Microsoft’s new screenshotting, timelining, data-finding Recall feature for its AI-enhanced Copilot+ PCs has many security and privacy pros concerned about a new potential trove of valuable data for malicious hackers.

Some IT practitioners see helpful retrieval benefits for the enterprise, while others have their doubts about the personal data protection that the Recall feature returns. As the debate extends to a new technology, IT pros will need to decide to keep it off, turn it on, or settle somewhere in between.

Peter Waxman, group program manager at Microsoft, told IT Brew that enterprise customers will need to evaluate the feature for themselves.

“IT pros...have different security postures. If I’m a fin sector customer, my trading systems, my treasury systems have a different set of policies and controls than a bunch of my information workers or my marketing department,” Waxman said.

Read more here.—BH

Do you work in IT or have information about your IT department you want to share? Email [email protected].

General Data Protection Regulation compliance (GDPR) admittedly got a slow start. A lot of companies sorta assumed the odds of getting fined for their data privacy and security practices were slim to none.

But, uh…turns out, the situation has changed.

The EU has been hard at work closing loopholes and, thus, cracking down on companies of all sizes. GDPR compliance isn’t just necessary; it’s pressing.

Need a crash course on the entire sitch? 1Password put together this timely blog post to explain what’s changed, what kinds of violations are catching fines and repercussions, and how your biz can protect itself.

Give it a read—you’ll be glad you did.

Trust, but verify—especially when you’re coming face-to-face with disinformation in an election year.

That’s one of the things about the upcoming global election landscape for 2024 that RSA Conference Chief Strategy Officer Darren Shou told IT Brew he’s worried about. Shou said that trust in elections is in question, potentially endangering democracy and freedom the world over.

“There could be up to 2 billion people voting in 50 countries around the world this year,” Shou said. “So, this is a worldwide problem.”

Checking in. Trust and transparency are essential for the democratic process, Shou continued, and that means that IT leaders need to step up. He likened the threat surface to the old days of hacking—when the number of hackers surged as reverse-engineered scripts proliferated.

“It was a small group, and they could execute these really sophisticated attacks and high assurance systems,” Shou said. “But then you had the script kiddies who got the tools but didn’t happen to have those skills.”

Read more here.—EH

Do you work in IT or have information about your IT department you want to share? Email [email protected].

Recent industry reports have highlighted a high percentage of vulnerability exploits—and an early lead for attackers against organizations looking to find a patch.

Mandiant’s M-Trends, released in April, noted that exploits beat out phishing (second) and prior compromises (third) as the “most prevalent adversary initial infection vector” in the company’s annual study of incident response investigations. Some 38% of intrusions began with an exploit—a 6% increase from 2022, according to the research.

Verizon’s Data Breach Investigations Report, published in May, revealed a 180% increase YoY in vulnerability exploits as an initial step in a breach.

Rapid7’s 2024 Attack Intelligence Report, published on May 21, found that for the second time in three years, more mass compromise events arose from zero-day, or unknown, vulnerabilities than from the known, n-day vulnerabilities.

Verizon discovered a five-day median time for detecting exploitation of the Cybersecurity Infrastructure and Security Agency (CISA) Known Exploited Vulnerabilities (KEV) catalog. (Verizon also found that orgs, on average, took about 55 days to remediate 50% of CISA KEVs once patches became available.)

Keep reading here.—BH

Do you work in IT or have information about your IT department you want to share? Email [email protected].

Crack the code on AI deployment. Wish you had a roadmap to bring generative AI to your org? Discover yours at NVIDIA’s June 18 webinar, Deploying Generative AI in Production. You’ll learn how to manage AI inference at scale + see NVIDIA’s streamlined solutions come to life. Register here.