The European Data Protection Supervisor (EDPS) is the European Union’s independent data protection authority, tasked with ensuring that the institutions and bodies of the EU respect data protection law. The following update shares an overview of the EDPS and presents the 2019 EDPS Annual Report.
The COVID-19 pandemic has led to a spike in businesses teleworking to communicate and share information over the internet. With this knowledge, malicious cyber actors are looking for ways to exploit telework software vulnerabilities in order to obtain sensitive information, eavesdrop on conference calls or virtual meetings, or conduct other malicious activities. While telework software provides individuals, businesses, and academic institutions with a mechanism to work remotely, users should consider the risks associated with them and apply cyber best practices to protect critical information, safeguard user privacy, and prevent eavesdropping.
NIST is releasing Draft NISTIR 8286, Integrating Cybersecurity and Enterprise Risk Management (ERM), for public comment. This report promotes greater understanding of the relationship between cybersecurity risk management and ERM, and the benefits of integrating those approaches.
According to Shyam Oza, Director of Product Management at Spanning, “The best way to protect your business from Ryuk is to avoid it. Avoidance comes when employees are educated in the matters of ransomware. Some employees do not receive the training, some do, and some know it all too well. Yet, human errors seem to be responsible for 90% of data breaches. Clearly, this tactic is not working.”
Epiq, a global leader in the legal services industry, today shared that it has taken its systems offline globally to contain the threat of a confirmed ransomware attack. The timeline for the online restoration of the systems remains unclear at the current time.
Tired of manually punching links into the Wayback Machine? As part of its newest update, the Brave desktop browser will automatically look up archived web pages when it encounters a broken or deleted website.
Governed under the auspices of OASIS, which offers projects a path to standardization and de jure approval for reference in international policy and procurement, the Open Cybersecurity Alliance (OCA) has announced the availability of the first open-source language for connecting cybersecurity tools through a common messaging framework, OpenDXL Ontology. Given the challenges of interoperability in the field of eDiscovery, data discovery and legal discovery professionals may benefit from this example of coordination, collaboration, and standardization.
Provided in this post is a compilation of informational article extracts that may be helpful for those seeking to learn more about cybersecurity and how it is approached from strategy and vision to interoperability and architecture by one of the most digitally-advanced and cybersecurity-savvy countries in the world, Estonia.
The Cyber Law Toolkit is a dynamic interactive web-based resource for legal professionals who work with matters at the intersection of international law and cyber operations. At its heart, the Toolkit currently consists of 14 hypothetical scenarios. Each scenario contains a description of cyber incidents inspired by real-world examples, accompanied by detailed legal analysis. The aim of the analysis is to examine the applicability of international law to the scenarios and the issues they raise. The Toolkit was formally launched on 28 May 2019 in Tallinn, Estonia.
“This was a deliberate and sweeping intrusion into the private information of the American people,” said Attorney General William P. Barr, who made the announcement. “Today, we hold PLA hackers accountable for their criminal actions, and we remind the Chinese government that we have the capability to remove the Internet’s cloak of anonymity and find the hackers that nation repeatedly deploys against us. Unfortunately, the Equifax hack fits a disturbing and unacceptable pattern of state-sponsored computer intrusions and thefts by China and its citizens that have targeted personally identifiable information, trade secrets, and other confidential information.”