Risk News

Consumerism driving hospitals to break down cybersecurity boundaries
"It starts with hiring "hardcore cloud animals," to change the culture and rethink infosec’s role in patient experience."
Annie's take:

Good summary of the situation. I am myself an end user of software designed by my hospital to allow me to communicate with my doctor, and see my test results.
Twitter releases 10M tweets, reveals decade of foreign influence, including Russia’s efforts during 2016 election
"A dataset of more than 10 million Tweets released by Twitter Wednesday included a detailed picture of Russia’s attempt to influence voters away from Hillary Clinton and, eventually, toward Donald Trump."
Annie's take:

We're not surprised, except for the sheer volume of the operation.
No One Can Get Cybersecurity Disclosure Just Right—Especially Lawmakers
"When you give an organization your data, and then that data gets exposed or stolen, you probably want to know about it. Seems simple enough. If a friend lost your sweater, you'd expect him to tell you. But a seemingly endless parade of massive data exposures—including, most recently, at Facebook and Google—reveal just how complicated that practice of disclosure can be."
Annie's take:

It's a bloody patchwork of guidance (FTC, FFIEC, GLBA, GDPR) and rulemaking by states. Not a pretty picture, and I suspect it will be a long time before we see something else.
The Right to Vote is Hard Earned
"When the U.S. Constitution was adopted in 1789, it was meant to be a means by which the states ascribed powers to the federal government, but its first ten amendments -- the Bill of Rights -- defined limits on the federal government to enumerate constitutional protection for individual liberties."
Annie's take:

Feeling powerless? VOTE!
Takeaways from the Trump administration’s new counterterrorism strategy
"The White House’s just-released National Strategy for Counterterrorism is a worthy attempt to rationalize U.S. counterterrorism policy and contains many excellent ideas—its major flaw is that it is more aspirational than prescriptive."
Annie's take:

Good high level analysis of the document, along with a link to the new counter-terrorism strategy.
Facebook faces $1.6 billion fine as top EU regulator officially opens probe into data breach
"The Irish Data Protection Commissioner (DPC) has opened a formal investigation into the data breach at Facebook that affected nearly 50 million accounts."
Annie's take:

Facebook reported the breach so quickly as to avoid violating the 72 hour GDPR rule, but that won't save them from the fine.
Facebook's security breach shows even significant security investment might not help
"The biggest technology companies, finance firms and technology giants — including Facebook which now reports up to 50 million user accounts may have been taken over by criminal hackers — invest many millions in cybersecurity and still fall victim to significant attacks."
Annie's take:

This article covers not only Facebook but several other large data breaches, and makes a good point about looking forward.