3 Interesting Articles

Fight over Kids Online Safety Act heats up as bill gains support in Congress
Cyber Scoop: As we discussed in our Privacy in 2023 webinar, a trend we continue to see is keeping children’s privacy safe and growing legislation around this issue. The Kids Online Safety Act (KOSA) is newly reintroduced legislation that seeks to impose guardrails on tech companies to improve children’s mental health and safety. It would prevent platforms from promoting eating disorders and suicide to users under 17 years old and require companies to give parents tools to monitor a minor’s use on a platform. Some organizations such as the ACLU oppose the potential law, stating that KOSA would be a step backwards in making the internet a safer place for children because it would police their users and censor their content under a pretense of a “duty of care.” But even with some opposition, support for KOSA keeps growing and the bill now has over 30 cosponsors in the Senate.

What the Cybersecurity Industry Can Learn From the SVB Crisis
Dark Reading: As discussion continues around the collapse of Silicon Valley Bank (SVB), the cybersecurity industry can learn from the banking industry’s safeguards designed to lower financial risk. Organizations that depend on SaaS solutions as a vital component of their daily business operations should consider the following in the event of a data breach or cyberattack: mandating consistent and detailed reporting in security and risk will allow for enhanced accountability and transparency. In addition, having a communications strategy is also a crucial element in maintaining trust and ensuring organizations can operate effectively without the risk of sudden disruption to their operations. The handling of the SVB crisis serves as an important lesson for the software industry, demonstrating the need for improved approaches to dealing with cyberattacks and data breaches.

T-Mobile discloses second data breach since the start of 2023
Bleeping Computer: In the second time this year, T-Mobile has been hit with another breach. While this incident affected only 836 customers versus the 37 million customers in January, the information exposed is highly extensive and the breach includes personal identifiable information causing potential identity theft. The bad actor gained access to these accounts between late February and March 2023. While T-Mobile claims that their updated security measures alerted them to this breach, it is very concerning that the company continues to be penetrated by hackers.

2 Stats You Should Know

54% CCOs identify data analytics as an area in which they need to enhance their existing compliance team with subject matter experts. (source)

$2.66 million is the average cost savings associated with an IR team and a regularly tested IR plan. (source)

1 More Thing

In case you missed the 2023 RSA: 652 speakers, over 500 exhibits and 400+ sessions later, here’s 3 quick takeaways from last week’s conference, one of the largest security events in the world:

1. AI was the unofficial theme of the week: AI was a highly prominent topic at the conference, with nearly every session mentioning it in some way.
2. Hiddenlayer (based out of Austin, TX) was this year’s RSAC Innovation Sandbox winner.
3. The five most dangerous new attack techniques include:
   a. Living off the cloud
   b. ChatGPT in malware (ransomware) development
   c. Attacks against developers
   d. Generative AI in phishing, social engineering
   e. Malvertising