Authentic8 Blog Category: Policy

10 IT Weak Spots Hit Hardest by the Cybersecurity Talent Shortage

Illustration: 10 IT Weak Spots Hit Hardest by the Cybersecurity Talent Shortage - Authentic8 Blog

by Larry Loeb

About 350,000 IT positions that require cybersecurity knowledge and skills remain currently unfilled. What impact does the acute talent shortage have on critical day-to-day IT security tasks?


According to Bloomberg BNA, 2017 was the Year of the Data Breach. Major institutions and organizations suffered from damaging hack attacks and data leaks.

No wonder that in 2018, many CISOs are growing even more concerned about the acute talent and skills shortage in cybersecurity.

Critical areas and attack vectors go uncovered, due to a lack of personnel. Will more major trouble like last year’s Equifax hack be the result?

By 2022, industry observers expect a shortfall of 1.8 million infosec professionals. The effects of not having the right people in the right slots are varied, but one outcome seems certain: essential tasks will be left undone.

Which IT security to-dos are too easily missed?

A lack of awareness exacerbates the resulting risk for the organization’s overall cybersecurity

GDPR-in-a-Box: New Online Tool Helps Small and Medium-Sized Enterprises

Illustration: GDPR-in-a-Box: New Online Tool Helps Small and Medium-Sized Enterprises - Authentic8 Blog

The European Commission has published a new GDPR online tool to facilitate the application of its new data protection rules.

The General Data Protection Regulation (GDPR) takes effect on May 25th, 2018. The same rules apply to all companies offering services in the European Union or handling the protected data of EU citizens or residents.

This includes U.S. companies, even if they don't have subsidiaries in the EU. The new online tool was developed to assist small and medium-sized enterprises.

Guidance for practical application of GDPR

Knowledge of the new rules is not evenly spread. By some estimates, more than 80 percent of U.S. companies who will be affected (and may face stiff penalties if found non-compliant) have not adjusted their IT and data protection to the new GDPR reality yet.

The new website aims to help individuals, businesses (in particular SMEs) and other organizations to comply and benefit from the new data protection rules.

It includes GDPR basics -

Risk Management and Employee Cybersecurity

Illustration: Risk Management and Employee Cybersecurity - Authentic8 Blog

Risk management will be a central topic at the 3rd annual ALM cyberSecure conference in New York City this year.

The cross-industry gathering of thought leaders on December 4-5 aims to facilitate a holistic approach to data security, risk management and data governance.

Influential business leaders from the cybersecurity industry and high-ranking law enforcement officials will be convening with corporate risk management, compliance and law department leaders at the conference, which features speakers from numerous Fortune 100 companies.

Authentic8 Co-Founder and CEO Scott Petry will moderate a discussion panel on “Revamping Employee Cybersecurity Policies and Training to Mitigate Legal Risks” on December 4th.

Scott Petry will be joined on stage by Daniel Pepper, Vice President and Deputy General Counsel at Comcast; Adam Rubin, General Counsel of PrizeLogic; and Allen Brandt, Executive Director, Associate General Counsel and Chief Privacy Officer at the Depository Trust & Clearing Corporation.

Balancing IT security, data protection and privacy

Balancing IT security and data protection with the needs

ISPs & Privacy: Why it Matters, and How to Cover Your A$$

Illustration: ISPs & Privacy: Why it Matter, and How to Cover Your A$$NEWS, POLICY

Both the US Senate and the House of Representatives have cleared the way to remove privacy rules for internet service providers (ISPs) like AT&T, Charter, Comcast and Verizon. The President  signed the executive order to repeal these rules, which were originally put in place by the FCC in 2016 to protect consumers on the web. 

While the nation’s largest ISPs have pushed hard for this move, most internet users in the U.S. are only now learning that their entire web browsing history may be collected, sold, and/or used for marketing purposes - no  “opt-in” or other permission required.

This is a good time to take a step back and assess what it all means. The privacy rules were fairly recent and had not yet been enacted.  And, it's not back to the old state - the lawmakers went a step further, issuing a joint resolution that aims to ensure that the FCC will be barred

Personal Email at Work - the "Hillary Factor"

Illustration: Personal Email at Work - the Hillary Factor (blog post)Security, Policy

Hillary Clinton’s personal email workarounds during her term as Secretary of State have received much scrutiny in Washington and in the media.

All the political rhetoric aside, a question remains:

Why was she allowed to run her own email server? How could an employee dictate email security policy to IT?

Ready for the answer? Special treatment isn’t reserved only for senior politicians. Personal email workarounds could come back to haunt your organization, too.


Whatever happened (or not) on the privately hosted server that Hillary Clinton used to keep her personal email apart from official missives while she was serving as Secretary of State, one issue deserves more attention:

Why was she allowed to set up her own server in the first place?

Until today, nobody had really asked that question.  Cybersecurity pioneer Gene Spafford (Purdue University), whose interview with Bank Info Security I highly recommend, highlights the fact that policies are out of sync with users.

Like any