Saturday, August 22, 2020

Reliance on ‘work from home’ without supplying security tools?

https://ciso.economictimes.indiatimes.com/news/the-average-cost-of-data-breach-in-india-in-2020-is-2m/77678031

The average cost of data breach in India in 2020 is $2M

The rapid technology shifts paired with new ways of accessing data creates more opportunities for security incidents if companies don’t ensure the right tools and policies are in place. During a time when businesses are expanding their digital footprint at an accelerated pace, while also battling a continuing talent shortage in the security industry, teams can be overwhelmed from securing more devices, systems and data than they are normally used to.

Additionally, a recent IBM study found that over half of surveyed employees new to working from home due to the pandemic have not been provided with new guidelines on how to handle customers’ personally identifiable information, despite the changing risk models associated with this shift.





Another huge segment of ‘work from home’

https://thehill.com/policy/cybersecurity/513022-hackers-eye-students-returning-to-virtual-classes-as-easy-targets?&web_view=true

Hackers eye students returning to virtual classes as easy targets

Universities and schools are scrambling to address threats such as a surge in malicious phishing emails, "Zoombombs" and other kinds of attacks. But with weakened budgets and students learning off campus, they are facing an uphill battle.

We are seeing a dramatic increase in phishing, this is fully expected, we knew it would happen with any major calamity,” Michael Tran Duff, chief privacy officer and chief information security officer (CISO) at Stanford University, said during a virtual event hosted by software company Proofpoint on Wednesday.





How would you account for it?

https://www.databreaches.net/ransomware-the-new-too-high-cost-of-doing-business/

Ransomware – The New (Too-High) Cost of Doing Business

Gemini Advisory has released a paper that makes the point that in 2020, it may be best to view ransomware incident costs as part of the cost of doing business. And with more people working from home these days, there is an increased risk of security incidents, as threat actors may be able to relatively easily compromise employees’ devices and thereby gain credentials to access corporate computers or systems. One recent study reports that two-thirds of Indian entities had suffered a data breach related to remote working.

For those who haven’t really paid enough attention to ransomware’s evolution, Gemini Advisory’s paper will give you a nice recap of the past few years and some real-world examples. It is not oriented to naming and describing all the various types of ransomware being deployed these days, but the paper’s main point is consistent with something I first heard from lawyers a few years ago — that although law enforcement has tried to dissuade victims from paying ransom, eventually it all boils down to a determination of how much business an entity will lose and whether the cost of lost business is higher than the cost of paying the ransom. And in calculating costs, we need to include the cost of lost life or health when the victim is a health care entity.

For more details and a fuller discussion of ransomware trends over the past few years, read Gemini Advisory’s article on their site.





Can we do better?

https://www.weforum.org/agenda/2020/08/towards-responsible-aiforall-in-india-artificial-intelligence-ethics/

Towards Responsible #AIforAll in India

Building further on the National Strategy on AI (NSAI) released in 2018, NITI Aayog is now working on outlining an approach towards realising the economic benefits of AI in a manner that is “responsible” to its users and broader society. The approach attempts to establish broad principles for design, development and deployment of AI in India – drawing on similar global initiatives but grounded in the Indian legal and regulatory context. The paper also explores means of operationalization of principles across the public sector, private sector, research and academia.

NITI Aayog, the think tank of the Government of India, is developing the approach to “Responsible #AIforAll” based on a large-scale stakeholder consultation facilitated by The Centre for the Fourth Industrial Revolution (C4IR) India. A Responsible AI working document was presented during a global consultation with AI ethics experts around the world on 21 July 2020 and subsequently released by NITI Aayog for wider public consultations.





Free is good.

https://www.fast.ai/2020/08/20/soumith-forward/

Forward from the 'Deep Learning for Coders' Book

To celebrate the release of fast.ai’s new course, book, and software libraries on August 21st, 2020, we’re making available the foreword that Soumith Chintala (the co-creator of PyTorch ) wrote for the book. You can buy the book from Amazon, or read it for free in Jupyter Notebook format.

Our online courses (all are free and have no ads):



Friday, August 21, 2020

I’d say he misjudged this risk. How did senior management not catch it? Did they rely entirely on his summary?  

https://www.securityweek.com/former-uber-cso-charged-over-2016-data-breach-cover?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Securityweek+%28SecurityWeek+RSS+Feed%29

Former Uber CSO Charged Over 2016 Data Breach Cover-Up

The U.S. Department of Justice announced on Thursday that former Uber Chief Security Officer (CSO) Joe Sullivan has been charged over his alleged role in the cover-up of the 2016 data breach that resulted in the information of millions of Uber drivers and users getting stolen by hackers.

Sullivan has been charged with obstruction of justice and misprision of a felony. During his time at Uber — he served as the company’s CSO between April 2015 and November 2017 — the ride-sharing giant’s systems were breached and the attackers managed to steal information belonging to 57 million users and drivers.

… “The criminal complaint also alleges Sullivan deceived Uber’s new management team about the 2016 breach. Specifically, Sullivan failed to provide the new management team with critical details about the breach,” the Justice Department said. “Sullivan asked his team to prepare a summary of the incident, but after he received their draft summary, he edited it. His edits removed details about the data that the hackers had taken and falsely stated that payment had been made only after the hackers had been identified.”

Before joining Uber, Sullivan worked at eBay, PayPal, and Facebook. Prior to starting his career in the private sector, he was a federal prosecutor in the Northern District of California.





Reaction to a change...

https://www.microsoft.com/security/blog/2020/08/19/microsoft-shows-pandemic-accelerating-transformation-cyber-security/?&web_view=true

New data from Microsoft shows how the pandemic is accelerating the digital transformation of cyber-security

The importance of cybersecurity in facilitating productive remote work was a significant catalyst for the two years-worth of digital transformation we observed in the first two months of the COVID-19 pandemic. In this era of ubiquitous computing, security solutions don’t just sniff out threats, they serve as control planes for improving productivity and collaboration by giving end-users easier access to more corporate resources. Microsoft recently concluded a survey of nearly 800 business leaders of companies of more than 500 employees in India (IN), Germany (DE), the United Kingdom (UK) and the United States (US) to better understand their views of the pandemic threat landscape, implications for budgets and staffing, and how they feel the pandemic could reshape the cyber-security long-term.

Among the key insights are data showing that an alarming number of businesses are still impacted by phishing scams, security budgets, and hiring increased in response to COVID-19, and cloud-based technologies and architectures like Zero Trust are significant areas of investment moving forward.





Something to learn.

https://teachprivacy.com/the-deal-with-data-rights-an-interview-with-heather-federman/?utm_source=rss&utm_medium=rss&utm_campaign=the-deal-with-data-rights-an-interview-with-heather-federman

The Deal with Data Rights: An Interview with Heather Federman

I recently had the opportunity to interview Heather Federman, the VP of Privacy & Policy at BigID, where she manages and leads initiatives related to privacy evangelism, product innovation, internal compliance and industry collaboration.

SOLOVE: What are some interesting trends you’re seeing around Data Rights and DSARs?

FEDERMAN: The costs related to fulfilling a DSAR request are considerable – a study from Gartner found that the average cost is $1400. Just think about the manual hours required to process a single request — in which you would need to establish some form of consistent communication with the data subject, conduct extensive searches of the data held (and do double or triple checks) while also making sure to exclude any information that could fall under an exemption like attorney-client privilege, and present this to a data subject in an easily readable format — all within a predefined, limited amount of time.

There’s a useful whitepaper on the subject over at BigID’s website, Automate Data Access Rights Fulfillment, if you want to learn more about the topics in this interview.





Have anything to say?

https://www.insideprivacy.com/artificial-intelligence/ai-standards-update-nist-solicits-comments-on-the-four-principles-of-explainable-artificial-intelligence-and-certain-other-developments/

AI Standards Update: NIST Solicits Comments on the Four Principles of Explainable Artificial Intelligence and Certain Other Developments

In a new post on the Covington Inside Tech Media Blog, our colleagues discuss the National Institute of Standards and Technology’s draft of the Four Principles of Explainable Artificial Intelligence (NISTIR 8312), which seeks to define the principles that capture the fundamental properties of explainable AI systems. Comments on the draft will be accepted until October 15, 2020. To read the post, please click here.





Who could do a better job? I have no answer.

https://www.bespacific.com/most-americans-think-social-media-sites-censor-political-viewpoints/

Most Americans Think Social Media Sites Censor Political Viewpoints

Americans have complicated feelings about their relationship with big technology companies. While they have appreciated the impact of technology over recent decades and rely on these companies’ products to communicate, shop and get news, many have also grown critical of the industry and have expressed concerns about the executives who run them. This has become a particularly pointed issue in politics – with critics accusing tech firms of political bias and stifling open discussion. Amid these concerns, a Pew Research Center survey conducted in June finds that roughly three-quarters of U.S. adults say it is very (37%) or somewhat (36%) likely that social media sites intentionally censor political viewpoints that they find objectionable. Just 25% believe this is not likely the case. Majorities in both major parties believe censorship is likely occurring, but this belief is especially common – and growing – among Republicans. Nine-in-ten Republicans and independents who lean toward the Republican Party say it’s at least somewhat likely that social media platforms censor political viewpoints they find objectionable, up slightly from 85% in 2018, when the Center last asked this question. At the same time, the idea that major technology companies back liberal views over conservative ones is far more widespread among Republicans. Today, 69% of Republicans and Republican leaners say major technology companies generally support the views of liberals over conservatives, compared with 25% of Democrats and Democratic leaners. Again, these sentiments among Republicans have risen slightly over the past two years…”



(Related)

https://www.reuters.com/article/us-facebook-india/india-parliamentary-panel-to-question-facebook-on-content-controversy-idUSKBN25H0NH

India panel to quiz Facebook amid row over political posts: source

An Indian parliamentary committee will question Facebook executives on how the social media giant regulates content in the country, a panel member told Reuters on Friday, following a controversy over political posts.





Harvard is doomed?

https://www.bespacific.com/google-has-a-plan-to-disrupt-the-college-degree/

Google Has a Plan to Disrupt the College Degree

Inc. – Google’s new certificate program takes only six months to complete, and will be a fraction of the cost of college. Google recently made a huge announcement that could change the future of work and higher education: It’s launching a selection of professional courses that teach candidates how to perform in-demand jobs. These courses, which the company is calling Google Career Certificates, teach foundational skills that can help job-seekers immediately find employment. However, instead of taking years to finish like a traditional university degree, these courses are designed to be completed in about six months. “College degrees are out of reach for many Americans, and you shouldn’t need a college diploma to have economic security,” writes Kent Walker, senior vice president of global affairs at Google. “We need new, accessible job-training solutions–from enhanced vocational programs to online education–to help America recover and rebuild.”

Walker then revealed the following on Twitter: “In our own hiring, we will now treat these new career certificates as the equivalent of a four-year degree for related roles.”..



Thursday, August 20, 2020

Hasn’t this name come up before? Were no lessons learned?

https://www.zdnet.com/article/experian-south-africa-discloses-data-breach-impacting-24-million-customers/?&web_view=true

Experian South Africa discloses data breach impacting 24 million customers

The South African branch of consumer credit reporting agency Experian disclosed a data breach on Wednesday.

The credit agency admitted to handing over the personal details of its South African customers to a fraudster posing as a client.

While Experian did not disclose the number of impacted users, a report from South African Banking Risk Centre (SABRIC), an anti-fraud and banking non-profit, claimed the breach impacted 24 million South Africans and 793,749 local businesses.





Should ‘poor security’ reduce any insurance coverage? Increase management/vendor liability?

https://www.databreaches.net/law-enforcement-websites-hit-by-blueleaks-may-have-been-easy-to-hack/

Law Enforcement Websites Hit by Blueleaks May Have Been Easy to Hack

Micah Lee reports:

Whoever broke into 251 law enforcement websites and obtained the blueleaks trove of documents appears to have reused decades-old software for opening “backdoors” in web servers.

The use of the widely available backdoors provides evidence that the hacktivist who compromised the sensitive sites, including fusion centers linked to federal agencies, didn’t need to use sophisticated digital attack methods because the sites were not very secure.

Read more on The Intercept.





A link for my Computer Security students.

https://www.cpomagazine.com/data-protection/iso-standards-for-information-and-data-protection/

ISO Standards for Information and Data Protection





Don’t commit a crime and leave your fingerprints face behind.

https://arstechnica.com/tech-policy/2020/08/cops-in-miami-nyc-arrest-protesters-from-facial-recognition-matches/

Cops in Miami, NYC arrest protesters from facial recognition matches

Cops' use of the tech among the list of things protesters are demonstrating against.

Miami police used Clearview AI to identify and arrest a woman for allegedly throwing a rock at a police officer during a May protest, local NBC affiliate WTVJ reported this week. The agency has a policy against using facial recognition technology to surveil people exercising "constitutionally protected activities" such as protesting, according to the report.

Similar reports have surfaced from around the country in recent weeks. Police in Columbia, South Carolina, and the surrounding county likewise used facial recognition, though from a different vendor, to arrest several protesters after the fact, according to local paper The State. Investigators in Philadelphia also used facial recognition software, from a third vendor, to identify protestors from photos posted to Instagram, The Philadelphia Inquirer reported.

New York City Mayor Bill de Blasio promised on Monday the NYPD would be "very careful and very limited with our use of anything involving facial recognition," Gothamist reported. This statement came on the heels of an incident earlier this month when "dozens of NYPD officers—accompanied by police dogs, drones and helicopters" descended on the apartment of a Manhattan activist who was identified by an "artificial intelligence tool" as a person who allegedly used a megaphone to shout into an officer's ear during a protest in June.





Loyal, like my Rottweiler?

Article: A Duty of Loyalty for Privacy Law

To add to your must-read list: Richards, Neil M. and Hartzog, Woodrow, A Duty of Loyalty for Privacy Law (July 3, 2020). Available at SSRN: https://ssrn.com/abstract=

Abstract

Data privacy law fails to stop companies from engaging in self-serving, opportunistic behavior at the expense of those who trust them with their data. This is a problem. Modern tech companies are so entrenched in our lives and have so much control over what we see and click that the self-dealing exploitation of people has now become a major element of the Internet’s business model.

Academics and policymakers have recently proposed a possible solution: require those entrusted with peoples’ data and online experiences to be loyal to those who trust them. But critics and companies have concerns about a duty of loyalty. What, exactly, would such a duty of loyalty require? What are the goals and limits of such a duty? Should loyalty mean obedience or a pledge to make decisions in peoples’ best interests? What would the substance of the rules implementing the duty look like?

In this article, we offer a theory of loyalty based upon the risks of digital opportunism in information relationships. Data collectors bound by this duty of loyalty would be obligated to act in the best interests of people exposing their data and online experiences, up to the extent of their exposure. They would be prohibited from designing digital tools and processing data in a way that conflicts with a trusting parties’ best interests. This duty could also be used to set rebuttable presumptions of disloyal activity and act as an interpretive guide for other duties. A duty of loyalty would be a revolution in data privacy law. That’s exactly what is needed to break the cycle of self-dealing ingrained into the current Internet. This Article offers one pathway for us to get there.

You can read or download the full paper on SSRN, here.





A new local resource?

https://www.bizjournals.com/denver/news/2020/08/19/palantir-peter-thiel-alex-karp-headquarters-denver.html?page=all

Data-analysis giant Palantir is moving its headquarters to Denver

Palantir Technologies Inc., a $20 billion data-analysis software firm that sells its products to governments to help them track everything from immigrants to terrorists to the spread of coronavirus, is relocating its headquarters from Palo Alto, California, to Denver.

Company officials have not yet responded to Denver Business Journal's requests for interviews, but the firm now lists Denver as its headquarters on its website, its social media pages and its Wikipedia entry — changes believed to have been made quietly on Tuesday.





The things you learn reading strange articles.

https://daily.jstor.org/the-people-who-thought-farmers-without-radios-were-rubes/

The People Who Thought Farmers Without Radios Were Rubes

The year 2020 (August 20, to be precise) marks the 100-year anniversary of the first broadcast by a federally licensed radio station, Detroit’s 8MK. The advent of real-time mass media changed the country in all kinds of ways.



Wednesday, August 19, 2020

Even if you ‘have nothing to hide.’

https://www.bespacific.com/how-to-clean-up-your-social-media-accounts-without-deleting-them/

How to Clean Up Your Social Media Accounts Without Deleting Them

Gizmodo: “There are many reasons to avoid wanting a social media digital paper trail of your entire life. Maybe there are posts there you think your new employer won’t like, or that your new partner’s parents won’t like, or even ones that you don’t believe in anymore. But wiping the slate clean and starting again is only one of your options—you can still tidy up your existing accounts without deleting them. Take a glance back at your social media missives from last year, or five years ago, or 10 years ago, to see some reasons why you might want to cut certain posts from the record. Bad takes, painful memories, embarrassing moments…if Snapchat has taught us anything, it’s perhaps that social media should never have been a permanent, fixed record of our thoughts and actions in the first place. If you’re ready to let the past die, Kylo Ren-style—or at least have it lightly edited—then these are your options on three of the biggest social networks…”





Covid helps identify something else that must change. I wonder how many small things could be automated?

https://www.infosecurity-magazine.com/news/iso-warning-covid19-threat/?&web_view=true

ISO Warning as #COVID19 Threatens Re-Certification Audits

Hundreds of thousands of ISO certifications are in danger of lapsing because auditors haven’t been able to visit organizations’ premises during the pandemic, according to InfoSaaS.

In the UK, re-certification audits must be undertaken within six months of the anniversary of an ISO certificate being issued or else it should be suspended and a new assessment required, InfoSaaS said.

However, auditors usually have to visit premises in person, especially if organizations are still using manual spreadsheet-based processes for compliance, the software company added. It argued that this approach requires face-to-face explanation and cross-referencing.





When was the last time you backed up your email?

https://www.makeuseof.com/tag/export-emails-outlook/

How to Export Emails From Outlook

If you're resetting your computer, changing your email app, or just playing around with something that could affect your emails, you may want to make a backup of your Microsoft Outlook emails through exporting them.

Outlook allows you to export your messages in various formats. We'll show you which one to use, depending on how you plan to use the exported emails (including working with them outside of Outlook).





This is not yet mandatory.

https://www.forbes.com/sites/johnkoetsier/2020/08/19/ai-health-startup-can-get-15-vital-signs-via-your-phone-camera/#2666663029b5

AI Health Startup Can Get 15 Vital Signs Via Your Phone Camera

Look into your camera for thirty seconds. You’ve just given your phone enough information to check your heart rate, oxygen saturation, breathing rate, heart rate variability, blood pressure, stress level, and ten other health indicators at medical grade levels of reliability.

Now imagine doing that 50 times a day without even thinking about it.

And having the results funneled to your personal medical AI engine to monitor you for any signs of poor health, ready to notify your physician if anything looks out of the ordinary. Like higher temperature, which might indicate a fever, flu ... or Covid-19.

That’s part of the vision of Binah.ai, an Israeli health startup that uses high-end artificial intelligence and low-end cameras built into all our phones and laptops to continuously monitor health. Including, soon, blood alcohol levels and maybe even glucose, cholesterol, and hemoglobin levels.





The “Let’s all wear red coats and march in a line” school has been dead for centuries.

DARPA Wants Wargame AI To Never Fight Fair

Northrop Grumman is building an AI designed to find new strategies to break virtual opponents. Future AI tools, based on this research, could help human commanders break opponents in real battles.

The contract is part of DARPA’s Gamebreaker program, which wants to turn the design considerations of modern strategy games on their head, using AI to find every unfair advantage hidden in the game.





The Greeks invented AI? The logic of logic? Amusing read.

https://theconversation.com/aristotle-and-the-chatbot-how-ancient-rules-of-logic-could-make-artificial-intelligence-more-human-142811

Aristotle and the chatbot: how ancient rules of logic could make artificial intelligence more human





Maybe…

https://www.entrepreneur.com/article/354050

3 of the Best Uses for AI in Our New Normal





Is it Facebook’s job (is it even possible) to fact check every post?

https://www.bespacific.com/avaaz-report-facebooks-algorithm-a-major-threat-to-public-health/

Avaaz Report Facebook’s Algorithm: A Major Threat to Public Health

In this report, Avaaz uncovers global health misinformation spreading networks on Facebook that reached an estimated 3.8 billion views in the last year spanning at least five countries — the United States, the UK, France, Germany, and Italy. Many of these networks, made up of both websites and Facebook pages, have spread vaccination and health misinformation on the social media platform for years. However, some did not appear to have had any focus on health until Feb. 2020 when they started covering the COVID-19 pandemic.





Thoughtful. Worth reading.

https://www.newyorker.com/tech/annals-of-technology/what-can-america-learn-from-europe-about-regulating-big-tech

What Can America Learn from Europe About Regulating Big Tech?





Perspective.

https://www.nytimes.com/2020/08/19/technology/big-tech-business-domination.html

Big Tech’s Domination of Business Reaches New Heights

A rally in technology stocks elevated the S&P 500 stock index to a record high on Tuesday even as the pandemic crushes the broader economy. The stocks of Apple, Amazon, Alphabet, Microsoft and Facebook, the five largest publicly traded companies in America, rose 37 percent in the first seven months this year, while all the other stocks in the S&P 500 fell a combined 6 percent, according to Credit Suisse.

Those five companies now constitute 20 percent of the stock market’s total worth, a level not seen from a single industry in at least 70 years. Apple’s stock market value, the highest of the bunch, is nearly $2 trillion — double what it was just 21 weeks ago.



(Related)

https://www.ben-evans.com/benedictevans/2020/8/18/the-ecommerce-surge

The ecommerce surge

Both the UK and (today) the USA have given official statistics on how ecommerce and retail have changed during lockdown. The headline numbers are pretty dramatic. The UK went from 20% ecommerce penetration to over 30% in two months, and the USA from 17% to 22%.





I try to keep up.

https://www.techrepublic.com/article/5-emerging-tech-terms-you-should-know-from-gartners-25th-hype-cycle-report/

5 emerging tech terms you should know from Gartner's 25th Hype Cycle report

Health Passports are shifting digital twin tech to humans and the composable enterprise is making it possible for business to stay nimble during the coronavirus pandemic. COVID-19 influenced many of the 30 technologies in Gartner's 25th Hype Cycle for Emerging Technologies report.

Brian Burke, research vice president at Gartner, said that this was the first time in the history of the report that a new piece of technology reached 20% market penetration in less than a year. China and India are using Health Passport mobile apps to indicate the level of infection risk of the holder. Red is a confirmed case of COVID-19; yellow means the person should be in quarantine; and green means free to travel.

"Because of the population in those countries, this is the first time that we've had a technology that is less than six months old and already has 20% market penetration," he said.

Health Passports are part of the larger citizen twin/digital me trend. Gartner identified five overall trends for this hype cycle report, but the interesting bits are in the details. The five terms you should know from the report are:

  1. Citizen twins

  2. Composable enterprise

  3. Low-cost single board computer at the edge

  4. Secure access service edge

  5. Authenticated provenance





Tools & Techniques.

https://www.freetech4teachers.com/2020/08/13-big-topics-in-2020-21-practical-ed.html

13 Big Topics in the 2020-21 Practical Ed Tech Handbook

the 2020-21 version of my Practical Ed Tech Handbook is now available to download for free. This year's version of this annual publication contains 64 pages of information on a wide range of educational technology tools. The table of contents for the 2020-21 Practical Ed Tech Handbook is copied below. To get your copy, head to this page on PracticalEdTech.com.

1. Communication with students and parents - page 5
2. Creating Blogs & Websites - page 9
3. Web search strategies - page 17
4. Digital citizenship - page 24
5. Video creation and flipped lessons - page 26
6. Audio recording and publishing - page 37
7. Backchannels and informal assessment - page 39
8. Digital portfolios - page 42
9. Augmented and Virtual Reality - page 44
10. Intro to Programming and Makerspaces - page 47
11. Accessibility Tools - page 51
12. Ten Time-saving ways for teachers to use tech - page 57
13. Remote Instruction Tools and Strategies - page 59