Friday Five: 11/9 Edition
Drone vulnerabilities, how CISOs are filling cybersecurity jobs, and how Kenya's new data privacy bill could impact the nation's tech sector - catch up on the week's infosec news with this roundup!
1. Ex-Employees Allegedly Steal Micron Trade Secrets Valued At Over $400 Million by Jai Vijayan
This is from late, late Friday, after we posted last week's Friday Five so we're giving it a pass and including it here. The U.S. Justice Department called out two companies, China’s Fujian Jinhua Integrated Circuit and Taiwan’s United Microelectronics Corporation for purportedly stealing proprietary tech from Micron Technology, an Idaho-based semiconductor manufacturer. The indictment accuses former Micron employees, including the president of a subsidiary in Taiwan, of stealing data on its Dynamic random-access memory (DRAM) technology to advance the two companies. The cost of the information is jaw dropping, ranging from $400 million to $8.75 billion.
2. How Kenya’s New Data Privacy Bill Could Hurt Its Economy by Sabina Frizell
We enjoy popping in on data protection regulations around the globe in this spot and this week is unlike any other. The Council on Foreign Relations has a piece on Kenya's new data privacy bill, currently awaiting review in Parliament there. The bill, which was released at the end of August, has plenty of pluses. It breaks down the duties of data processors and controllers, like having to secure citizens’ data by ensuring orgs have measures in place to protect the information from data breaches, etc. In the eyes of the author, a global public policy manager at Visa, the bill could choke data flows that have helped the country's tech industry thrive. It makes it illegal to send Kenyans data outside the country, something that could especially constrict startups according to the author. A fine read, especially if you’re curious about how foreign countries are implementing data protection laws in 2018.
3. The Mad Dash to Find a Cybersecurity Force by Paulette Perhach
The Times dug into a topic we've covered on this blog before: The cybersecurity skills gap. Paulette Perhach cites research from Cybersecurity Ventures and a report from Identity Theft Resource Center to illustrate it further but does a good job doing something others haven’t: Highlighted what companies are doing to combat it. She talks to a global CISO at IBM who says she's been reaching out to mothers returning to work and veterans to fill roles, even hiring candidates who may not have cybersecurity experience. And it's been working, she's added to her team by 25 percent over the last year.
4. How to Hack an Election (Without Touching The Machine) by David Karpf
Election Day has come and gone and while there were certainly issues - malfunctioning machines, etc. - there was no evidence of foreign hacking, at least per Homeland Security Secretary Kristjen Nielsen. Voting security issues aren't going away however and the problems aren’t necessarily tied to machines. Wired had a story this week via Dave Karpf, associate professor in the School of Media and Public Affairs at the George Washington University, about how viral information, rumors, and Twitter bots, voter suppression, and yes, voting machine tampering, can shape elections. The piece has one takeaway: We have some work to do.
5. DJI Drone Flight Logs, Photos and Videos Exposed to Unauthorized Access by Ionut Ilascu
If you follow drone security, an admittedly narrow niche of infosec, this report may not surprise you. If you don't -- here's some info on background: These devices are not 100 percent secure. Researchers with Check Point this week discovered that a popular line of drones, DJI drones, exposed user accounts to unauthorized access along with information that passes through the vendor's digital infrastructure, including flight logs, videos and images, flight maps, and live camera and microphone feeds. To blame? The company used the same cookie across its platforms, something that means if an attacker got ahold of it, they'd be able to do anything a DJI user would. The company fixed the issues earlier this year prior to the researchers’ disclosure this week.