Probably
not just Iran. Probably for far longer than one year.
Iranian
Hackers Have Been ‘Password-Spraying’ the US Grid
… By
all appearances, Iranian hackers don't currently have the capability
to start causing blackouts in the US. But they’ve been working to
gain access to American electric utilities, long before tensions
between the two countries came to a head.
On
Thursday morning, industrial control system security firm
Dragos detailed newly
revealed hacking activity that it has tracked and attributed to a
group of state-sponsored hackers it calls Magnallium. The same group
is also known as APT33, Refined Kitten, or Elfin, and has previously
been linked to Iran. Dragos says it has observed Magnallium carrying
out a broad campaign of so-called password-spraying attacks, which
guess a set of common passwords for hundreds or even thousands of
different accounts, targeting US electric utilities as well as oil
and gas firms.
A
starting point for my Computer Security students. (And a “be sure
to talk about” list for me!)
Nine
Cybersecurity Metrics Every CEO Should Track
According
to a 2019 survey
from
The Conference Board of more than 800 international CEOs and 600
C-suite members, cybersecurity is cited as the top external concern.
The Conference Board also notes (via CIO
Dive )
that malicious cyber activity cost the economy up to $109 billion in
2016.
CEOs
and boards that seek to meaningfully reduce their risk of
experiencing high-impact cyber incidents such as data breaches must
invest in a security operations center (SOC) with a primary mandate
of delivering enterprisewide threat detection and response.
Furthermore, the SOC’s threat detection and response program must
be viewed as a
business-critical operation, requiring continuous
investment, improvement and measurement across the following six
interrelated subcomponents: centralized visibility, threat discovery,
threat qualification, threat investigation, threat mitigation and
incident recovery.
Boards
should ask their CEOs — and thus CEOs should ask their CISOs — to
provide operational measurement and metrics across these
subcomponents with the intent of understanding current operational
capabilities and related risks.
Thinking
about Privacy! (Action make take a bit longer.)
Four
Federal Privacy Trends to Watch in 2020
- Expansive Definition of Sensitive Data
- Anti-Discrimination Protections
- Portability
- CEO Certification Requirements
(Related)
State
Legislatures Are Off to the Privacy Races, With New Hampshire in the
Lead
The
shoemakers children go barefoot? Why would any IT manager rely on
manual processes?
Top
Five Ways to Survive the DSR Deluge and One Thing You Should Never Do
Data
breaches and misuse of private information continue to erode consumer
trust. In response, companies are pouring resources into
implementing security controls to block or restrict access to their
data. However, the bigger question looms around how the data is
being used and why, and many of these inquiries are coming in the
form of Data Subject Requests (DSRs).
What’s
more, there are several complexities making the onslaught of DSR’s
even more challenging. For example, the massive growth in data
collection and proliferation has not been accompanied by an equally
matched effort in data management and governance.
Regulations
like GDPR and CCPA are forcing companies to respond to DSR’s and
answer consumer concerns over privacy. But achieving compliance
requires that companies understand what personal information they
have, where it’s located and how it’s being used.
Until
now, the basic data inventory process has been a manual one of
application data owner surveys and spreadsheets. The Integris
Software 2019 Data Privacy Maturity Study found
that 77%
of respondents were still relying on manual processes to manage
sensitive data.
… Here
are five key ways to solve the data subject rights’ big data
problem and one thing you should never do!
Re-architecting
the firm. (Not yet at my local library, but I’m watching for it.)
Rethinking
Business Strategy in the Age of AI
For
the first time in 100 years, new technologies such as artificial
intelligence are causing firms to rethink their competitive strategy
and organizational structure, say the authors of a new book,
Competing in the Age of AI.
John
Foley was irritated with his local gym. He was constantly getting
elbowed out of his favorite spin classes as other cyclists snapped up
spots in sessions led by the most popular instructors.
Foley’s
frustration inspired him in 2012 to found Peloton, whose $2,200
stationary bicycles with integrated 21-inch tablet computers have
become a fitness sensation. For $39 per month, Peloton offers access
to live-streamed classes where members can track their performance on
a leader board, virtually connect with fellow classmates, and hear
instructors call out their achievements.
Foley
transformed a traditional business—the gym—into an $8 billion
digital offering that pulled in more than $700 million in revenue
during the last fiscal year. Foley credits the magic of today’s
technology, including software, data, and communication networks, for
the basis of Peloton’s success.
“We
see ourselves more akin to an Apple, a Tesla, or a Nest, or a
GoPro—where it’s a consumer product that has the foundation of
sexy
hardware technology and sexy software technology,”
he is quoted in a book published today, Competing
in the Age of AI: Strategy and Leadership When Algorithms and
Networks Run the World.
Maybe
I’ll get a JD now that law school is free.
Upending
Bankruptcy ‘Myths,’ Judge Erases $220,000 Student Loan Debt
The
borrower-friendly ruling comes as bankruptcy judges across the
country are growing more sympathetic to discharging student debt
A
bankruptcy judge excused a U.S. Navy veteran with a law degree from
repaying more than $220,000 in student loan debt, the latest court
ruling to lower the barriers to discharging educational debt.
Judge
Cecelia G. Morris of the U.S. Bankruptcy Court in Poughkeepsie, N.Y.,
discharged the law school graduate’s unpaid student loans even
though he isn’t disabled or unemployable, saying that satisfying
his law school debt in full would impose an undue hardship.
Some
supplemental classes for my students. Most are free.
Best
Machine Learning Courses
- Machine Learning by Stanford University
- Machine Learning Foundations: A Case Study Approach by the University of Washington
- Applied Machine Learning: Foundations by LinkedIn Learning
- Machine Learning: Regression by the University of Washington
- Machine Learning: Classification by the University of Washington
- Machine Learning: Clustering and Retrieval by the University of Washington
- Machine Learning and AI: Advanced Decision Trees by LinkedIn Learning
No comments:
Post a Comment