by Dawn Dunkerley
Contributing Editor

6 CISO New Year’s Resolutions for 2020 – Dark Reading

We asked chief information security officers how they plan to get their infosec departments in shape next year. 

Editor’s note: Great recommendations that, as a CISO myself, I will personally be focusing on in 2020 and beyond. 


Hacking School Surveillance Systems – Schneier on Security

Lance Vick suggesting that students hack their schools’ surveillance systems. “This is an ethical minefield that I feel students would be well within their rights to challenge, and if needed, undermine,” he said.

Editor’s note: A sobering note for our Education CIO and CISO friends; know the collection activities associated with your tools and make sure you have a robust privacy policy. The time to assume students can’t or won’t protest is past.


IoT Company Wyze Leaks Emails, Device Data of 2.4M – Threatpost

The Internet of Things vendor confirmed that customer data was left unsecured on an Elasticsearch database. An exposed Elasticsearch database, owned by Internet of Things (IoT) company Wyze, was discovered leaking connected device information and emails of millions of customers.

Editor’s note: Sit for a minute and think about how many Internet-connected devices you rely on daily (try not to weep like I did…) Do you trust that your information – or even your video/audio – are being protected? The power of the informed buying decision will be the way we change these practices.


Top Mobile Security Stories Of 2019 – Threatpost

Cybercrime increasingly went mobile in 2019, with everything from Apple iPhone jailbreaks and rogue Android apps to 5G and mobile-first phishing dominating the news coverage. Here are Threatpost’s Top 10 mobile security stories of 2019.

Editor’s note: We can’t forget the high-powered computing technology that we carry around in our pockets and purses. It will be key to understand the applications that are installed on your mobile devices and make smart choices to remove the ones that are unused or have unacceptable collection or privacy policies.


Operational Technology: Why Old Networks Need to Learn New Tricks – Dark Reading

Cybercriminals are maximizing their opportunity by targeting older vulnerabilities in OT environments. It’s time to fight back.

Editor’s note: I especially like the point here that attacks that are old and almost forgotten within the IT infrastructure will be used against your OT systems. As noted, “[the] vast majority of breaches are not caused by sophisticated attacks or advanced tactics, techniques, and procedures.” Keep that in perspective when making procurement decisions, and resist the allure of expensive tools when the process and human aspects of OT cybersecurity are lacking.


Secure New Internet-Connected Devices – CISA Current Activity

Original release date: December 31, 2019 During the holidays, internet-connected devices—also known as Internet of Things (IoT) devices—are popular gifts. These include smart cameras, smart TVs, watches, toys, phones, and tablets.

Editor’s note: We talked above about ongoing IoT events; don’t forget, now that we’re through the madness of the holiday season, to secure all the new toys that you received.


Leave a Reply

Your email address will not be published. Required fields are marked *