Friday Five 2/18
Tech worker burnout, banning Pegasus, and more - catch up on the infosec news of the week with the Friday Five!
1. Tech worker burnout is reaching alarming levels by Jenny Darmody
You've no doubt heard plenty about it but if not this a fine explainer on a challenge facing many tech companies these days: Burnout. It's a high-level look, with ransomware, the cybersecuritry workforce gap, and the pandemic some of the top, compounding factors. Worth highlighting are a few of the ideas to alleviate stress floated later in the piece, including giving employees "recharge weeks," mental health days, and non-standard working activities such as walking meetings and mindfulness training.
2. Criminals Stole Data from 650K Via Wash. Licensing Hack by Paul Roberts
News from Government Technology, via The Seattle Times, on the damage stemming from a hack of the Washington Department of Licensing: Data on 650,000 individuals, including Social Security numbers, stolen. The information belonged to state professionals and business owners whose information was held on a breached state database, the department announced late last week. "Based on our investigation, [Department of Licensing] has sufficient reason to believe the Professional and Business Licensing System was accessed and records were acquired without authorization," says a note on the department’s website.
3. Pegasus Spyware Should Be Banned, EU Data Agency Warns by Aoife White
As news of Pegasus continues to spread - Amnesty International discovered this week that the personal assistant and father of a Polish senator was targeted by the spyware - groups are again calling for a crackdown. The European Union's data privacy head, the European Data Protection Supervisor, said on Tuesday that Pegasus should be banned in the EU. “The ban on the development and the deployment of spyware with the capability of Pegasus in the EU would be the most effective option to protect our fundamental rights and freedoms,” the EDPS said. The EDPS's statement may sway some authorities to halt using the surveillance software but it shouldn't be viewed as a mandate.
4. Public sector bodies’ use of cloud services probed in joint EU data protection enforcement by Natasha Lomas
More news from the EU: Data protection authorities are looking into how public sectors, including health, finance, tax, education and IT service supply and procurement, use cloud services. While the European Data Protection Board (EDPB) had previously acknowledged its plan to look into how cloud services are being used - as part of its oversight of compliance with its data protection rules and to look closer at contracts that involve data transfers out of the EU - but this is the first coordinated action its done around it.
5. Government Has 'Failed to Construct a Coherent Political Vision' for Data Protection, Experts Say by Alexandra Kelley
Ending the week on some not quite positive news, fresh from a hearing from the House Committee on House Administration held Wednesday on the lack of movement around passing federal data privacy laws. Shoshana Zuboff, a professor at Harvard Business School, cut straight to the point at one point, calling the United States' efforts so far a failure: “This failure left a void where democracy should be, leaving our citizens now to march naked into the third decade of surveillance capitalism, without the rights, laws and institutions necessary for a democratic digital future.” The U.S. Government Publishing Office (GPO), which is in charge of producing and distributing information products and services across the federal government, was used as an example of how other agencies should approach data privacy: “Robust protection of PII is critical to building trust with our customers and stakeholders,” Hugh Halpern, the director of the Government Publishing Office said during the hearing “Without that trust, we can never achieve our vision of an America informed.”