CyberJudicata Weekly Debrief (1/13–17)
This week's Weekly Debrief covers a variety of issues, like NSA general counsel's security warnings, IoT security's worst kept secret, Emotet malware, Washington state privacy law, and the CCPA.
"The U.S. government needs to do more to protect itself in cyberspace as adversaries’ technological capabilities rise, according to the departing general counsel of the NSA. Glenn Gerstell, who is leaving the NSA later this year, said the expanding threat landscape — caused by the combination of nation-state’s capabilities and the onset of technologies such as 5G, artificial intelligence and the internet of things — presented several challenges that the intelligence community must grapple with long after he leaves the agency."
"By improving access to data and taking advantage of them in fundamentally different ways to drive profitability, IT security executives are rapidly changing perceptions of their office. Although making better sense of and use of data may be standard fare in other areas of the enterprise, who knew that modern IoT cybersecurity solutions would become network security’s newest professional lever? Actually, we should have seen it coming, because digital transformation always starts with visibility and that’s exactly what market-leading IoT cybersecurity solutions are delivering."
"Malware described by the DHS as among the worst ever continues to evolve and grow, researchers from Cisco Talos, Cofense, and Check Point Software say. In a troubling development for organizations, security researchers are reporting a recent resurgence in activity related to Emotet — malware that the US Department of Homeland Security (DHS) has previously described as among the most destructive ever."
"Washington lawmakers are making another push to pass privacy regulations that govern companies’ collection and sale of people’s private digital information. A proposal to implement European-style data-privacy regulations — with more consumer rights about the personal information gathered — fell apart last year, in part because of questions about whether it offered enough protections and how it addressed facial-recognition programs."
"The holidays are over. 2020 is upon us. And for American businesses with any connection to California, this means one thing: the California Consumer Privacy Act (CCPA), America’s version of GDPR is here. It is a phased launch. The law is in effect. But the most onerous provisions will only take effect on July 1. That is when the California Attorney General may enforce the CCPA’s toughest requirements."
. . .