Some notable stats showed up in the recently-released 2017 Veracode State of Software Security report: while “nearly a third (29 percent) of survey respondents indicated that they are actively pursuing digital transformation projects [and] … a further 29 percent stated that they are either planning for or considering digital transformation projects for the future,” there still seems to be a significant knowledge gap among business leaders with respect to the threats that prominent cyberattacks pose to their organizations. View Full Post
According to a recent Genpact study: Nearly two-thirds of consumers (63%) are worried that Artificial Intelligence is going to make decisions that will impact their lives without their knowledge Less than one-third (30%) are at least “fairly comfortable” with the idea of companies using AI to access their personal data Almost three-quarters (71%) say they don’t want companies to use AI that threatens to infringe on their privacy – even if it improves the customer experience As AI continues its inevitable expansion into consumer interactions, it’s important to develop strong, transparent and well-communicated privacy policies and practices around the data being accessed by the AI engines – especially before GDPR enforcement takes effect in May of next year. View Full Post
Per the Freedom of Information Act, US citizens have the right to access information from the federal government. We can visit Data.gov to search the more than 197,000 current datasets currently indexed on the site. While the intent is to leverage that data for the public good, there’s also an enormous amount of information available that could be used by bad actors to gather information about individuals, like the physicist in this article. View Full Post
A good lesson for technology providers: if security researchers reach out to you, acknowledge them as quickly as possible, especially when they’ve discovered a critical vulnerability. If you work with them to remediate the issue, you may be able to get a patch out before they feel the need to publish the vulnerability for the greater good – so that those affected are aware of the problem, and can try to mitigate the risk with compensating controls. View Full Post