The French government announced on Monday a “Paris Call” for talks to lay out a common framework for ensuring internet security, following a surge in cyberattacks which has dented confidence in global networks. The move aims to relaunch negotiations on a “code of good conduct” which have stalled since last year.
Officials said the text, to be presented by President Emmanuel Macron as he opens UNESCO’s Internet Governance Forum in Paris on Monday, has been signed by most European countries. China, Russia and the United States have not yet joined, although a source in Macron’s office said a “critical mass” of US players support the call, including Microsoft and the NGO Internet Society.
Read more about the Paris Call for cybersecurity talks on SecurityWeek.
On September 20, 2018, the White House released a new cybersecurity strategy with several important changes in direction meant to give government agencies and law enforcement partners a greater ability to respond to cybercrime and nation-state attacks.
The new U.S. cyber strategy makes one message clear: America will not sit back and watch when attacked in cyberspace. On the contrary, in areas ranging from critical infrastructure to space exploration to intellectual property protection, the USA will respond offensively, as well as defensively in cyberspace.
Read everything you need to know about the new U.S. national cybersecurity strategy on Tripwire.
The Golden State’s governor just signed a law barring companies from selling Internet-connected devices with preprogrammed passwords that are easy to guess or crack and leave them vulnerable to malicious hackers. Starting in 2020, all Internet of Things devices made or sold in California must come equipped with unique passwords, or a feature that requires the user to set their own unique password.
However, eliminating weak default passwords is an elementary move that only offers a basic safeguard against a sliver of digital threats.
The U.S. government and the state of California are butting heads over a newly-passed state law that enforces net neutrality regulations on internet service providers (ISPs). And experts say that the outcome of the feud between federal and state law has long-standing implications for the future of net neutrality.
Senate Bill 822, passed into law on Sunday, mandates a thorough set of regulations on ISPs ensuring they don’t discriminate against various types of content. But as soon as the California bill passed, the Department of Justice promptly hit back with a lawsuit alleging that its regulations are unlawful.
Read more about the ongoing battle over net neutrality on Threatpost.
It’s no secret, consumers are increasingly mindful of who is accessing, collecting, receiving, storing and otherwise processing their personal data. In an effort to standardize data protection requirements across the European Union and improve trust in the rapidly expanding digital economy, the European Parliament and Council introduced the General Data Protection Regulation (GDPR), which went into effect this past spring.
The GDPR is effectively changing the way business is conducted around the world, with massive implications for global ecommerce. And we’re now seeing the push for data protection in the United States with the adoption of the California Consumer Privacy Act of 2018 (CCPA).
Worldwide spending on information security products and services will reach more than $114 billion in 2018, an increase of 12.4 percent from last year, according to the latest forecast from Gartner. In 2019, the market is forecast to grow 8.7 percent to $124 billion.
“Security leaders are striving to help their organizations securely use technology platforms to become more competitive and drive growth for the business,” said Siddharth Deshpande, research director at Gartner. “Persisting skills shortages and regulatory changes like the GDPR are driving continued growth in the security services market.”
Read more about the predicted rise in security spending, and the drivers for it, on Help Net Security.
In late June, 2018, California passed a consumer privacy act, AB 375, that could have more repercussions on U.S. companies than the European Union’s General Data Protection Regulation (GDPR) that went into effect this past spring. The California law doesn’t have some of GDPR’s most onerous requirements, but in certain respects it goes even farther.
The California Consumer Privacy Act takes a broader view than the GDPR of what constitutes private data. The challenge for security, then, is to locate and secure that private data.
Read more about California’s new privacy law, AB 375, and learn how to be compliant on CSO.
With pressure to ensure consumer data is protected mounting, Gemalto today released the results of a global study which reveals that 65% are unable to analyze all the data they collect and only 54% of companies know where all of their sensitive data is stored. Compounding this uncertainty, 68% of organizations admit they don’t carry out all the procedures in line with data protection laws such as GDPR.
These are just some of the findings of the fifth-annual Data Security Confidence Index, which surveyed 1,050 IT decision makers and 10,500 consumers worldwide.
Read more about the findings of the fifth-annual Data Security Confidence Index on Help Net Security.
The enactment of the California Consumer Privacy Act of 2018 (CCPA) on June 28 is the latest in a series of new laws and regulations around the world that represent a fundamental shift from the reactionary approach to security governance we’ve followed since the 1980s.
Starting with the European Union’s General Data Protection Regulation (GDPR) and continuing with New York’s Department of Financial Services (NY DFS) cybersecurity regulations, privacy and security are now inextricably linked in the U.S.
Read how the CCPA, GDPR and the NY DFS regulations are driving a change in how businesses approach cybersecurity thanks to similar language found in all three policies: the duty to implement and maintain reasonable security procedures and practices, on Security Magazine.
“Technical irregularities” have the NSA scrambling to delete millions upon millions of phone and text message data records the agency should never have obtained under the USA Freedom Act.
While The New York Times reported the number of call detail records (CDR) the NSA was deleting was in “hundreds of millions,” the Associated Press clocked the number at “more than 685 million call records.” If that number is correct, then it came from the 534 million records the NSA collected in 2017 as well as the 151 million records collected in 2016, which was the first full year after the USA Freedom Act surveillance rules kicked in.
Read more about why the NSA has started deleting all call detail records acquired since 2015, something it has admitted in a public statement, on CSO.