Top 5 Must Reads: 8/18/2023

You already know that every day at?InformationWeek?there will be original reporting from our team of journalists and unique commentary you won’t see anywhere else. But in case you missed them, here are some of our favorites from this week:

1. Global Data Protection Laws

Story by?Joao-Pierre Ruth

Key Points:

• With the recent signing of India’s?Digital Personal Data Protection Act, another nation state established rules and guardrails for how it wants organizations to handle the data it collects while also offering citizens some measure of control over the information gathered about them.
• As more countries debate legislation to regulate how data is owned, used, and controlled even by overseas organizations, India’s example may show that data privacy compliance around the world might not be just a carbon copy of GDPR (General Data Protection Regulation).
• Joe Jones, director of research and insights with the International Association of Privacy Professionals, shares some of his perspectives with InformationWeek on the swift passage of the Digital Personal Data Protection law in India and whether it sets a tone for more legislation to come in other nation states.

2. Microsoft's Email Breach

Story by?Shane Snider

Key Points:

• The Department of Homeland Security (DHS) on Thursday said the newly created Cyber Safety Review Board (CSRB) will investigate Microsoft’s July email breach and focus on general risks to cloud computing infrastructure.
• After the breach, Oregon Senator Ron Wyden asked the Federal Trade Commission (FTC), CISA, and the Justice Department to “take action” against Microsoft after the hack. The CSRB is an advisory panel established by the Biden Administration to work under the DHS to investigate major cybersecurity threats and events.
• According to Statista, the US had more than 1.3 million companies using Office 365 as of February 2023. The widespread use of cloud is a growing concern for enterprise IT leaders.

3. Cloud Costs & Considerations

Story by?John Edwards

Key Points:

• What’s not as well known is that there are several fundamental, yet frequently overlooked, approaches that organizations can use to?optimize their cloud costs.?
• Cloud cost optimization should begin by measuring the drivers of cloud spend at a granular level and then providing full visibility to the teams and organizations that are behind the spend, says Tim Potter, principal, technology strategy and cloud engineering with Deloitte Consulting.
• By using these techniques, hidden to many cloud users, it’s possible to trim costs without sacrificing performance or security.

4. Cyber Workforce Needs

Story by?Carrie Pallardy

Key Points:

• Like the preceding cybersecurity initiatives, the?NCWES is sweeping in scope?and requires collaboration across multiple government agencies and throughout the private sector.?
• On a global scale, there is a gap of 3.4 million cybersecurity workers, according to a?2022 report?from the International Information System Security Certification Consortium (ISC)2.?
• The National Science Foundation, National Security Agency, Office of the National Cyber Director (ONCD), National Institute of Standards and Technology (NIST), Department of Labor, Office of Personnel Management, Department of Veterans Affairs, Cybersecurity and Infrastructure Security Agency, and Department of Housing and Urban Development each have a role to play through various partnerships and plans.

5. FCRA Expansion

Story by?Shane Snider

Key Points:

• Agency officials say the effort would expand the number of companies subject to the Fair Credit Reporting Act (FCRA), which governs the privacy of consumer data provided to lenders.
• Adopted in 1970, the FCRA has applied to credit bureaus, medical information companies, and tenant screening services. The agency did not provide a list of companies that would be impacted, but the proposal could have broad implications for an enormous global data and business intelligence industry.
• Also added to FCRA protections would be a ban on the sale of “credit-header data” like a person’s name, address, or Social Security number, for the purpose of targeting advertisements.

Latest Major Tech Layoff Announcements

Original Story by?Jessica C. Davis, Updated by?Brandon J. Taylor

Key Points:

• As COVID drove everyone online, tech companies hired like crazy. Now we are hitting the COVID tech bust as tech giants shed jobs by the thousands.
• Updated Tuesday, August 15, 2023?with layoff announcements from Secureworks ,?Shutterfly, and?Rapid7.
• Check back regularly for updates to our IT job layoffs tracker.

REGISTER NOW:

"Cyber Resiliency 2023: How to Keep IT Operations Running, No Matter What" LIVE webinar on 8/24 - a co-branded presentation between?InformationWeek?&?ITPro Today

On Thursday – August 24, beginning at 11am ET – tune into?our free online webinar featuring?Candy Alexander, CISSP CISM?-?CISO & Cyber Practice Lead?at?NeuEon Inc., and?Christian Hyatt?-?CEO & Co-Founder?at?risk3sixty?as our keynote speakers!

Our panel discussion on 'How to Respond to a Cloud Service Outage' will be lead by?Ben Cook?-?Regional Architect?at?Mandiant (now part of Google Cloud),?Darrius Robinson, CISSP?-?Web App Penetration Tester?at?SecurIT360,?Gautam ‘Gotham’ Sharma?-?CISO & Executive Director, Cybersecurity Education & Training?at?AccessCyber, and?Klaus Haller?- Senior Security Architect at?AXA Switzerland.

This live virtual event will be moderated by?our colleague?Steven Hill.?REGISTER?now at the link above.

"Cyber Resiliency 2023: How to Keep IT Operations Running, No Matter What"

It’s clear that IT needs fewer bells and whistles in cybersecurity and operational alerts, and more business bounce-back from attacks and outages.

Resiliency means your business must be able to take the punches and remain in full operation.?There are plentiful options but no guarantee that any single solution can provide resilience against onslaughts that vary from sudden cloud outages to prolonged ransomware attacks. A layered plan, however, could be just the thing. During this event, we share?what you need to consider.

Topics Include:

• Challenges in Keeping Up With Cyber?Resiliency
• Ransomware Preparedness for Enterprises
• Preparing for Cloud Service Outages

----

Cyber Risk Special Report

Behind the budget dollars allocated to cybersecurity defense and recovery efforts lies the question of where to spend them.

Cyberattacks and other threats to an organization’s ability to do business remain a top concern across all industries. Ransomware tops the list of threats, and it’s just getting worse as the operators succeed in getting more and more ransom payments. But ransomware is not the only threat. Many others come from outside as well as inside the organization and are both man-made and naturally formed. On top of all that comes the long-foretold AI wars – not yet here, but close.

Find Out:?

• Top Threats and Disruptions to Businesses
• Defense Versus Recovery Spending
• Frequency of Testing IR Procedures
• Cybersecurity Staffing
• Cyber Liability Insurance
• Ransom Payments

Against this backdrop companies try to battle and win against an onslaught of attackers.?Don't miss out on this critical research data!

Treasures from the Archives...

Story by?Carrie Pallardy

Key Points:

• Individuals, companies, and governments all have a stake in how data is collected, shared, used, and stored.
• The?acceleration of artificial intelligence?and its availability adds even more complexity to data privacy rights.
• Thought leaders in information privacy research, law, and company leadership weigh in on the biggest data privacy concerns related to AI, how they can be addressed, and the outlook on regulation.

This is just a taste of what’s going on. If you want the whole scoop, then?register for one of our email newsletters,?but only if you’re going to read it.?We want to improve the sustainability of editorial operations, so we don’t want to send you newsletters that are just going to sit there unopened. If you're a subscriber already, please make sure Mimecast and other inbox bouncers know that we’re cool and they should let us through. And if you’re thinking about?subscribing,?then maybe start with the InformationWeek in Review; it only arrives on Fridays.