10/29/2018: Dtex, Insider Threat, Privacy News: Wyatt, Wilcox Provide Fed With Insider Threat Risk Reduction Advice; NIST Privacy Risk Framework Catching On
If you are a regular reader of the Dtex Systems weekly news blog, you're well versed on the string of insider threats and incidents that prey on the private and public sectors. The Waymo vs. Uber case and Anthony Levandowski highlight the insider threat problem taking place in private enterprise. Edward Snowden, Chelsea Manning, Reality Winner, Natalie Edwards, and Nghia Hoang Pho are all stark reminders of how pervasive the problem is in the federal government.
Both sectors are equally in need of attention when it comes to the insider threat, with Dtex doing all it can to help and advise organizations on how to reduce risk. Last week, Dtex CEO Christy Wyatt and VP of Federal David Wilcox, a 37-year NSA veteran, took up the task of helping the federal security community to cope with the challenge.
At Nextgov, in Insider Threats Are Alive and Well. Take These 6 Steps to Reduce Risk, Wyatt and Wilcox wrote that despite awareness of the insider threat problem, government agencies continue to fall victim to attacks. They added that there are steps organizations can take to reduce risk, which include these six:
1. Acknowledge your risk
2. Gain visibility
3. Enable early warnings
4. Find and use teachable moments
5. Be open
6. Respect privacy
Read the full byline of course, for greater details on the steps.
Privacy is becoming the new security, with governments and private enterprises rushing to assure the world that privacy is a top priority. With the enactment of the GDPR and signing of the California Consumer Data Privacy Protection Act, more and more individuals and organizations are calling for stronger privacy regulations and protections. Even data-driven companies like Facebook and Google, sharply criticized for their alleged data abuses, are voicing support for related legislation.
As proof that privacy is advancing as a priority, this month we witnessed several significant events.
Apple CEO Tim Cook openly criticized and denounced what he calls the data-industrial complex in a speech made in front of the European Parliament. As reported by The Wall Street Journal, Cook said:
“Our own information—from the everyday to the deeply personal—is being weaponized against us with military efficiency. Today, that trade has exploded into a data-industrial complex.”
The U.S. Department of Commerce’s National Institute of Standards and Technology (NIST) hosted its first public hearing on the development of its Privacy Framework during the International Association of Privacy Professionals (IAPP) Privacy. Security. Risk. 2018 event. According to NIST:
The envisioned privacy framework will provide an enterprise-level approach that helps organizations prioritize strategies for flexible and effective privacy protection solutions so that individuals can enjoy the benefits of innovative technologies with greater confidence and trust.
In Federal Computer Week, writer Josh Mayfield, positioned the framework as necessary to the future of the Internet. In A necessary plan for managing privacy risk, Mayfield wrote:
" ... government has a ceaseless commitment to respond and adapt to the needs of its citizens. And in response to citizen demands, governments are initiating laws and regulations to protect individual privacy.
Dtex agrees. As a company that is in the middle of the security and privacy debate, we've already taken giant voluntary leaps towards privacy protection. Organizations that want to advance forward in security and privacy, should have a look at some of the assistance Detx can provide: