RSS subscription

Recent commentary
Skip Navigation Links.
Collapse 20162016
Collapse JuneJune
FTC Closes 70 Percent of Data Breach Investigations, Weighing PCI-DSS Standard
US Senator Wyden: Why I had to halt FBI's latest internet spying push
FBI’s Secret Surveillance Tech Budget Is ‘Hundreds of Millions’
Brexit Cybersecurity Ramifications Could be Significant
Silicon Valley firms are increasingly hiring chiefs of staff
Why the UK's vote to leave the EU will have little effect on its data protection rules
Fed Stress Tests: All Big Banks Clear Bar for Capital Requirements
Bills to foster cybersecurity, Homeland security relationship pass House
FCC Privacy Regulations: The Next Litigation Trend?
Orlando Shows the Limits of Facebook’s Terror Policing
Is Cyber Security Ripe For Consolidation?
Just How ‘Smart’ Do You Want Your Blender to Be?
More corporate shared folders in cloud filled with malware, research finds
5 Ways to Defuse Data Threat from Departing Employees
Huge FBI facial recognition database falls short on privacy and accuracy, auditor says
Cyber Security Executives Need To Step Up Their Game: Here's Why
Lockheed Martin announced a partnership with the Interset cyber security firm to develop protection programs against insider threats.
How Do You Identify Your Key Risks?
Terrorists gaining cyber capability to bring major cities to a standstill: U.K. intelligence chief
House Committee Votes to Create New Cybersecurity Division within DHS
Will a Cyberattack Cause the Next Big Bank Failure?
U.S. Cyber Command struggles to retain top cybersecurity talent
SWIFT Examines New Cyberattack Prevention Tech
Espionage cited as the US Federal Reserve reports 50-plus breaches from 2011 to 2015
49% of IT pros retain access to their ex-employer's network
Tech giants agree to EU rules on online hate speech
Opinion: Court's location data ruling spells the end of privacy
Why the World Is Drawing Battle Lines Against American Tech Giants
Snowden’s leaks were ‘public service’ – former US Attorney General
Expand MayMay
Expand AprilApril
Expand MarchMarch
Expand FebruaryFebruary
Expand JanuaryJanuary
Expand 20152015

Risk News

6/30/2016
FTC Closes 70 Percent of Data Breach Investigations, Weighing PCI-DSS Standard
"The Federal Trade Commission doesn’t investigate every reported breach, but when it comes to prosecuting data security cases it has an impressive 70 percent closure rate, according to agency officials."

Annie's take:

As I noted in another context last week, the FTC and the FCC seem to be doing all the heavy listing of late.

6/29/2016
US Senator Wyden: Why I had to halt FBI's latest internet spying push

"US Senator Ron Wyden (D-OR) has placed a hold on the 2017 Intelligence Authorization Bill – because it would allow the FBI to snoop on people's browser histories without a court order, and weakens oversight of the intelligence community."

Annie's take:

Thanks to Senator Wyden for the catch here. These small, incremental incursions by the FBI need to be beaten back every time.

6/28/2016
FBI’s Secret Surveillance Tech Budget Is ‘Hundreds of Millions’

"The FBI has “hundreds of millions of dollars” to spend on developing technology for use in both national security and domestic law enforcement investigations — but it won’t reveal the exact amount."

Annie's take:

Thanks to The Intercept for breaking this story. Commentary hardly needed, since the comments came ironically in the middle of a gathering designed to see if there were ways to cooperate with law enforcement without compromising security of the devices.

6/27/2016
Brexit Cybersecurity Ramifications Could be Significant

"After 43 years of inclusion, the UK has voted to leave the European Union in the historically unprecedented “Brexit” referendum vote. Aside from causing uncertainty in the world’s financial markets and across the political landscape, the result has implications for cybersecurity too."

Annie's take:

The author describes other forms of fallout that may not be immediately apparent after the vote.

6/26/2016
Silicon Valley firms are increasingly hiring chiefs of staff

"One evening in March, a group of tech industry elite sat around a table in the private dining room of a Michelin-star restaurant in San Francisco, listening to a talk about how to do their jobs."

Annie's take:

It's so rarely that the private sector imitates the public sector that it's worth publishing this article.

6/25/2016
Why the UK's vote to leave the EU will have little effect on its data protection rules

"With the haircut that the sterling-euro exchange rate has taken in the wake of the U.K.'s vote to leave the European Union, the U.K. has suddenly become a low-cost country for companies wishing to host or process the personal information of EU citizens."

Annie's take:

It's going to take a very long time to sort all thse matters out.

6/24/2016
Fed Stress Tests: All Big Banks Clear Bar for Capital Requirements

"The largest U.S. banks have significantly bolstered their defenses against an economic downturn, and could continue lending even during a deep recession, the Federal Reserve said."

Annie's take:

Some good news this morning.

6/23/2016
Bills to foster cybersecurity, Homeland security relationship pass House

"Two bills from Rep. John Ratcliffe (R-Texas) to foster relationships between Homeland Security and cybersecurity researchers passed the House on Tuesday night."

Annie's take:

It is astounding still to me what actually ends up in proposed legislation.

6/22/2016
FCC Privacy Regulations: The Next Litigation Trend?

"Last month the Federal Communications Commission ("FCC") closed the comment period for its proposed privacy regulations, which we previously wrote about here."

Annie's take:

Soon all we will have left to raise privacy issues will the the Federal Trade Commission (FTC) and the Federal Communications Commission (FCC). What a mess!

6/21/2016
Orlando Shows the Limits of Facebook’s Terror Policing

"Both leading up to and during his deadly assault on Orlando night club Pulse, Omar Mateen accessed his Facebook account."

Annie's take:

Facebook is a social network, not a tool of law enforcement. Are we expecting too much here?

6/20/2016
Is Cyber Security Ripe For Consolidation?

"With the most recent alleged terrorist attack on U.S. soil, as well as the many recent cyber security breaches being announced by U.S. multinational corporations, it appears as though the cyber security and security stocks in general that operate to protect Americans here and abroad may be ripe for consolidation and buyout offers, as the area is fragmented with equity companies that can benefit from mergers of equals."

Annie's take:

It will be interesting to see if Gartner is right here. Some level of consolidation will most certainly take place, but when and where? This is a global investment scenario.

6/19/2016
Just How ‘Smart’ Do You Want Your Blender to Be?

"In the land rush to digitize the world, the home is the new frontier."

Annie's take:

Most elements of the argument against the Internet of Things (IoT) are laid out here, in this thoughtful piece -- which illustrates why I still wear a pedometer rather than, for example, a FitBit.

6/18/2016
More corporate shared folders in cloud filled with malware, research finds
"About 11 percent of shared cloud folders contain nasty surprises, according to recent research.

Internet file sharing has long been a prime route for malware to spread."

Annie's take:

No surprises here, either. We have a long way to go where corporate hygiene is concerned.

6/17/2016
5 Ways to Defuse Data Threat from Departing Employees

"When employees leave a company and take sensitive data with them, intentionally or not, the repercussions can be massive."

Annie's take:

Sometimes it's intentional, but often it's accidental. Then, too, our notions of what is "ours" and "theirs" have become increasingly skewed as we teach people how to collaborate, how to work as teams.

6/16/2016
Huge FBI facial recognition database falls short on privacy and accuracy, auditor says

"The FBI has fallen short on assessing the privacy risks and accuracy of a huge facial recognition database used by several law enforcement agencies, a government auditor has said."

Annie's take:

As technology becomes more sophisticated and terrorism continues to rise, we are going to find more reports like this.

6/15/2016
Cyber Security Executives Need To Step Up Their Game: Here's Why

"Board members of large enterprise companies once viewed cyber security threats the same way they saw natural disasters: possible, but unlikely. Those days have changed."

Annie's take:

Will this threat make any different where conduct of security officials is concerned? Does the concern come with additional budget to solve the problems that cyber represents?

6/14/2016
Lockheed Martin announced a partnership with the Interset cyber security firm to develop protection programs against insider threats.

"One of the largest defense contractors in the United States is joining forces with the Interset cyber security firm to develop protection programs against insider threats within organizations, Lockheed Martin said in a press release on Monday."

Annie's take:

It will be interesting to see what the platform actually tracks once it is created -- and,of course, whether employees will be allowed to review the data that is collected on them.

6/13/2016
How Do You Identify Your Key Risks?

"I was at New York University last week for an International Center for Enterprise Preparedness (InterCEP) forum on urgent threats, which included roughly 75 participants from government, the corporate sector, and a small number of us from academia as well."

Annie's take:

This month's newsletter includes a research note by Divya Kothari on the American Health Care System, as well as my own thoughts on societal risks.

6/13/2016
Terrorists gaining cyber capability to bring major cities to a standstill: U.K. intelligence chief

"Robert Hannigan, the director of GCHQ, the British equivalent of the U.S. NSA, has warned that terrorists and rogue states are gaining the technical capability to bring a major city to a standstill with the click of a button. He said that the risk to cities like London would significantly increase as more physical objects – cars, household appliances — are connected online in what is called the Internet of Things."

Annie's take:

No surprises here, but perhaps we could begin to address the risks of connectivity around the Internet of Things.

6/11/2016
House Committee Votes to Create New Cybersecurity Division within DHS

"A key House panel on Wednesday voted to create a new Homeland Security Department agency that reflects the primacy of cyber protection among DHS’ protective responsibilities."

Annie's take:

Too many agencies in too many places in the federal government where cyber responsibilities are housed. Do we really need this?

6/10/2016
Will a Cyberattack Cause the Next Big Bank Failure?

"As the threat of cyberattacks against financial institutions has grown, the response by industry and government has matured."

Annie's take:

Some good analysis here by Glassman and Miller.

6/9/2016
U.S. Cyber Command struggles to retain top cybersecurity talent

This is a very tough problem. It would be great if we had something like two years of public service before launching into more lucrative careers -- that way, the government would get us while we were still fresh and full of ideas.

Annie's take:

6/8/2016
SWIFT Examines New Cyberattack Prevention Tech

If you're a financial institution using SWIFT, you'd better be paying attention.

Annie's take:

6/7/2016
Espionage cited as the US Federal Reserve reports 50-plus breaches from 2011 to 2015

"The U.S. Federal Reserve, the nation's central bank, detected more than 50 cybersecurity breaches between 2011 and 2015, including a handful attributed to espionage."

Annie's take:

Interesting report, but need it really be made public?

6/6/2016
49% of IT pros retain access to their ex-employer's network

"Half of IT professionals admit to maintaining access to their employer's network after leaving the company."

Annie's take:

This looks to be a UK study, so there is no way to generalize it, but I would say that in this country most large corporations do a much better job of cutting access to the network when an employee is terminated, and also of retrieving the departing employee's hardware.

6/4/2016
Tech giants agree to EU rules on online hate speech

"Tech companies Facebook, Twitter, Microsoft and Google, owner of video service YouTube, agreed Tuesday to new rules from the European Union on how they manage hate speech infiltrating their networks."

Annie's take:

This is a big win for the Internet -- now if only the same agreements could be negotiated with Asian, Middle Eastern and African countries.

6/3/2016
Opinion: Court's location data ruling spells the end of privacy

"A US appeals court ruing that the government doesn't need a warrant to track location data is a troubling development that further whittles away privacy protection in an era of pervasive data collection and tracking."

Annie's take:

Let's hope this decision gets appealed right away. In fact, it is a choice as to whether or not to turn on location services.

6/2/2016
Why the World Is Drawing Battle Lines Against American Tech Giants

"Imagine you are a French lawmaker. For decades, you have protected your nation’s cultural output with the diligence of a gardener tending a fragile patch against invasive killer weeds."

Annie's take:

Conduct risk meets culture risk.

6/1/2016
Snowden’s leaks were ‘public service’ – former US Attorney General

"Former Attorney General Eric Holder, who first wanted to see whistleblower Edward Snowden put in prison, now says the ex-NSA contractor did a “public service” by sparking a debate on government surveillance, but still insists Snowden should face trial."

Annie's take:

I agree with the former Attorney General.