CyberJudicata Weekly Debrief (1/20–24)
This edition of the Weekly Debrief covers Emotet risk, the DPO/CISO relationship, phishing, and Federal privacy law news.
"Emotet is considered one of the most damaging banking Trojans, primarily through its ability to carry other malware into an organization. The Department of Homeland Security's CISA (Cybersecurity and Infrastructure Security Agency) has issued a warning of increased activity around highly targeted Emotet attacks. Emotet's main threat is that it can act as a carrier (or "dropper") for a wide variety of different malware payloads."
"Recent data protection laws mean that the data protection officer and CISO must work in tandem to make sure users' data is protected.With strict data protection laws in place around the world (including GDPR and CCPA), it's vital that the data protection officer (DPO) and CISO work closely together. Although part of the DPO's job is to audit the CISO's security policies, it is essential that the DPO and CISO have a good rapport. Essentially, CISOs are concerned with security and confidential data, and DPOs are focused on privacy and personal data."
"The FBI's Internet Crime Complaint Center has issued an alert warning that fraudsters are using spoofed job application portals and websites to steal personal information, including payment card details, from would-be applicants."
"An annual report into the virulence of phishing scams has found that more than half of organizations dealt with at least one successful phishing attack in 2019. The 2020 "State of the Phish" report, by cybersecurity and compliance firm Proofpoint, was produced using data from nearly 50 million simulated phishing attacks sent by Proofpoint to end users over a one-year period. In addition, researchers combed through third-party survey responses from more than 600 information security professionals and analyzed the fundamental cybersecurity knowledge of more than 3,500 working adults in the US, Australia, France, Germany, Japan, Spain, and the UK."
"Last June, after a series of developments related to facial recognition and customer tracking, I warned that a Chinese-style social credit system was beginning to take shape in the United States. Among other things, a school district in western New York announced plans to deploy a facial-recognition system to track students and faculty; the Washington Post reported that airports had accelerated their use of facial-recognition tools, and the United States began requiring visa applicants to submit social media profiles along with their applications."
"The California Consumer Privacy Act (CCPA) has forced companies across the United States (and even globally) to seriously consider how they handle the personal information they collect from consumers. By its terms, however, the CCPA only protects the privacy interests of California residents; other "copy-cat" privacy laws proposed or enacted in other states similarly would only protect the rights of residents of each state."
. . .