Authentic8 Blog Category: Cloud Browser

GDPR in the US: After the British Airways Hack

Illustration: GDPR in the US: After the British Airways Hack - Authentic8 Blog

British Airways (BA) announced in September that it had fallen victim to a hack that affected the personal data of 380,000 passengers. The BA hack could be the first prominent test case for the European Union’s General Data Protection Regulation (GDPR) that went into effect in May.

How has GDPR impacted U.S.-based companies so far? Are they prepared for EU regulators cracking down on cross-border data protection failures and privacy violations? The BA attackers exploited a third-party vulnerability in the airline’s digital supply chain, taking a path we recently examined on this blog. What are the lessons to learn from the British Airways data breach?

On our Silo Sessions podcast, Authentic8 Co-founder and CEO Scott Petry discussed these questions as part of his ongoing GDPR conversation with Steve Durbin, Managing Director of the Information Security Forum (ISF).

P.S.: This Silo Sessions episode was recorded before the disclosure of the latest security breach at Facebook, a theft

Why You Should Be Fed Up With the Cycle of FUD

Illustration: Why You Should Be Fed Up With the Cycle of FUD - Authentic8 Blog

The upcoming election has created the perfect opportunity for the $100 billion cybersecurity industry to throw some fear, uncertainty and doubt — colloquially known as “FUD” — into the daily conversation.

Vendors see this as an opportunity to double down on their marketing to help congressional offices “defend democracy.” But they’re selling the same solutions that got these offices in trouble in the first place. Isn’t it time to try a different approach?

It’s important to understand that unlike other branches of government, each congressional office is responsible for their own security when it comes to their IT infrastructure. In many instances, offices outsource management of their systems to contracting agencies, which contributes to the problem.

Additionally, congressional offices and political parties were targets long before the industry took notice. Party staff are juicy targets for social engineering, phishing, and other forms of targeted attacks from APT groups. Stealing the data they’re holding can be a windfall for political adversaries