Friday the 13th! Despite the day’s supposed bad luck, we’re hearing the economy could be headed for a soft landing—though that may depend on which big bank you ask.
In today’s edition:
 Q&A on CPRA
 Keyboard cavalry
—Eoin Higgins, Tom McKay, Patrick Lucas Austin
|
|
Demerzel21/Getty Images
It’s a new year, which means it’s time for some new rules—specifically concerning the management of your data. The California Privacy Rights Act (CPRA) became law on January 1, 2023, which means IT teams will need to be prepared for unique challenges around what’s primed to become the country’s most expansive and restrictive privacy regulation.
In December, IT Brew caught up with Ajay Bhatia, general manager and global VP at software company Veritas, to discuss how the law will affect both consumers and the companies managing their data.
This conversation has been edited for length and clarity.
Can you explain what the CPRA is and where it came from?
The CPRA is an extension of the CCPA, which is the California Consumer Privacy Act. That’s been around for a while. The CCPA protects consumers from mismanagement of their data. That act imparts the right to know, the right to delete, the right to opt-out, and the right to…non-discrimination.
Those are the…areas where the CCPA was established. It kind of took a lot of flak, because there was an inadequacy felt in the way the data was being managed—[if] I’m a consumer, I’m looking at a website, it says “manage all cookies,” I gotta go into settings to change things. There was a lot of more effort on the consumer side to be able to try and help the protection of their own data.
Read more here.—EH
Do you work in IT or have information about your IT department you want to share? Email [email protected].
|
|
|
Think of all you could accomplish if you ditched the spreadsheets and automated your security and compliance. You could catch up on reading, take a ceramics class, set up a pet camera and spy on your dog…
The possibilities are endless with help from Drata, a leader in cloud compliance on G2. It’s the most seamless way to automate compliance for 14+ standards, including SOC 2, ISO 27001, HIPAA, GDPR, and even custom frameworks.
Drata lets you build trust with customers and scale securely, making compliance easy and breezy thanks to 75+ native integrations that’ll power automation for ya. There’s also a Risk Management tool for end-to-end risk assessments and treatment flows.
Nyoom. That’s you, zooming through compliance with quality assurance and visibility. What you’ll do with all that free time is up to you.
IT Brew readers get 10% off and waived implementation fees here.
|
|
Japatino/Getty Images
2023 might have started with some major hacks, but 2022 was an unprecedented year for cyberwarfare. The Russian invasion of Ukraine was not only the biggest war in Europe since World War II, but the first cyber conflict waged on such a large scale.
In other words, a lot has changed. IT Brew spoke with experts about the lessons learned so far.
A changing threat landscape. Despite major incidents like the Viasat satellite network outage, Russia’s cyberwar has largely fallen flat. Ukraine has remained mostly online, and those attacks haven’t translated to any big strategic advantages. Nor have fears of massive digital retaliation against Ukrainian allies materialized, despite more tension than ever.
“I think everyone expected this to be a completely one-sided war, both in terms of the kinetic and cyberspace,” Mandiant Analyst John Wolfram told IT Brew. “Defense has a say in these things. It’s not just up to the attackers.”
According to research by Wolfram and Mandiant analyst Gabby Roncone, Russia’s GRU military intelligence agency has recently shifted to “living on the edge” tactics, targeting edge devices to gain rapid, persistent access.
“You don’t want to build out a bunch of different multifunctional wipers with cool features just to burn them in an operation,” Roncone told IT Brew. “It makes more sense to just take a really simple tool that does this disruptive job and modify it slightly.”
Insurers are getting wary. As the cost of cyberattacks has skyrocketed, so too have premiums, and insurer reluctance to cover sprawling damages from nation-state attacks. Ritz cracker giant Mondelez reached a settlement last year with insurer Zurich, which cited an “act of war” clause in refusing to cover over $100 million in damages from Russia’s 2017 NotPetya campaign.
Keep reading here.—TM
Do you work in IT or have information about your IT department you want to share? Email [email protected]. Want to go encrypted? Ask Tom for his Signal.
|
|
Francis Scialabba
Today’s top IT reads.
Stat: 21%. That’s the percentage of federal passwords that were cracked during a US Department of the Interior inspection. (Office of the Inspector General)
Quote: “If an attacker were able to find vulnerabilities in the API endpoints that vehicle telematics systems used, they could honk the horn, flash the lights, remotely track, lock/unlock, and start/stop vehicles, completely remotely.”—Researcher Sam Curry on the potential for disruptive car software hacks via security flaws in modern automotive systems (Ars Technica)
Read: Fear can inspire remote workers to protect their company’s IT security, according to a new report. (Washington State University)
|
|
-
Hackers took $250,000 in assets from NFT Investments, the British company said.
-
In-the-wild exploit has infected hundreds of SugarCRM servers; the company has issued an advisory and hotfixes.
-
How and when LastPass reported a breach that affected 33 million customers raises concerns about the limits and effectiveness of US notification laws.
-
Microsoft analysis of macOS vulnerabilities was taken down after accusations of plagiarism.
|
|
Check out the IT Brew stories you may have missed.
|
|
|
