- 2017, August 3, IAPP, “Crownpeak acquires Evidon to boost consent management, UX offerings“
- 2017, August 3, Privacy Blog, “ProtonMail Professional – Encrypted Email for Organizations“
- 2017, August 3, The Mercury News, “Let’s not succumb to a moral panic over artificial intelligence“
- 2017, August 3, ZDNet, “In defending China demands, Apple loses privacy high ground“
- 2017, August 3, SSRN, “FTC Regulation of Cybersecurity and Surveillance“
- 2017, August 3, Hunton & Williams, “The Cost of Cyber Exposure: A Further Look A Lloyd’s Emerging Risk Report 2017“
- 2017, August 3, ZDNet, “Estonia steps up plan to counter cyber attacks by siting critical systems offshore“
- 2017, August 3, Geek.com, “Pirate Bay Co-founder: We’ve Lost the Internet to Capitalists“
- 2017, August 3, Los Angeles Times, “The start-ups that will help your company avoid becoming the next Uber“
- 2017, August 3, The Register, “Coming soon to a Parliament near you – UK’s Data Protection Bill“
One issue that never goes away and continues to grab headlines – cyber security. If it isn’t another company releasing a breach notification, then it is a report about governments working on offensive cyber capabilities, or yet-another-hack.
The most interesting article I found though relates to Estonia offshoring its critical systems. What an interesting move. One key concept – digital diplomatic immunity! Awesome.
That will put some encryption and data security measures to the test. Assuming a country can assure data security (as much as possible), then this could open the potential for cyber safe havens – somewhat like tax havens. Countries may compete on their data neutrality. It gets messy though once the data gets out on the Internet – how do you enforce this ‘diplomatic immunity’, or any kind of sovereignty, when information is just bits on the wire? It could be an interesting experiment though.
I keep coming back to encryption as the glue in this cyber security paper sculpture. We really rely so heavily on these technologies. So my next quest is to investigate their vulnerabilities. I am sure some Defcon or Black Hat presentations cover this area.
I have talked about this many times, but my ideal is to create a security framework that is by default secure – irrespective of human action. I have no idea how this could work at the moment. It is why I included the article about ProtonMail – email is such a gaping security risk.
Yet, security is only one side of the risk equation; there is also insurance and the response to a security breach when it happens. Emphasis on ‘when’.
My other focus will be on the insurance and technology products available to help organisations deal with the inevitable. I read a report yesterday that noted it takes an average of 61 days before an organisation even becomes aware of a breach. Then another 41 days to notify. That timeline needs to drastically compress. So we tools to have effective monitoring, and a quick notification to the market so that they can then take action to reduce their exposure.