Security News

As the technology and tools to leverage stolen credentials advance, a more thoughtful approach to your organization's password policy is a highly effective way to reduce risk by better protecting your customers, network assets, and employees. Defenders can augment traditional password policy best practices with the ability to take action based on indicators observed within the cybercrime underground.

Although 96 percent of the 1,850 senior leaders within large organizations have a data sanitization policy in place, 31 percent have yet to communicate it across the business, according to a Blancco survey. Although 68 percent of respondents felt that ownership of data sanitization policies is clearly communicated within their organization, when asked who was responsible for their implementation, 18 percent of enterprises stated the DPO, 18 percent the Head of Operations, 17 percent the Head of IT Operations and 11 percent the CISO. This lack of clear ownership could suggest enterprises consider data sanitization to be a "'checkmark"' exercise that must be done to satisfy compliance or operational requirements and that they are not taking data risks seriously.

Given the tech industry's poor track record of protecting users data and controlling its environmental impact, regulators around the globe are stepping into the void. The policy issues run the gamut from spectrum sharing to data and privacy to the greening of the telecom industry as a whole.

The 10 top trends that will drive the most significant technological upheavals this year have been identified by Access Partnership. "Shifts in tech policy will disrupt life for everyone. While some governments try to leverage the benefits of 5G, artificial intelligence, and IoT, others find reasons simply to confront Big Tech ranging from protectionism to climate urgency."

Stopping software updates for legacy kit is nothing new, but it's the way the company has done it that has Sonos customers' hackles up. Sonos points out that it supports software updates on products for at least five years after it stops selling them.

Information Technology spending by Department of Defense and Intelligence Community agencies will continue to grow as they work to keep pace with the evolution of both the threat landscape and technology development, according to Deltek. IT solutions such as cloud computing, modern data management, big data, cybersecurity and artificial intelligence are in high demand by intelligence agencies with increasingly complex national security missions.

Google's Project Zero bug-hunting team has tweaked its 90-day responsible disclosure policy to help improve the quality and adoption of vendor patches. The vendor then has 90 days to fix the bug before Project Zero lifts the veil.

DPOs play a pivotal role in an organization's data management health and are required to report directly to the highest level of management. Some tasks that fall under the DPO role include advising on issues around data protection impact assessments, training, overseeing the accuracy of data mapping and responding to data subject access requests.

The more notable part of the announcement is Project Zero's decision to wait to disclose bug details until 90 days elapses, even if a patch becomes available before then. "For the last five years, the team has used its vulnerability disclosure policy to focus on one primary goal: Faster patch development," explained Willis, in a posting on Tuesday on the policy changes.

Google's Project Zero has updated its vulnerability disclosure policy to keep bug reports closed for 90 days, regardless of whether a patch is out before the deadline or not. The goal of this new policy, Google Project Zero's Tim Willis notes, goes beyond just attempting to speed up patching: thorough patch development and improved patch adoption are also a focus.