Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

If Ben Franklin lived today, he would add cyber threats to his shortlist of life’s certainties. For decades, bad guys have inflicted malware, theft, espionage, and other forms of digital pain on citizens of the modern world. They seek money, celebrity, and political secrets, and often get them. In 2020, hackers halted trading on the New Zealand stock exchange with a distributed denial of service (DDoS) attack.

Cloud computing is an integral part of most businesses globally. Technology has transformed the way businesses operate and thrive in the industry. However, the cloud industry has been facing huge challenges when it comes to complying with various data protection and data privacy standards. With the enforcement of the General Data Protection Regulation (GDPR), a lot has changed for most businesses.

At its core, HIPAA compliance is simply about maintaining patient privacy by ensuring the appropriate access to and use of patient data by your users. Electronic Health Record (EHR) solutions provide detail around when patient data is accessed, but without visibility into what users do with sensitive patient data after they access it, the risk of data breaches, compliance violations, and the investigations, fines, and reputational damage that comes with them, is significantly increased.

What is Data Safety, why is it important, and how do you go about designing into the foundations of your data environment? When you see the phrase "Data Safety", the chances are you think of Data Security. Most people do. What is far less likely is that you think of the other two pillars of Data Safety: Data Privacy and Data Governance. Clearly, all three pillars overlap.

Reduced costs, new revenue streams, greater customer trust and new markets The best data privacy programmes are granular. They assess the root of every data source, the nuances of every data use and the specifics of every way in which data is stored and shared. From that finite visibility, liabilities can be identified and appropriate remedies put in place that carefully balance the demands of the data subjects with the needs of the business.

A selection of this week’s more interesting vulnerability disclosures and cyber security news. For a daily selection see our twitter feed at #ionCube24. This first article makes a really good point of pointing out how ludicrous the apathy to tighten exposed service is. The cloud providers have done a lot to make it obvious vulnerable services are exposed, but no, people still can’t or ignore such advice. Is it lack of capability? Ignorance? Cost cutting? Maybe all of them.

Back in March, a hacking group known as DarkSide began a campaign on Colonial Pipeline’s IT network and billing systems. On May 7th, Colonial publicly announces the attack, shuts down servers and some pipelines and pays DarkSide $4.4M in ransom. On May 12th, Colonial restores operations and announces fuel delivery timelines amidst panic buying at gas stations.

COVID-19 contact tracing and personal cloud apps, what could possibly go wrong? A recent federal lawsuit, filed against the state of Pennsylvania and a vendor contracted by the state’s Department of Health, provides an interesting answer. The vendor in question was contracted “to provide contact tracing and other similar services” following the outbreak of COVID-19 in March 2020.

Residual risk is the threat or vulnerability that remains after all risk treatment and remediation efforts have been implemented. Even with an astute vulnerability sanitation program, there will always be vestiges of risks that remain, these are residual risks. Because they will always be present, the process of managing residual risk involves setting an acceptable threshold and then implementing programs and solutions to mitigate all risks below that threshold.

Anne Neuberger, Deputy National Security Advisor for Cyber and Emerging Technology, addressed President Biden’s executive order at the virtual RSA Conference this week. The executive order, announced on May 12, 2021, aims to safeguard U.S. cybersecurity and modernize cybersecurity defenses. As Neuberger explains, this executive order couldn’t come at a more critical time.