CyberJudicata Weekly Debrief (2/3–7)
"The National Institute of Standards and Technology has unveiled a pair of draft practice guidelines that offer updated advice and best practices on how to protect the confidentiality, integrity and availability of data in light of increasing threats from ransomware and other large-scale cyber events."
"It may sound creepy and unreal, but hackers can also exfiltrate sensitive data from your computer by simply changing the brightness of the screen, new cybersecurity research shared with The Hacker News revealed. In recent years, several cybersecurity researchers demonstrated innovative ways to covertly exfiltrate data from a physically isolated air-gapped computer that can't connect wirelessly or physically with other computers or network devices."
"With apologies to the Beastie Boys: You gotta fight for your right to privacy. America’s first broad data privacy law, the California Consumer Privacy Act, went into effect Jan. 1. These days, a wild range of companies gather and sell your data, from Ford and Chipotle to Uber and Walmart. Now the CCPA gives you the power to say cut it out."
"Recently, the Supreme Court denied cert on the lower court case of Patel v. Facebook, allowing the lower court ruling to stand. The company agreed to a $550 million settlement with the class of plaintiffs a few days later. This is the latest case to use private right of action, or individual and class-action lawsuits, as a method of enforcement for the Illinois Biometric Information Privacy Act (BIPA)."
"The last decade ushered in a global takedown of personal privacy unlike anything we’ve seen in history. Our likes, dislikes, fears, hopes and medical conditions are bought and sold freely every day. We are open books, and the readers are the tech companies and their advertisers. Personal data is now one of the largest parts of the world’s economy."
"Digital privacy is one side of a two-sided policy coin. Virtually all attention to date has been focused on developing legal and regulatory remedies to address this pervasive public concern. But in doing so, they have devoted little attention to the flip side—namely, digital hacking. Although data systems that are thought to be secure from intrusion may be the result of random technological breakdowns or human error, there usually are far less benign explanations for major cybersecurity breaches that expose personal information on a massive scale."
. . .