The “zero trust” policy envisioned by President Biden in May when he signed an executive order to improve cybersecurity has begun taking shape with the release last week of a draft blueprint by the White House Office of Management and Budget (OMB). While Biden’s order covers the public and private sectors “and ultimately the American people’s security and privacy,” zero trust focuses on identifying and implementing best practices for the federal government’s digital platforms and processes. Deployment will take years of investment and effort. To help jump-start the initiative, some primers have hit the news feeds. Continue reading Government Pursues ‘Zero Trust’ Approach to Cybersecurity

European Union nations are voicing discontent over delays in enforcement of the General Data Protection Regulation (GDPR) implemented in May 2018. Earlier this month Ireland announced a $266 million fine against WhatsApp, after haggling to boost the original sanction of up to $59 million by the Irish Data Protection Commission (WhatsApp parent Facebook has European headquarters in Ireland). The situation has prompted calls to revise how the 27 EU member countries participate in overlapping cases, with expanded pan-EU rules also under consideration. Continue reading European Union Members Are Concerned Over GDPR Delays

A Securities and Exchange Commission investigation into the 2020 Russian cyberattack of SolarWinds has corporate executives concerned over the possibility that information unearthed in the probe will expose them to liability. Companies suspected of or known to have been downloading compromised software updates from SolarWinds have received letters requesting records of all breaches since October 2019, raising fears that sensitive cyber incidents previously unreported and unrelated to SolarWinds may be revealed, providing the SEC with details that many companies may never have wanted to disclose. Continue reading SEC Probe of SolarWinds Attack Concerns Corporate Execs

In the security world, “bug bounty” programs are becoming more common, from Facebook to the Department of Defense. Hackers who can reveal the hidden vulnerabilities of a device, system or corporation can reap significant financial rewards. Apple launched its program in 2016 and offers payouts of up to $1 million for the most elusive flaws. The tech giant reportedly spent $3.7 million on such exercises in the 12-month period ending in July 2021, during which time Google shelled out $6.7 million and Microsoft spent $13.6 million. Such programs have become a valuable tool in security maintenance, putting hackers’ inquisitive natures to productive use.  Continue reading Tech Firms Raid Security Flaws with ‘Bug Bounty’ Programs

Popular microblogging service Twitter plans to test new “social privacy” features in order to allow people to better control their identities and thus feel more comfortable using its social network. Among the features under consideration are the ability to edit followers’ lists and archive old tweets after an amount of time designated by the user, making it easier to hide tweets than a manual deletion. Staff researcher Svetlana Pimkina said Twitter determined through internal research that many Twitter users don’t understand the site’s privacy basics. Continue reading Twitter Plans to Test Social Privacy Features for User Control

Strider Technologies has debuted its Strider Shield platform that helps businesses better understand potential threats to intellectual property — including nation-state directed IP theft and supply chain threats — by combining online tracking tools often used by advertising agencies with data ingestion tools, natural language processing and various algorithms. Strider co-founder and chief strategy officer Eric Levesque said that Strider Shield allows an enterprise to collect thousands of data points such as email addresses, domain names and keywords to correlate against systems where the IP resides, in order to surface potential risks. Continue reading Strider Shield Technology Aims to Protect Intellectual Property

Since leaving the European Union, the UK government, which has inherited the EU’s General Data Protection Regulation (GDPR) that went into effect in 2018, is now faced with creating its own privacy laws in order to enact data transfer agreements with other nations. The EU stated that the new UK regulations must feature those that are equivalent to the GDPR. So far, the UK government has said that its privacy rules will be “innovation-friendly” and permit easier data sharing but eliminate the EU’s “box-ticking” requirements. Continue reading Post-Brexit, UK Plans to Create Its Own Privacy Regulations

At a White House summit, President Joe Biden asked leaders of Apple, Google, JPMorgan Chase and other major companies to step up their response to cybersecurity threats. The administration, which estimated that about half a million cybersecurity jobs remain unfilled, said it would assist in developing new guidelines for secure technology and assess the security of existing technology. Google, Microsoft, and insurance companies Travelers and Coalition have already signed on to the initiative. Microsoft plans to invest $20 billion over the next five years to integrate cybersecurity into its products and Google revealed its own $10 billion commitment. Continue reading White House Cybersecurity Summit Brings Leaders Together

China passed the Personal Information Protection Law (PIPL) for data privacy, to take effect November 1 of this year. The law is similar to the European Union’s General Data Protection Regulation (GDPR) and includes a requirement for organizations and individuals to minimize data collection of Chinese citizen’s personal data and obtain prior consent. Unlike the GDPR, however, the Chinese law is not expected to limit state surveillance or access to such data, though it could apply to lower-level government agencies. Continue reading China’s New Data Privacy Law Targets Big Tech Companies

Post-pandemic, companies now must decide whether to allow their employees to continue to work remotely or require them to come to the office. Although staff did work at home for about one-and-a-half years without too many problems, it’s not clear if that scenario will transfer to a post-COVID world. The lockdown was an unusual circumstance, and bosses and workers were forced to be flexible. Now, some say a hybrid work environment is likely to be two-tiered, with on-site workers getting more access, networking opportunities, promotions and pay raises.

Continue reading Weighing the Challenges of a Post-COVID Hybrid Workplace

The U.S. Senate introduced the Open App Markets Act to give consumers more control over their devices; stop app stores from ‘disadvantaging’ developers and allow them to inform consumers about lower prices and offer competitive pricing; improve the ability of startup apps, third-party app stores and payment services to compete; require devices to allow ‘sideloading’ of apps; and continue to protect privacy, security and safety of consumers. If voted into law, the Act could end Apple and Google’s monopoly over the app ecosystem. Continue reading Senate Measure Could Impact Developers, App Store Models

The U.S. Cybersecurity and Infrastructure Security Agency (CISA), part of the Department of Homeland Security, debuted the Joint Cyber Defense Collaborative (JCDC), which will leverage the expertise of Big Tech companies including Amazon, Google and Microsoft. According to CISA director Jen Easterly, the initiative’s aim is first to combat ransomware and cyberattacks on cloud-computing providers and ultimately to improve defense planning and information sharing between the government and private sectors. Continue reading U.S. Cybersecurity Agency Enlists Amazon, Google, Microsoft

Government-owned wireless company China Mobile has cut its use of non-Chinese suppliers to 5.4 percent from 11 percent in its last 2020 buying round. Hardest hit was Sweden’s Ericsson, whose 5G gear sales were cut to a mere 1.9 percent, compared to 11 percent in the 2020 round. China stated the move was “retaliation” for Sweden’s decision to ban Huawei Technologies and ZTE Corp. gear from its 5G networks. The U.S. also banned Huawei, the world’s biggest mobile gear maker, from its networks as have other regions in the world. Continue reading China Mobile Limits Purchasing From Non-Chinese Suppliers

The Federal Trade Commission (FTC), under the new leadership of chairperson Lina Khan, voted unanimously to enforce Right to Repair legislation. The vote will ensure that U.S. consumers will be able to repair their own electronic and automotive devices. The FTC published a report in May excoriating manufacturers for not adhering to the Right to Repair rules, one of them the Magnuson-Moss Warranty Act. The Right to Repair movement has been led by the U.S. Public Interest Research Group and iFixit, among others. Continue reading The FTC Votes Unanimously to Support Right to Repair Laws

Google is introducing new security solutions for Google Cloud, in addition to expanding availability of its Risk Protection Program. Google Cloud vice president and general manager Sunil Potti explained that the updates are part of a larger vision of “invisible security” within the cloud where silos will “eventually” disappear after all security tech is engineered into it. He added that, “rather than essentially build products that fix problems with other products … you have to hit the reset button and embrace something fundamental.” Continue reading Google Develops New Security Solutions to Strengthen Cloud