Inside Out Security

Over the past few weeks, Kaiser Fung has given us some valuable pointers on understanding the big data stats we are assaulted with on a daily basis.  To sum up, learn the context behind the stats — sources and biases — and know that the algorithms that crunch numbers may not have the answer to your […]

It’s great to be Amazon to only have one on-call security engineer and have security automated. However, for many organizations today, having security completely automated is still an aspirational goal. Those in healthcare might would love to upgrade, but what if you’re using a system that’s FDA approved, which makes upgrading a little more difficult. What if hackers were able to download personal data from a web server because many weren’t up-to-date and had outdated plugins. Meanwhile, here’s a lesson from veteran report, Brian Krebs on how not to acknowledge a data breach. By the way, would you ever use public wifi and do you value certificates over experience?

In part one of our interview with Kaiser, he taught us the importance of looking at the process behind a numerical finding. We continue the conversation by discussing the accuracy of statistics and algorithms. With examples such as shoe recommendations and movie ratings, you’ll learn where algorithms fall short.

Recently in the security space, there’s been a spate of contradicting priorities. For instance, a recent study showed that programmers will take the easy way out and not implement proper password security. Antidotally, a security pro in a networking and security course noticed another attendee who covered his webcam, but noticeably had his bitlocker recovery code is printed on a label attached to his screen. When protocols and skills compete for our attention, ironically, security gets placed on easy mode. In the real word, when attackers can potentially create malware that would automatically add “realistic, malignant-seeming growths to CT or MRI scans before radiologists and doctors examine them.” How about that time when ethical hackers were able to access a university’s student and staff personal data, finance systems and research networks? Perhaps more education and awareness might be needed to take security out of easy mode and bring it in real-time alerting mode.

In the business world, if we’re looking for actionable insights, many think it’s found using an algorithm. However, statistician Kaiser Fung disagrees. With degrees in engineering, statistics, and an MBA from Harvard, Fung believes that both algorithms and humans are needed, as the sum is greater than its individual parts. Moreover, the worldview he suggests one should cultivate is numbersense. How? When presented with a numerical finding, go the extra mile and investigate the methodology, biases, and sources. For more tips, listen to part one of our interview with Kaiser as he uses recent headlines to dissect the problems with how data is analyzed and presented to the general public.

Should CISOs use events or scenarios to drive security, not checklists? It also doesn’t matter how much you spend on cybersecurity if ends up becoming shelfware. Navigating one’s role as a CISO is no easy feat. Luckily, the path to becoming a seasoned CISO is now easier with practical classes and interviews. But when cybersecurity is assumed to not be not very important. Does that defeat the leadership role of a CISO?

Scott Schober wears many hats. He's an inventor, software engineer, and runs his own wireless security company. He's also written "Hacked Again", which tells about his long running battle against cyber thieves. Scott has appeared on Bloomberg TV, Good Morning America, CNBC, and CNN. In the second part of our interview, Scott talks about the benefits of "layered security" and offers additional consumer security and privacy tips.

Scott Schober wears many hats. He's an inventor, software engineer, and runs his own wireless security company. He's also written "Hacked Again", which tells about his long running battle against cyber thieves. Scott has appeared on Bloomberg TV, Good Morning America, CNBC, and CNN. In the first part of our interview, we learn about Scott's experiences with credit card fraudsters and his data security lessons for small businesses.

With data as the new oil, we’ve seen how different companies responded. From meeting new data privacy compliance obligations to combining multiple data anonymized points to reveal an individual’s identity – it all speaks to how companies are leveraging data as a business strategy. Consumers and companies alike are awakening to data’s possibilities and we’re only beginning to understand the psyche and power of data.

By now, we’ve all seen the wildly popular internet of things devices flourish in pop culture, holding much promise and potential for improving our lives. One aspect that we haven’t seen are IoT devices that not connected to the internet. This podcast episode will provide all product manufacturers and IoT enthusiasts a few important lessons.

In the first part of my interview with Scout Brody, we cover why security systems aren’t binary, the value of user interface designers, and how to cross pollinate user personas with threat models.

The combination of business and technology-related challenges and the requirement to meet regulatory compliance obligations as well as managing risk is no easy feat. European officials have been disseminating information on how to prevent online scams, general tips as well as warning signs. Other attorneys have been reflecting on legislative developments to prepare for the year ahead. Meanwhile, businesses like Facebook and Reddit are finding their rhythm as they dance between running their business, meeting compliance requirements and keeping their users’ data safe and secure.

Tiffany C. Li is an attorney and Resident Fellow at Yale Law School’s Information Society Project. She frequently writes and speaks on the privacy implications of artificial intelligence, virtual reality, and other technologies. Our discussion is based on her recent paper on the difficulties with getting AI to forget. In this second part, we continue our discussion of GDPR and privacy, and then explore some cutting edge areas of law and technology. Can AI algorithms own their creative efforts? Listen and learn.

On the last week of the year, the Inside Out Security panelists reflected on the year’s biggest breaches, scams and fake everything. And is computer security warfare? Well, it depends on who you ask. A 7th grader trying to change her grades isn’t an enemy combatant. But keep in mind as another argues, “There's an opponent who doesn't care about you, doesn't play by the rules, and wants to screw you as fully as possible.”

Tiffany C. Li is an attorney and Resident Fellow at Yale Law School’s Information Society Project. She frequently writes and speaks on the privacy implications of artificial intelligence, virtual reality, and other technologies. Our discussion is based on her recent paper on the difficulties with getting AI to forget. In this first part, we talk about the GDPR's "right to be forgotten" rule and the gap between technology and the law.