- For attackers, it’s almost a no-brainer: phishing is cheap and humans are fallible, even after going through anti-phishing training.
- When something gets through and someone clicks on a malicious URL, defenders must be able to simultaneously block the attack and show the victim what the phisher was attempting to do.
- Most CISOs assume phishing is a corporate email problem and their current line of defense is adequate, but they are wrong.
- “You’ve got to take a comprehensive, multi-layer phishing defense approach outside the firewall, where your biggest user population is working remotely, and inside the firewall for your internal users. You need to protect mobile devices and PC/Mac endpoints, with end-to-end encryption (E2EE) deployed.”
- “You also have to be mindful of corporate users’ personal side as their personal and business lives have converged, and many people use the same devices and same credentials across personal and business accounts."
- Zeljka Zorj | November 4, 2020
hak-iq.us20.list-manage.comNovember 4, 2020
- After years of planning and worry, polls closed on Election Day 2020 without the country's having seen any substantial public cyberattack.
- It's impossible to state for sure how much the lack of an apparent cyberattack was due to successful planning, a lack of a serious attempt from a dedicated adversary or pre-emptive cyberattacks from U.S. Cyber Command.
- While polls appeared to have closed without a major hitch, CISA cautioned that the window for hackers to affect the perception of the election's integrity could be open for weeks.
- Kevin Collier | November 3, 2020
hak-iq.us20.list-manage.comNovember 3, 2020California’s Proposition 24 – CCPA 2.0 Meets the California GDPR
- Proposition 24 is known as the California Privacy Rights Act of 2020 (CPRA). It is on the ballot in California on November 3, and if it passes it will amend and expand certain provisions of the California Consumer Privacy Act (CCPA).
- Two provisions in particular are very GDPR-like; specifically, the creation of the California Privacy Protection Agency (CPPA), which will become the regulator charged with implementing and enforcing both the CCPA and CPRA, and the expanded definition of sensitive personal information.
- CPRA creates a new category of data, similar to GDPR, for sensitive personal information.
- The CPRA requires businesses that sell or share personal information to provide notice to consumers and a separate link to the “Do Not Sell or Share My Personal Information” webpage and a separate link to the “Limit the Use of My Sensitive Personal Information” webpage or a single link to both choices.
- The CPRA triples the fines set forth in CCPA for collecting and selling children’s private information and requires opt-in consent to sell personal information of consumers under the age of 16.
- The CPRA expands the consumer’s private right of action to include a breach of a consumer’s email address and password/security question and answer.
- The above is NOT ALL INCLUSIVE.
JDSUPRA | October 30, 2020hak-iq.us20.list-manage.comNovember 3, 2020