On May 26, the District Court found in the In Re: Capital One Consumer Data Security Breach Litigation that a report prepared by Mandiant concerning the Capital One data breach (Breach Report) was not protected by the work product privilege and must be turned over to Plaintiffs. What are some lessons to be learned from this data breach litigation response?
It is no secret that finding and recruiting strong Chief Information Security Officer (CISO) candidates is far from easy. Many CISOs typically stay in a role for a few years and subsequently are not able to dedicate adequate time to the development of junior leaders who could become the next wave of security leaders. Most organizations are forced to look externally for the experience they require. However, looking for outside hires also contributes to the shortage of potential internal leaders, as skilled professionals are often overlooked. For the security industry to thrive, this needs to change, and it starts with grooming the next generation of leaders.
According to a report from Cisco, 5G’s faster broadband (10 to 20 times faster than 4G) will enable 12 billion mobile-ready devices and IoT connections by 2022 compared to 9 billion in 2017. While this is great news for the rising number of smart device users globally, the increased connectivity can be taxing for IoT security. The combination of higher bandwidth and lower latency is a double-edged sword. While it enables new, exciting use cases like Vehicle-to-Vehicle and telemedicine, it is critical to not lose sight of the fact that it expands the scope of security threats, such as ransomware and botnets, among others.
Although the ransomware plague took a nosedive in terms of the victim count years ago, it’s still alive and kicking. It used to home in on any computers indiscriminately, but at some point, the malicious actors realized they could squeeze a lot more profit out of the enterprise than out of individual users. This shift made businesses the most coveted target for ransomware operators.
For the past 20 years, Justin Dolly, new CSO at Sauce Labs, has been leading security at public and private companies. Over the years, how has he built security teams and played a key role in risk management, security engineering and operations and compliance initiatives at the many companies he has serviced?
According to multiple sources, a bipartisan group of Senators plan to introduce a bill to regulate the use of contact-tracing and exposure notification apps. The bill, entitled the “Exposure Notification Privacy Act” is the latest in a series of bills that seek to regulate these new apps. The new bipartisan bill raises hopes that federal privacy legislation (albeit on a limited issue) may finally pass.
With the sudden shift to work-from-home operations, CISOs and security teams have an important role in strengthening business continuity by ensuring that current and future remote cybersecurity work policies do not create tradeoffs between usability and security. What are three steps to address this issue?
This month in Security magazine, we highlight COVID-19 and infosec's response. How has the sudden shift to remote work changed the roles of CISOs and security teams? Also this month, we profile Justin Dolly, CSO at Sauce Labs, his view on infosec and building security teams. In addition, security experts discuss continuous monitoring, radicalism, quantum technology, endpoint security and more.