What Is a Cybersecurity Legal Practice?
A cybersecurity attorney is not an auditor; this attorney does not sit in an
ivory tower doing oversight of the company’s information technology work.
Instead, corporate officers must recognize that a cybersecurity attorney must be
a part of the operational team. The attorney should be as involved in the
company’s operations as the information technology expert deploying new
defensive measures in the company’s networks. An effective cybersecurity
attorney has to be in the trenches, helping to develop the statements of work
for new contracts, negotiating information-sharing agreements, advising on legal
risks associated with the many and varied daily decisions of securing networks,
and managing the hour-by-hour response during an incident. ... Finally, a
cybersecurity attorney must be multilingual in the jargon of both law and tech.
One of the key jobs of such an attorney is to translate legal requirements (such
as obligations imposed by regulations) into design requirements and to
understand the technical details enough to ask probing questions, spot legal
issues and translate risks to organizational leadership.3 steps to meeting data privacy regulation compliance through identity programs
This focus on security, however, isn’t just a reaction to more cyberattacks. It also correlates with the enormous acceleration in digital transformation initiatives over the last year. Some industry experts dubbed it the shift from “cloud speed to COVID speed.” The pandemic forced a new way of working, and this ultimately means a new way of ensuring the security of how we work. It also means that companies store and manage more data in the cloud, which comes with its own regulatory compliance challenges. Every new process moved to the cloud, automated or made digital, has become a new vulnerability. Security teams need to manage these vulnerabilities to protect the data from a cyber-attack and ensure compliance with the latest data privacy regulations, such as the General Data Protection Regulation (GDPR) or the California Privacy Rights Act (CPRA). Other non-compliance issues will grow over the next year, especially as companies continue to remotely onboard and offboard customers and employees. These new processes will impact how to protect data and comply with the multiple different patchwork privacy regulations from various states and countries.Speed and resilience: Five priorities for the next five months
Over the past year, organizations have become well versed in the basics of
ensuring a safe working environment. More recently, however, companies have
reported that some of their workers appear to be more willing to participate
in higher-risk activities simply because they are tired of living with virus
restrictions. This will require a different type of intervention and
messaging, especially because newer COVID-19 variants pose a high risk and may
be transmitted in ways that are not yet fully understood. Employers have a
unique societal role to play in vaccination; they are important voices and can
help reduce the friction associated with getting the vaccine. Self-reported
data from a wide range of organizations point to individual and team
productivity being higher than before the onset of the pandemic, but not
uniformly so. According to a McKinsey survey, productivity is up for about
half of all workers, with the other half reporting no change or lower
productivity. The same survey suggested that, while the inability to
disconnect is a real concern, increased productivity is correlated to a
willingness to change how people work. Quantum computing may be able to solve the age-old problem of reasoning
The results show that the quantum machine could use inference models to draw
conclusions. Probabilistic inference, which means the incorporation of
uncertainty into computer programming, is particularly suited to quantum
computers, Fiorentini said, because "quantum models have been proven to be
more expressive, easier to train under certain circumstances." In practical
terms, this means that quantum computing can be useful to solve both
scientific and engineering problems. The results are "quite flexible,
surprisingly robust, and can be applied in many fields," said Fiorentini. For
instance, he added, Bayesian networks have traditionally been used in
predictive maintenance of mission-critical equipment, such as jetliners and
jet engines. "You model a system, and then you perform inference on the model
by asking certain questions and by figuring out if the system is stable,
reliable, and robust--or is about to break down--so you can intervene,"
Fiorentini said. "And which part is signaling the stress more strongly?"
Medical diagnostics is another field that can benefit from these results.
Although it can't be exactly applied from the results of this study,
"continuing in this direction, some of these techniques are applied to drug
discovery," Fiorentini noted.FBI: APTs Actively Exploiting Fortinet VPN Security Holes
Once exploited, the attackers are moving laterally and carrying out
reconnaissance on targets, according to officials. “The APT actors may be
using any or all of these CVEs to gain access to networks across multiple
critical-infrastructure sectors to gain access to key networks as
pre-positioning for follow-on data exfiltration or data encryption attacks,”
the warning explained. “APT actors may use other CVEs or common exploitation
techniques—such as spear-phishing—to gain access to critical infrastructure
networks to pre-position for follow-on attacks.” The joint cybersecurity
advisory from the FBI and CISA follows last year’s flurry of advisories from
U.S. agencies about APT groups using unpatched vulnerabilities to target
federal agencies and commercial organizations. For instance, in October an
alert went out that APTs were using flaws in outdated VPN technologies from
Fortinet, Palo Alto Networks and Pulse Secure to carry out cyberattacks on
targets in the United States and overseas. “It’s no surprise to see additional
Fortinet FortiOS vulnerabilities like CVE-2019-5591 and CVE-2020-12812 added
to the list of known, but unpatched flaws being leveraged by these threat
actors,” said Narang.How AI-powered BI tools will redefine enterprise decision-making
In this fourth wave, the traditional order of BI will be inverted. The traditional method of BI generally begins with a technical analyst investigating a specific question. For example, an electronics retailer may wonder if a higher diversity of refrigerator models in specific geographies will likely increase sales. The analyst blends relevant data sources (perhaps an inventory management system and a billing system) and investigates whether there is a correlation. Once the analyst has completed the work, they present a conclusion about past behavior. They then create a visualization for business decision makers in a system like a Tableau or Looker, which can be revisited as the data changes. This investigation method works quite well, assuming the analyst asks the right questions, the number of variables is relatively well-understood and finite, and the future continues to look somewhat similar to the past. However, this paradigm presents several potential challenges in the future as companies continue to accumulate new types of data, business models and distribution channels evolve, and real-time consumer and competitive adjustments cause constant disruptions.How Going Back to Coding After 10 Years Almost Crushed Me
3 Reasons In-Memory Computing Is Essential for Microservices
The more advanced in-memory platforms support high-performance multiregion global architectures. This enables zero-downtime business operations via a high-performance shared memory layer that supports them. This also simplifies scaling up these services to more fully leverage the promise of cloud native and serverless. They also provide features such as automated disaster recovery, zero down-time code deployments (blue-green deployments), rolling product upgrades, as well as tools to integrate these seamlessly into modern cloud DevOps automation tools and new AIOps tools that help monitor these architectures and deliver auto-scaling and autonomous troubleshooting. For a concrete example of how these could be employed, imagine having many microservices in an online shopping application These include separate capabilities that power browsing for products, adding and removing items from a shopping cart and so on. More so, each one of these microservices can be somewhat independent from one another. But, some actions like checking out, fulfillment and shipping may require multistep orchestration and some roll-back behavior.Keeping your data safe from hackers while working from home
One of the big changes the move towards remote working has brought about is
removing employees from the protection of the corporate firewall. Working from
inside the office provides people with anti-virus and other protections that
can help to filter out some attacks. Now, instead of this, many people are
working from their own computer from their homes, where they may not have
anti-virus at all – and their home router won't provide a robust defence
against attackers like a corporate firewall would. Criminals know this and are
looking to take advantage with cyberattacks, especially when people – rushed
off their feet while balancing working from home with the rest of their life –
might unintentionally click on a phishing link or respond to a request that
appears to come from a colleague but is actually a cyber criminal. "Humans are
are ultimately fallible. Unfortunately it's the organic matter behind the
keyboard, which is often the vulnerable part of the loop," says Troy Hunt,
creator of HaveIBeenPwned and digital advisor to Nord Security. Booking.Com's GDPR Fine Should Serve as 'Wake-Up Call'
While the incident itself was troubling, the Dutch Data Protection Authority called out Booking.com for its response to the breach. The company, according to the report, first found out about the security lapse on Jan. 13, 2019, but waited until Feb. 7 of that year to alert authorities. Under GDPR rules, organizations must report a breach within 72 hours of its occurrence. By the time Booking.com notified the Dutch Data Protection Authority, more than 20 days had elapsed. Monique Verdier, the vice president of the Dutch privacy watchdog, noted in the report that the delay in reporting the incident could have put additional customers at risk and showed a disregard for their data. "That speed is very important for the victims of a leak," Verdier said. "After such a report, the AP can, among other things, order a company to immediately warn affected customers. In this way, for example, to prevent criminals from having weeks to continue trying to defraud customers." A spokesman for the company could not be immediately reached for comment on Friday, but the report notes that Booking.com would not appeal the fine.Quote for the day:
"Enjoy the little things, for one day you may look back and realize they were the big things." -- Robert Brault
