Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Comments
Why Companies Should Care about Data Privacy Day
Newest First  |  Oldest First  |  Threaded View
Page 1 / 2   >   >>
bradshimmin
50%
50%
bradshimmin,
User Rank: Author
1/31/2020 | 9:45:14 AM
Re: Privacy
You are so right Ryan. It is all too common for companies to "whistle past the graveyard" when it comes to avoiding or just anticipating massively impactful events like this. The same thing has played out time and again with security events like corporate and governmental ransomware, making this perhaps one of those cognitive blindspots (I think it's optimism bias or something of the sort). 
WebHostingsChoice
50%
50%
WebHostingsChoice,
User Rank: Apprentice
1/31/2020 | 4:19:25 AM
Re: Privacy
Your website is a very nice platform for learning new thimgs and I have learned many things from your blog post. 
RyanSepe
50%
50%
RyanSepe,
User Rank: Ninja
1/30/2020 | 9:38:52 PM
Re: Trust
Yes but definitely optimstic. Not to say thats how we shouldn't look at things. But companies should also have to prove it to us. The old KGB saying of "Trust but Verify" is very important especially when it comes to consumer privacy.
RyanSepe
50%
50%
RyanSepe,
User Rank: Ninja
1/30/2020 | 9:37:04 PM
Re: Regulations
Implementation and enforcement are key. Its the difference between a good intention and a best practice.
RyanSepe
50%
50%
RyanSepe,
User Rank: Ninja
1/30/2020 | 9:35:41 PM
Re: Customer data
Yup agreed. Its unfortunate that the mindset that, "well if it didn't happen to me I don't care" is all too pervasive.
RyanSepe
50%
50%
RyanSepe,
User Rank: Ninja
1/30/2020 | 9:34:10 PM
Re: Legacy
Most defintely.I often hear the phrase, "Well thats how its always been done." Or "We can't change that." 

Well, that doesn't make it right and yes you can, its just easier for you not to.
RyanSepe
50%
50%
RyanSepe,
User Rank: Ninja
1/30/2020 | 9:32:03 PM
Re: Privacy
I would say yes to a degree and I am all for it. At this point unfortunately most companies have the mentality that it will never happen to us. The ones who haven't yet been burnt by the stove at least.
Dr.T
100%
0%
Dr.T,
User Rank: Ninja
1/30/2020 | 3:38:31 PM
Trust
Rather, it will require full company participation, support, and most importantly belief in the importance of protecting both company and customer data. I agree. Believe and trust. Customers should be able to trust the companies that they do the right thing.
Dr.T
100%
0%
Dr.T,
User Rank: Ninja
1/30/2020 | 3:37:16 PM
Regulations
The real risks posed by waiting to implement the measures defined in GDPR, CCPA, and other data privacy legislation begin and end with the customer. These are good start, implementation and widely use of them will define the success of them.
Dr.T
100%
0%
Dr.T,
User Rank: Ninja
1/30/2020 | 3:35:46 PM
Customer data
Irrespective of location, any company working with data, most especially those working with customer data, must take action. When it comes to a pint that the data owners are the customers not the companies then we may see some improvement on privacy.
Page 1 / 2   >   >>


COVID-19: Latest Security News & Commentary
Dark Reading Staff 6/1/2020
Stay-at-Home Orders Coincide With Massive DNS Surge
Robert Lemos, Contributing Writer,  5/27/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
How Cybersecurity Incident Response Programs Work (and Why Some Don't)
This Tech Digest takes a look at the vital role cybersecurity incident response (IR) plays in managing cyber-risk within organizations. Download the Tech Digest today to find out how well-planned IR programs can detect intrusions, contain breaches, and help an organization restore normal operations.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-13757
PUBLISHED: 2020-06-01
Python-RSA 4.0 ignores leading '\0' bytes during decryption of ciphertext. This could conceivably have a security-relevant impact, e.g., by helping an attacker to infer that an application uses Python-RSA, or if the length of accepted ciphertext affects application behavior (such as by causing exces...
CVE-2020-13758
PUBLISHED: 2020-06-01
modules/security/classes/general.post_filter.php/post_filter.php in the Web Application Firewall in Bitrix24 through 20.0.950 allows XSS by placing %00 before the payload.
CVE-2020-9291
PUBLISHED: 2020-06-01
An Insecure Temporary File vulnerability in FortiClient for Windows 6.2.1 and below may allow a local user to gain elevated privileges via exhausting the pool of temporary file names combined with a symbolic link attack.
CVE-2019-15709
PUBLISHED: 2020-06-01
An improper input validation in FortiAP-S/W2 6.2.0 to 6.2.2, 6.0.5 and below, FortiAP-U 6.0.1 and below CLI admin console may allow unauthorized administrators to overwrite system files via specially crafted tcpdump commands in the CLI.
CVE-2020-13695
PUBLISHED: 2020-06-01
In QuickBox Community Edition through 2.5.5 and Pro Edition through 2.1.8, the local www-data user has sudo privileges to execute grep as root without a password, which allows an attacker to obtain sensitive information via a grep of a /root/*.db or /etc/shadow file.