Thursday, January 16, 2020


For my security students.
Ransomware Costs in 2019
In 2019, the U.S. was hit by an unprecedented and unrelenting barrage of ransomware attacks,” said Emsisoft’s The State of Ransomware in the US: Report and Statistics 2019. The ransomware costs of 2019 are higher than they ever have been, and are expected to rise even further in 2020.
The ransomware attacks at least 966 government agencies, educational establishments and healthcare providers. To be more specific:
  • 113 state and municipal governments and agencies
  • 764 healthcare providers
  • 89 universities, colleges and school districts. This means that up to 1,233 individual schools were affected.
It’s hard to know exactly how much the costs of a ransomware attack is, but Emsisoft estimates that the costs in 2019 alone could have exceeded $7.5 billion.




Not incentivized by 4% of global revenue?
Companies Use 'Dark Patterns' to Mislead Users About Privacy Law, Study Shows
Passed in May of 2018, Europe’s General Data Protection Regulation (GDPR) was supposed to usher in a new age of consumer privacy transparency and protection across Europe. Instead, researchers say companies have been tap dancing around the law with little to no meaningful enforcement by European Union member countries and regulators.
A new joint study by researchers at MIT, UCL, and Aarhus University found that websites in the EU not only aren’t adhering to the law, many are using required privacy alerts to mislead users.




We’ll be trying to comply with many contradictory laws until Congress stops lollygagging.
State Privacy Trends to Watch in 2020
While all eyes are on California following the implementation of the California Consumer Privacy Act (“CCPA”) earlier this month and the start of enforcement later this year, other states are off to the privacy races already. On Monday, Washington State became the latest entrant with the introduction of a revised Washington Privacy Act.
From the proposals introduced so far this year in Washington, Virginia, New Hampshire, Illinois, and Nebraska, it is clear that states will continue to follow last year’s trend of varied approaches to state privacy legislation.




A different path to a privacy law?
Ottawa considering 'significant and meaningful' compensation for privacy breach victims
Mandate letters for Innovation, Science and Industry Minister Navdeep Bains and Heritage Minister Steven Guilbeault say they've been asked by Prime Minister Justin Trudeau to work on a "digital charter" that would include legislation to give Canadians "appropriate compensation" when their personal data is breached.
It's not clear when the legislation will be introduced, or what a compensation package would even look like, but Bains said it will include punitive fines for those found guilty of breaching personal data.
"It will be significant and meaningful to make it very clear that privacy is important. Compensation, of course, is one aspect of it," said Bains, adding that the government also wants "to demonstrate to businesses very clearly that there are going to be significant penalties for non-compliance with the law. That's really my primary goal."
Statistics Canada says that about 57 per cent of Canadians online reported experiencing a cyber security incident in 2018.
Ryan Berger, a privacy lawyer with Lawson Lundell in Vancouver, said legislating compensation could get private companies to start taking privacy more seriously.
"It will incentivize organizations ... to take steps to protect that information and ensure that, for instance, health information is encrypted," he said.




For everyone.
Verizon Media launches OneSearch a privacy-focused search engine
VentureBeat: “Verizon Media, the media and digital offshoot of telecommunications giant Verizon, has launched a “privacy-focused” search engine called OneSearch. The launch comes at a time when public trust in big technology companies has hit rock bottom following countless reports of breaches, lapses, and data harvesting escapades. Consequently, “privacy” is pretty much the buzzword of choice emanating from most of the big tech companies, and with its new search engine, it’s clear that Verizon is adopting a similar tack. With OneSearch, Verizon promises there will be no cookie tracking, no ad personalization, no profiling, no data-storing, and no data-sharing with advertisers…”




A focus on facial recognition.
FPF Director of AI & Ethics Testifies Before Congress on Facial Recognition
In a hearing today before the House Committee on Oversight and Reform, Future of Privacy Forum (FPF) Senior Counsel and Director of AI and Ethics Brenda Leong testified on the privacy and ethical implications of the commercial use of facial recognition technology.
To read Leong’s written testimony, click here. For an archived livestream of the committee hearing, visit https://oversight.house.gov/



No comments: