CyberJudicata Weekly Debrief (3/16–20)
This week's Weekly Debrief covers COVID-19 and cybersecurity issues, quantifying cyber risk, cloud misconfigurations and the need for DevSecOps, the best/worst browsers for privacy, and privacy issues with sharing smartphone location data to help combat the spread of COVID-19.
"Risk. According to Mirriam-Webster the word has several meanings. First is "possibility of loss or injury: PERIL." A little down the list comes, "the chance of loss or the perils to the subject matter of an insurance contract, also: the degree of probability of such loss." Now, from a business perspective, we're getting somewhere."
"While organizations can take plenty of steps to ensure employees are well-equipped to work remotely in a secure manner, threat actors of all stripes are already taking advantage of the COVID19/coronavirus situation. Never ones to miss an opportunity, attackers are ramping up operations to spread malware via Covid19-themed emails, apps, websites and social media. Here’s a breakdown of potential threat vectors and techniques threat actors are using to attack organizations."
"Developers have become accustomed to deploying apps in data centers with what could be described as a 'crunchy hard outer layer,' to keep their data center secure. But when it comes to the public cloud, 'it just doesn’t exist that way,' said Ryan Olson, vice president of threat intelligence with Palo Alto Networks’ Unit 42 research team."
"As a result of the COVID-19 outbreak, cybercriminals increasingly are targeting organizations that now have more remote workers and fewer IT and security staff at the ready to mitigate hacker attacks and intrusions, security experts say."
"MICROSOFT EDGE RECEIVED the lowest privacy rating in a recently published study, which compared the user information collected by major browsers. Yandex, the less-popular browser developed by the Russian Web search provider Yandex, shared that dubious distinction; Brave, the upstart browser that makes privacy a priority, ranked the highest."
"The White House and the Centers for Disease Control and Prevention are asking Facebook, Google and other tech giants to give them greater access to Americans' smartphone location data in order to help them combat the spread of the coronavirus, according to four people at companies involved in the discussions who are not authorized to speak about them publicly."
. . .