This Week In Security - 06/01/2020
Red Cross Calls for Global Response to Cyberattacks
The President of the International Committee of the Red Cross, Peter Maurer, is one of a group of 42 international representatives calling for a united and proactive response to the current spate of healthcare-focused cyberattacks.
The plea comes after cyberattacks have disrupted healthcare facilities in France, the Czech Republic, Spain, Thailand, and the US. The World Health Organization has also seen a marked increase in “cybersecurity incidents”, according to the organization’s chief information security officer, Flavio Aggio.
In a letter published last week, the Red Cross and its supporters called for collective action to address the cyber attacks threatening “already fragile healthcare systems”, urging the world’s governments to “work together” “to reaffirm and recommit to international rules that prohibit” such threats.
The letter emphasized that, under the Geneva Conventions, “medical facilities and their staff must be respected and protected”, while reminding international leaders that “We don’t tolerate attacks on health infrastructure in the physical world, and we must not tolerate such attacks in cyberspace”.
Among those offering their support to the Red Cross’ appeal were representatives of non-government, international, and government organizations, including the president of Microsoft, Brad Smith, and the former US Secretary of State, Madeleine Albright.
Cybersecurity Industry Is Booming, Says Crunchbase
While the world economy struggles to stay afloat, the cybersecurity sector is one of the few flourishing at this challenging time.
The Crunchbase Opportunity Index Report found an increase in cybersecurity deals resulting in “first-quarter funding topping $1.5 billion”.
Cybersecurity is one of six sectors prospering during the global coronavirus pandemic. Others include unsurprisingly, collaboration and meeting software, Telehealth, Edtech, and Biotech.
According to the report, “Despite Coronavirus’ impact, each industry has surged in funding and shows signs of continued growth”.
Such growth is indicative of investors recognizing “the impact these industries have on the current state of the world” and “investing in companies that align with the reality of the economy”.
The US is leading the way, says Gené Teare, a data evangelist at Crunchbase, with 75% of the funds invested in 2020 having been put into US-based companies.
The UK and Israel are also seeing significant growth in their cybersecurity sectors, while “team collaboration software is expected to witness an increased demand in Asia Pacific owing to the growing trend towards digitization”.
Escobar’s Brother Sues Apple over FaceTime Hack
Digital security is important to us all but none quite so much as Roberto Escobar, brother of the infamous Pablo Escobar.
Roberto, also known as El Osito, is suing Apple for $2.6 billion, saying the lack of security on his 2018 iPhone X resulted in a hack that caused him “emotional distress”.
The former cartel member claims he purchased the phone after being assured that it was “the most secure device on the market”. When he subsequently received a life-threatening letter, El Osito “used his own resources to investigate how this individual had obtained his address”
El Osito says his investigations revealed that his FaceTime app had been hacked.
The lawsuit is only one approach El Osito is taking “to stick it to Apple”, having also launched the website, ripapple.com, which he claims will display “proof” of “how the people of the world were scammed by Apple Inc.”
This isn’t the first time El Osito has adopted such techniques and, earlier this year, launched a website called ripsamsung.com which redirected traffic to a web store selling the Escobar Fold phone which was basically a “Galaxy Fold… with gold foil covering… and a Pablo Escobar wallpaper pre-installed”.
Has the Two-Year-Old GDPR Been Put On Ice?
Has “current COVID-19 predicament” put its core privacy protections on hold or can the General Data Protection Regulation (GDPR) celebrate its second anniversary in style?
In April, the UK’s Information Commissioner’s Office (ICO) announced that it would balance the need for privacy and the implementation of the GDPR with an “empathetic and pragmatic” response that “reflects the impact of coronavirus”.
The ICO’s “softer touch” has given companies facing fines for violating the legislation “extra time to contest fines”. Those taking longer than the specified 72 hours to report a data breach could also be excused “if there’s a genuine COVID-19 reason” for the delay.
This is reassuring news for some, but for others, it suggests that privacy has been “put on hold” for the duration of the pandemic. As citizens watch their governments launch contact-tracing apps that map location data, it’s understandable that they balk at a level of surveillance that would, in “normal circumstances… be unacceptable”.
While the ICO feels the unique global situation calls for a different approach to privacy protection, it also maintains that “data protection can play a central role in promoting economic growth when we come out of this pandemic”.
Happy birthday, GDPR?