Week ahead in cyber: Dems look to block State Department shakeup

Week ahead in cyber: Dems look to block State Department shakeup.
The House and Senate are returning to Washington after their month-long summer recess and will face a number of cybersecurity issues on their docket.
The State Office of the Coordinator of Cyber Issues (S/CCI) was one of several envoys and offices Tillerson told Congress in August he planned to close or consolidate.
There had been rumors that Tillerson had plans to revamp State’s cyber work since mid-July, when the department’s top cyber diplomat resigned from his post.
Democrats are vowing to fight the move.
Donald Trump Jr. has scheduled a private interview with the Senate Judiciary Committee, but the date has not been publicly released.
Investigators have also been raising pressure on Trump’s former campaign manager, Paul Manafort.
CNN reported Tuesday that special counsel Robert Mueller has subpoenaed Manafort and his attorney.
The last week also saw new evidence that the Trump Organization was pursuing a major real estate deal in Moscow during the campaign, though it is unclear if Trump was aware of the negotiations.
Lawmakers returning to Washington will also be grappling with the fallout from a slew of resignations from Trump’s infrastructure security council.

Let’s not sacrifice privacy by “democratising” AI

Let’s not sacrifice privacy by “democratising” AI.
The brightest technical minds, industry attention and investor dollars have moved from building apps to building bots, or integrations, on top of existing communication platforms, and tools to build these bots and services.
Take for example, The Bank of America which now has a bot on Facebook to help people manage their personal finances.
If not, then they need to send a signal and move to a platform that can offer better privacy.
This opens new opportunities for service providers to provide a variety of services and integrations that deal with sensitive personal data.
If encryption is used, then each service or bot is limited to user information already known by the service, and what that user chooses to share.
Businesses need to know that any integrations or bots that they utilise are not creating a security weakness, or they will not be able to use them.
They need to know that their communication with bots and use of integrations are not another tool targeting them with advertising.
If 2017 is the year that machine learning, AI-driven services start to become a mainstream part of our lives, then it means it’s also time for a frank discussion about how much we want messaging companies or voice assistant platforms to know about our communications.
They need to choose platforms whose business model doesn’t undermine the privacy and security of the services provided, including bot integrations.

CDC: Drug overdose deaths spiked 21 percent last year, 64K deaths

CDC: Drug overdose deaths spiked 21 percent last year, 64K deaths.
Sept. 4 (UPI) — Drug overdose deaths in the United States skyrocketed 21 percent in 2016 from the previous year, accounting for the deaths of approximately 64,000 people, according to numbers from the Centers for Disease Control.
Several states saw drug overdose death increases in the double digits, including Virginia (38 percent increase), Florida (55 percent), Maryland (67 percent) and Delaware (71 percent).
Florida had the highest overall number of overdose deaths in 2016, with 5,167.
The drug took about 20,000 lives last year, overtaking heroin as the number one cause of drug overdose deaths.
The New York Times reported that fentanyl-related deaths have jumped 540 percent in the past three years and more than doubled from 2015 to 2016 — a killing rate higher than the HIV epidemic at its peak. “The United States is in the midst of a fentanyl crisis, with law enforcement reporting and public health data indicating higher availability of fentanyls, increased seizures of fentanyls, and more known overdose deaths from fentanyls than at any other time since the drugs were first created in 1959,” the DEA said. “The first wave of deaths began in 1999 and included deaths involving prescription opioids,” the CDC said. “It was followed by a second wave, beginning in 2010, and characterized by deaths involving heroin.
A third wave started in 2013, with deaths involving synthetic opioids, particularly illicitly manufactured fentanyl.”

Does Your Small Business Need Data Breach Insurance?

As Emily Mossburg, a principal with Deloitte Touche Tohmatsu LLP and resilient practice leader for Deloitte Advisory cyber risk services, notes, “An accurate picture of cyber attack impact has been lacking, and therefore companies are not developing the risk posture that they need.” The impact a cyber-attack can have on businesses can be devestating.
What is Data Breach Insurance?
Data breach insurance offers protection if a hacker attempts to hold a business to ransom.
Comprehensive data breach insurance will also offer practical support in the event of a cyber-attack on your business.
Data breach insurance can provide compensation for such loss of income, including where the hack has created damage to a business’s reputation.
Business owners operating in these categories need to take measures to protect their companies, employees, customers and data from such threats.
Or you may operate a mobile hairdressing business and store personal information of customers on a computer.
Virtually any business that relies upon and stores data is at risk of being hacked into.
Cyber liability insurance is another tool they can use to prevent financial disaster in the event of a malicious attack.” Some of the best data breach insurance policies cover the associated costs of the breach, including forensics, customer alerts, legal fees, crisis management and consumer identity monitoring.
Regardless of the size of business you operate and the industry you work in, if you store sensitive data, investing in data breach insurance would be an invaluable move in protecting your data, and safeguarding your business from attack.

The importance of adaptability: defining a data leader

The importance of adaptability: defining a data leader.
Let’s explore what they are: Ability to embrace change To work in Information Technology in the early 21st century is to live in an era of unprecedented – and accelerating – change.
New technologies are proliferating at such speed that even domain experts are struggling to keep up with new logos that appear in presentations summarising recent arrivals.
Established methods for functions such as software development, information management and governance and the design and development of architecture and infrastructure are cracking under the twin pressures of the “new” and the requirement to do more, more quickly, with the same or fewer resources.
It’s clear that these are challenging, but also exciting times for data leaders.
Little over two decades ago, the industry regarded business processes as ever-changing, but data structures as largely constant and stable.
Businesses believed that if they modelled their data correctly and exhaustively, they would be largely insulated from changes in the world around them.
But in an era when the big web properties can make thousands of changes to their web-sites every month, the idea that we should map each-and-every new attribute to a well-defined and fixed domain in half-a-dozen downstream target systems now appear quaint and other-worldly.
For today’s data leader, the volume of data – the tornado – is far less of an issue than the variety, and the complexity that comes with managing that variety.
Because to adapt is first to make intelligent choices about what is merely important – and what is vital.

Gartner’s 2017 emerging technologies hype cycle adds 5G and edge computing for the first time

Gartner’s 2017 emerging technologies hype cycle adds 5G and edge computing for the first time.
Virtual personal assistants, personal analytics, data broker PaaS (dbrPaaS) are no longer included in the Hype Cycle for Emerging Technologies.
The Hype Cycle for Emerging Technologies, 2017 provides insights gained from evaluations of more than 2,000 technologies the research and advisory firms tracks.
The eight technologies added to the Hype Cycle this year include 5G, artificial general intelligence, deep learning, deep reinforcement learning, digital twin, edge computing, serverless PaaS and cognitive computing.
Heavy R&D spending from Amazon, Apple, Baidu, Google, IBM, Microsoft, and Facebook is fueling a race for Deep Learning and Machine Learning patents today and will accelerate in the future – The race is on for Intellectual Property (IP) in deep learning and machine learning today.
Gartner predicts deep-learning applications and tools will be a standard component in 80% of data scientists’ tool boxes by 2018.
Google Research is one of the most comprehensive of all, with a wealth of publications and research results.
IBM’s AI and Cognitive Computing site can be found here.
The Facebook Research site provides a wealth of information on 11 core technologies their R&D team is working on right now.
Artificial general intelligence is going to become pervasive during the next decade, becoming the foundation of AI as a service – Gartner predicts that AI as a service will be the enabling core technology that leads to the convergence of ‘AI everywhere’, Transparently immersive experiences and digital platforms.

Data protection and information security arbitrage

Data protection and information security arbitrage.
GDPR sets out directives on data privacy and security, adopting a carrots and sticks approach to information security–the biggest stick being the EU’s ability to impose fines of up to 4% of global turnover or €20 million on firms that, in the judgement of regulators in Brussels, breach the new mandates or put the data of EU citizens at risk.
In the face of ever-increasing technical cyber threats and potentially crushing fines, careful preparation for GDPR should be a significant agenda item for executives and board leaders of global businesses conducting commerce anywhere in the EU.
One primary concern is the likelihood that GDPR will create an information security arbitrage that will be deliberately exploited or inadvertently tripped as companies scramble to abide by these rules.
Indeed, the punitive approaches EU regulators have taken to non-European firms must give executives pause as GDPR and its considerable and vague red card system will be wielded.
Another complex challenge with privacy regulation and harmonization, is the extraterritorial nature of cyber threats.
With the advent of this new body of privacy and security regulations, one must also ask questions of how GDPR and individual privacy will compete with the growing wave of physical security threats across continental Europe and the world.
For a risk that requires abiding by the highest standards of care, a race to the bottom will not only be bad for business, it will be bad for global security.
In short, in addition to worrying about technical counters to complex digital risk, contemporary leaders must be mindful of unintended consequences when establishing far-reaching cybersecurity and privacy regulations.

Second-hand electronics store CeX hacked; up to 2 million customers compromised

A cyber-attack on Electronics retailer CeX has compromised personal data of up to 2 million customers, the company has confirmed.
Hackers walked away with names, addresses and phone numbers of 2 million CeX customers but no financial details were stolen.
Hackers behind the cyber-attack could not get their hands on any financial data but managed to compromise encrypted data from expired credit or debit cards that CeX stored prior to 2009.
Following the breach, CeX admitted that even though they had a robust security programme in place, additional measures were required to prevent such a sophisticated attack.
The same have been implemented by the retailer with the help of a cyber security specialist.
CeX has advised all registered users to immediately change the passwords for their webuy online accounts and to ensure that the old passwords weren’t used in any other accounts. “Although your password has not been stored in plain text, if it is not particularly complex then it is possible that in time, a third party could still determine your original password and could attempt to use it across other, unrelated services.
The CeX hack is yet another example of hackers targeting company servers that store personal details of millions of customers.
The law will bring in stringent guidelines on how companies will manage and store sensitive customer data and will also empower citizens with the right to get their personal data deleted from company servers.
If any company fails to comply with the new law, resulting in a breach that compromises customer data, the Information Commissioner’s Office will have the power to issue fines of up to £17m, or 4% of the company’s global turnover.

Is the EU Taking Sides? New Privacy Law Hits Facebook Harder Than Google

Yet that’s precisely what Europe’s new privacy law – the General Data Projection Regulation (GDPR) – does.
GDPR Net Catches Facebook, Lets Google Slip Through The GDPR is complicated, but one very intentional prohibition is the use of personal data to target ads without explicit consent.
Both Facebook and Google specialize in such algorithms, but it’s the way each does it that makes all the difference: Facebook targets ads by knowing who you are.
Emily, as we’ll call her, posts every milestone on Facebook: the closing, the new roof she has had installed, that perfect mid-century chandelier she bought.
Facebook Needs To Know Who You Are Facebook knows the best ads to serve because Facebook knows about Emily.
Google Doesn’t Need to Know Who You Are In contrast, Google can serve targeted ads based on searches alone.
It doesn’t matter that it’s Emily searching for a “roofer.” The only data Google needs to serve highly relevant and profitable ads to that some anonymous person in, say, the Denver area is searching “roofer.” And Denver-area roofers pay handsomely for such ads.
Where Facebook Goes from Here?
Nothing in the GDPR prohibits Facebook from serving non-targeted ads.
Unlike other countries, the US is unlikely to follow the EU’s lead on privacy.

Facebook Adware Attack

Facebook Adware Attack.
An adware campaign working, via Facebook messenger, is using targeted notes and URLs to trick Facebook users into clicking through to an installation screen for adware.
Alan Levine, an IT Security Veteran and Security Advisor to Wombat Security Technologies commented below.
Alan Levine, Security Advisor at Wombat Security: Why are criminals targeting this?
Cyber hackers may have multiple aims, but a consistent key objective is to compromise as many end user devices as possible.
What can organisations do to defend or mitigate such attacks?
What can users do to protect themselves?
First and foremost, although it wouldn’t be a popular choice, users of Facebook Messenger can protect themselves by taking a break, patiently waiting until Facebook’s security team addresses the malware, secures the Messenger vector, and eradicates the threat.
Cyber awareness training programs educate end users, and educated end users are more likely to do the right thing and less likely to be victimised by this kind of cyber-attack.
In this article Expert Comments Alan Levine alan levine awareness awareness training cyber cyber defense cyber threats defense end end users facebook facebook messenger messenger protect right security security advisor threats training users wombat security