The Industry’s Only SaaS-Delivered Enterprise DLP
Our unique approach to DLP allows for quick deployment and on-demand scalability, while providing full data visibility and no-compromise protection.
No-Compromise Data Protection is:
- Cross Platform
- Flexible Controls
IoT legislation, automation in cybersecurity, and privacy rights - catch up on all of the week's infosec news with the Friday Five!
1. Trump fires DHS cyber official, widely credited for repairing fractured relations with industry by Joe Uchill
Chris Krebs, the US government's top cybersecurity official, was fired Tuesday by President Donald Trump. The decision spurred a backlash as Krebs’ tenure has been a success by almost any measure, and he is widely credited with repairing the important relationship between the government and the cybersecurity community. Krebs helped shape CISA’s development over the last two years and made CISA into a trusted partner to help state officials keep elections secure. It is widely reported that Krebs was fired for his statements expressing confidence that the election was secure, and that there was little to no fraud, which by all accounts is correct, yet he was fired, because the president continues to dispute the results of the election. Regardless, Chris Krebs leaves the government with a strong reputation and a thank you from the cybersecurity community.
2. IoT Cybersecurity Improvement Act Passes Senate by Eduard Kovacs
The IoT Cybersecurity Improvement Act passed the Senate on Tuesday and is now headed to the White House for the president’s signature. The bipartisan legislation seeks to improve the security of Internet of things devices. Along with support from members of both parties, the legislation has the backing of major cybersecurity and tech companies. The law requires National Institute of Standards and Technology (NIST) to issue guidelines and standards for the development, patching, and identity, and configuration management of IoT devices. The law also requires all IoT devices purchased by the government to meet NIST’s standards. Finally, the bill also includes provisions that make it easier to report and patch vulnerabilities found in IoT devices.
3. Apple faces privacy case in Europe over iPhone tracking ID by Alex Hern
Max Schrems, the consumer rights activist, has filed a privacy case against Apple alleging that an ID generated by iPhone’s lets advertisers illegally track users. Schrems was previously involved in a successful lawsuit against Facebook, which led to a ruling that restricted data transfers from the EU to the US. The complaint against Apple focuses on the iPhone’s generation of an IDFA (Identifier for advertisers). The suit argues that even generating an IDFA might breach EU privacy law, since it is created without consumers’ knowledge or consent, nor can they prevent it from generating. Apple disputes the lawsuit and says it does not access or use the IDFA. One other interesting note: When the latest version of iOS was in beta, it required an active warning before developers could read the IDFA and offered users the ability to not share it. However, after complaints from advertisers, the feature was pulled.
4. Before automation can realize promise, companies have ground-level work to do by Derek B. Johnson
The article explores how businesses are trying to increasingly automate their digital security. This push towards automation is exemplified by SOAR, which is short for security, orchestration, automation, and response. There is a popular notion that AI and automation will help cybersecurity - for example, it would likely improve SOC response times; the article notes that the reality is more complicated. The idea that automation is an “easy button” and that it would let CISOs reduce staff and improve incident response is overly simplified as it ignores details such as how much work is required on the front end to clean up and standardize data to make it work properly. An automated system also leaves little room for nuance, which is important when sifting through the multitude of security alerts received a day. While the move to more automation and AI is exciting and will have some benefits for cybersecurity, there’s still a lot of groundwork to do.
5. Be Very Sparing in Allowing Site Notifications by Brian Krebs
The article warns users of allowing site notifications when prompted on their devices. While it may seem harmless, and sometimes it is, several firms pay website owners to install notification scripts that sell the information pathways to scammers. It’s difficult for some users to tell the difference between notifications sent by a website versus those appearing from the operating system. Sites and businesses that take advantage of this confusion are becoming increasingly popular and users should be wary of allowing or clicking on push notifications. The article also provides a helpful guide which has details for disabling notification prompts from Google, Firefox, and Safari to help you and your friends avoid the problem.