This week's Weekly Debrief includes articles covering a number of topics, including NIST exploring DevSecOps framework for agencies, the Cyberspace Solarium Commission's warning, ransomware gangs targeting larger targets, and data privacy news in Washington and NJ.
"The National Institute of Standards and Technology is exploring development of DevSecOps guidance for agencies that would normalize the concept of moving security “left,” back into the software development life cycle."
"A new report released today from the federal Cyberspace Solarium Commission opens with a dire warning: 'Our country is at risk, not only from a catastrophic cyberattack but from millions of daily intrusions disrupting everything from financial transactions to the inner workings of our electoral system.'"
"Targeted ransomware attacks continue to increase as gangs seek to obtain bigger ransom payoffs from larger targets, security experts warn. While attacks against individuals and mom-and-pop shops persist, today's more prized targets are big businesses with deep pockets, John Fokker, head of cyber investigations and red teaming for McAfee Advanced Threat Research, tells Information Security Media Group (see: Ransomware Attacks Growing More Targeted and Professional)."
"One of the most challenging executive tasks for CISOs is quantifying the success and the value of the cybersecurity function.Indeed, security leaders and their organizations have used a myriad of metrics over the years. Yet, many executives and board members have complained that those measures failed to provide them with adequate insight or understanding of how well the security department is performing, how it’s improving, and where it’s falling short."
"A bill that would have enacted data privacy regulations in Washington state failed to pass the state legislature before the session ended Thursday. The bill sought to have the state follow the lead of the European Union and California, the first major governments to grant consumers broad rights for privacy online."
"The march toward state-by-state regulation of Big Tech continues. To that end, lawmakers in New Jersey last week proposed legislation that would toughen data privacy guidelines and limit the information that tech companies can gather (and use) from consumers in that state. With the proposal, New Jersey joins other states such as Washington and Illinois, which have debuted data privacy legislation. Those states also join California, where its Consumer Privacy Act went into effect at the dawn of 2020."
"Who doesn’t have a drawer full of items they might need at some point, but haven’t used in months or even years? We’re all familiar with unintentional hoarding of things that may have been useful at one point but end up collecting dust and taking up unnecessary space. The same is true of data but holding on to it for too long can have serious consequences."