With GDPR came a cascade of new privacy conversations. This week, we saw that conversation turn into action when the US’ National Institute of Standards and Technology announced it is extending its cybersecurity framework with a privacy framework. In their statement, they said the new framework will “bridge the gaps between privacy professionals and senior executives so that organizations can respond effectively to these challenges without stifling innovation.”
In theory, these privacy regulations and guidelines are meant to force good behavior by companies. But we have a long way to go to breaking bad habits. Our research found that even IT pros are breaking well-known password rules. In response to the sweeping password-hygiene issue, Google announced it’s going to add a baked-in password manager to Chrome to help push people in the right direction. Let’s be clear though, this doesn’t absolve each of us from doing our own security due diligence.
And speaking of privacy, on the data breach front, British Airways was breached, exposing customers’ personal and credit card data. While the airline seems to have addressed and disclosed it quickly, the breach serves as our weekly reminder that humans are the new security perimeter and attack ‘vector’ of choice today.
And in other cyberattack developments, a North Korean hacker who was behind the Sony breach and WannaCry was criminally charged this week by the federal government.
To close out this week’s news recap, let’s talk about bots. We’re long past the hot topic part of the bot conversation and what to do when the bots take over. What we should be discussing is what to do with these bots, especially as the stakes only grow higher on protecting data, or else. Bots aren’t people, yet they are accessing data, making decisions on that data and then performing actions around it. So, we leave you with this: Treat and govern your non-human users like you do your human users.
Until next week, stay secure!