cloud services providers. A new
study from
Business Performance Innovation (BPI) Network finds that multi-cloud
security has become the biggest immediate IT challenge for
businesses, as the authorization and authentication handoffs between
these different services provide ample opportunity for things to go
wrong.
The
mass movement of businesses to a multi-cloud provider model can be
traced back to a number of things: a desire to not be locked in to
one vendor’s products, lack of necessary tools from a single vendor
(or that vendor not offering those particular tools at a competitive
price point), and network improvements such as lower latency and
downtime.
There
is, however, a widespread errant belief that somehow a multi-cloud
setup is inherently more secure. This can be true, but only if
sensitive data is exclusively stored on and accessed from a private
part of the cloud that is properly monitored and managed by IT staff.
What tends to happen in reality is that these disparate cloud
components end up being difficult to integrate and train company
personnel on. This leads to all sorts of mishaps, from misconfigured
storage buckets being breached to vendors being given access to a
much higher level of sensitive data than is required.
For
my Security students.
CCPA
FAQ
I
am pleased to announce my new CCPA
FAQ that
covers all the key details of the California Consumer Protection Act.
With
the CCPA effective date looming in just over two weeks, many people
are have a lot of questions about what the Act requires and how they
should be prepared to comply.
… I
also have a number of other CCPA
resources including
a whiteboard
that
distills the requirements of the law into one page and a training
guide that
discusses the CCPA’s training requirements and makes
recommendations for how organizations can meet these requirements.
There
must be another way, but does its size or culture make it unavailable
to India?
India
shuts down internet once again, this time in Assam and Meghalaya
… The
shutdown of the internet in Assam and Meghalaya, home to more than 32
million people, is the latest example of a worrying worldwide trend
employed by various governments: preventing people from communicating
on the web and accessing information.
And
India, the world’s second largest internet market with more than
650 million connected users, continues to exercise this measure more
than any other nation.
For
every Ying there is a Yang. (Making your lawyers work for a change?)
The
AI Transparency Paradox
In
recent years, academics and practitioners alike have called for
greater transparency into the inner workings of artificial
intelligence models, and for many good reasons. Transparency can
help mitigate issues of fairness, discrimination, and trust — all
of which have received increased attention. Apple’s new credit
card business has been accused of sexist
lending models,
for example, while Amazon
scrapped an
AI tool for hiring after discovering it discriminated against women.
At
the same time, however, it is becoming clear that disclosures about
AI pose their own risks: Explanations
can be hacked, releasing additional information may make
AI more vulnerable to attacks, and
disclosures can make companies more susceptible to lawsuits or
regulatory action.
… Last
is the importance of engaging with lawyers as early and as often as
possible when creating and deploying AI. Involving legal departments
can facilitate an open and legally privileged environment, allowing
companies to thoroughly probe their models for every vulnerability
imaginable without creating additional liabilities.
Indeed,
this is exactly why lawyers operate under legal privilege, which
gives the information they gather a protected status, incentivizing
clients to fully understand their risks rather than to hide any
potential wrongdoings. In cybersecurity, for example, lawyers have
become so involved that it’s
common for legal departments to manage risk assessments and even
incident-response activities after a breach. The same
approach should apply to AI.
(Related)
Even more work for lawyers.
Facebook
The Plaintiff: Why The Company Is Suddenly Suing So Many Bad Actors
When
Facebook caught the New Zealand–based company Social Media
Series Limited selling likes from fake users on Instagram, the tech
giant did something out of character. It sued.
The
lawsuit, filed in April, was a departure from Facebook’s previously
less confrontational approach to those it caught abusing its
platform. When people and companies ran afoul of its policies,
Facebook would slap them with bans and cease-and-desist letters but
rarely took them to court. But in a turbulent moment for the company
— with antitrust
investigations mounting and
US presidential candidates seeking
to break it up —
the
social media giant is attempting to demonstrate it’s serious about
cleaning up its act.
And that means sending a message via the courts.
Perspective.
Another Amazon monopoly?
Watch
out, UPS. Morgan Stanley estimates Amazon is already delivering half
of its packages
Amazon
is already delivering about half of its own packages in the U.S.,
according to a Morgan Stanley estimate on Thursday, and will
soon pass both United Parcel Service and FedEx in total volume.
… Amazon
Logistics is the e-commerce giant’s in-house logistics operation.
Morgan Stanley said Amazon Logistics “more than doubled its share”
of U.S. package volumes from about 20% a year ago and is now shipping
at a rate of 2.5 billion per year. For comparison, Morgan Stanley
estimates UPS and FedEx have U.S. shipping volumes of 4.7 billion and
3 billion packages per year, respectively.”
“We
see more of this going forward as our new bottom-up US package model
assumes Amazon Logistics US packages grow
at a 68% [compound annual growth rate from 2018 to 2022],”
Morgan Stanley said.