A Review of the Best News of the Week on Identity Management & Web Fraud

Say Hello to SASE (Secure Access Service Edge) (Gartner Blog Network, Dec 23 2019)
So by now, most networking folks know about SDWAN. And of course, just when everyone is aware and comfortable with a technology, and it is (relatively) stable with over 25,000 paying customers, and we can start to absorb it…then Boom. Things change. And we are absolutely seeing the market evolve. And the new “thing” is SASE – Secure Access Service Edge, pronounced “sassy”.

Identity access management – An auditor’s view (SC Magazine, Dec 26 2019)
12 Best Practices from an Auditor’s view…

The 2019 State of the Auth Report: Has 2FA Hit Mainstream Yet? (The Duo Blog, Dec 09 2019)
The Study Results Show That 2FA Is Catching On
Awareness in 2FA shot up from 44% of respondents in 2017 to 77% in 2019. That’s a 33% gain over a two year period.

More Users Are Adopting 2FA Security for Protection
In 2017, a mere 28% of respondents were using 2FA compared to 53% in 2019. That is a solid 25% gain in user security.

Filter Out the Noise
Since I started this curated newsletter in June 2017, I’ve clipped ~12,000 articles and narrowed them down into the best 20 per day & best 15 per week. This is my favorite way to cut through all the security marketing and hype. If you’re enjoying it, tell a friend. If you hate it, tell an enemy.
Thanks! – Lucas Samaras

Share today’s post on Twitter Facebook LinkedIn

Airbnb Takes Halting Steps to Protect Its Users (WSJ, Dec 30 2019)
The company faces a question likely to consume the tech industry: How much responsibility should it assume for safety problems on its site? It has taken some recent steps, but former employees say more stringent measures were overruled.

Honoring’ CCPA’s Binding Principles Nationally Won’t Be Easy (Dark Reading, Dec 26 2019)
Even companies with the reach, capital, and innovative capacity of Microsoft or Google will struggle to adhere to the tenets of California’s new consumer privacy law.

The Decade We Learned There’s No Such Thing as Privacy Online (VICE, Dec 31 2019)
And a corrupt U.S. government seems incapable and unwilling to do anything about it.

123456 still a popular password (SC Magazine, Dec 24 2019)
Among the banes of existence for any human living in the 21st century is the need to periodically choose, change and remember numerous passwords, which partly explains why nearly 3 percent of computer users chose 123456 in 2019.

California Consumer Privacy Act: Challenge and Opportunity (SC Magazine, Dec 24 2019)
The California Consumer Privacy Act goes into effect Jan. 1. The act, considered the most comprehensive of any state privacy law, provides consumers with new rights, including a right to transparency about data collection, a right to be forgotten and a right to opt out of having their data sold. Companies impacted include those in the state with more than $25 million in an-nual revenue, those that derive at least half of their revenue from selling customers’ personal information, or those that buy, sell or share data from at least 50,000 consumers, households or devices.

Nepal Arrests 122 Chinese Over Suspected Cyber Scam (SecurityWeek, Dec 27 2019)
More than 100 Chinese nationals in Nepal on tourist visas have been detained over a suspected cyber scam, police said Wednesday, in the country’s largest ever crackdown involving foreigners.

The Decade Big-Money Email Scams Took Over (Wired, Dec 26 2019)
Some email scams feel like they’ve been around almost as long as email itself. But the grifts have evolved significantly over the last decade, as scammers have learned that they can extract much bigger payouts from big businesses than lone victims. They’ve tallied billions of dollars in the last few years alone. In the 2020s, it’s only going to get worse.

Fraud in the New Decade (Dark Reading, Dec 30 2019)
Like any enterprise that wants to survive, fraudsters and hackers will continue to build on past successes to fuel future growth

4 authentication use cases: Which protocol to use? (CSO Online, Dec 05 2019)
Choosing the wrong authentication protocol could undermine security and limit future expansion. These are the recommended protocols for common use cases.