Weekly News Roundup: April 2, 2018
South Dakota Passes Data Breach Notification Law
South Dakota recently became the 49th state to pass its own data breach notification law, leaving Alabama as the final state without a law in place. According to The National Law Review, “South Dakota’s new law creates a breach notification requirement for any person or business conducting business in South Dakota that owns or retains computerized personal or protected information of South Dakota residents. On trend with recent amendments to other state data breach notification laws, the South Dakota law includes an expansive definition of personal information.” This new law comes at a time when national data breach notification legislation is being actively explored by Congress.
Rep. Michael McCaul Releases Statement About Importance of Passing the Cybersecurity and Infrastructure Security Agency Act of 2017
In a statement released last Wednesday, Rep. Michael McCaul (R-Texas) said, “To ensure the continued success and strength of DHS’ cyber mission, we must remain laser focused to more effectively streamline and enhance vital cybersecurity operations. H.R. 3359 [the Cybersecurity and Infrastructure Security Agency Act of 2017] will achieve DHS’s longstanding goal of creating a stand-alone operational organization, better focused on its vital missions to strengthen the security of federal networks and our nation’s critical infrastructure, including electoral, while bolstering our civilian cyber-defenses. I look forward to working with my colleagues in the Congress and the Administration to get this to the President’s desk as soon as we can.” According to The Hill, “McCaul has led a multiyear push to reorganize the office, currently called the National Protection and Programs Directorate (NPPD). His stand-alone bill to reorganize and rename NPPD the Cybersecurity and Infrastructure Security Agency passed the House in December.”
Implications of the CLOUD Act Comfort and Concern Different Groups
After the CLOUD Act was passed as part of the recent $1.3 trillion spending bill signed by President Trump, various groups have wrestled with its implications. According to CNET, the new law “updates the rules for criminal investigators who want to see emails, documents and other communications stored on the internet. Now law enforcement won't be blocked from accessing someone's Outlook account, for example, just because Microsoft happens to store the user's email on servers in Ireland.” Tech companies appear pleased although members of Congress are still divided about the privacy implications. The same article noted that “privacy advocates at groups like the ACLU and the Electronic Frontier Foundation criticized the change, saying it lets law enforcement bypass constitutional protections against unreasonable searches.”
Cybersecurity Reports and Surveys Roundup
We’ve rounded up a few of the best cybersecurity reports and surveys released last week:
- Distil Networks' 2018 Bad Bot Report: Reported in SecurityWeek.com, “42.2% of all website traffic comes from bots; and 21.8% of it is down to bad bots.”
- Global cyber warfare market expected to reach $91.75 billion by 2025: According to a press release, “North America was valued at USD 8.22 billion in 2016 and is expected to hold a dominant share in the market by 2025.”
- BakerHostetler Data Security Incident Response Report Demonstrates Need for Cyber Resilience and Leveraging Compromise Response Intelligence: According to a press release, “The Report shows that phishing remained the leading cause of incidents at 34 percent, followed by network intrusions at 19 percent, inadvertent disclosure (such as an employee mistake) at 17 percent and stolen or lost devices/records at 11 percent.”
- Soft Target: The Top 10 Vulnerabilities Used by Cybercriminals: According to the report, “In 2017, exploit kits saw a 62 percent decline in development. Only a few exploit kits, including AKBuilder, Disdain, and Terror saw significant activity. Multiple factors, including more specific victim targeting, shifts to more secure browsers, and a rise in cryptocurrency mining malware likely led to the decline.”
- Ransomware isn’t going away and it’s not slowing down: According to research from Sophos, “54 percent of organizations were hit by ransomware in 2017.”
Testplant Acquires NCC Group’s Web Performance Division and Rebrands Combined Company to Eggplant
Testplant (now Eggplant), a test automation provider and portfolio company of The Carlyle Group, recently announced the acquisition of NCC Group, described in a press release as “a global expert in cyber security and risk mitigation.” According to the same press release, “The product suite enhancements will allow Eggplant to offer integrated AI-driven continuous testing and monitoring against critical business objectives. […] Eggplant will be able to enhance DevOps pipelines to link business, development and operations groups, offering customers a faster product delivery, unique visibility and continuous product improvement, while ensuring a digital experience that delights consumers.”