Microsoft privacy concerns calls for greater emphasis on security measures
Privacy concerns have been raised about Microsoft's new Recall feature, prompting industry experts to advise businesses on protective measures. Shane Maher, Managing Director at Intelliworx, an IT and cybersecurity consultancy, emphasised a three-pronged approach to address these and other privacy issues.
Maher outlined that businesses should establish clear policies regarding the acceptable use of solutions such as Microsoft Recall, with a focus on data protection and user privacy. "These policies should be regularly updated to adapt to evolving threats and regulatory requirements," he advised.
Employee training is also crucial, according to Maher. He suggested that training programmes should ensure all staff members understand the importance of privacy, the risks related to improper use of recall features, and the correct procedures to follow. "Such training should be ongoing and include practical scenarios to reinforce learning," he added.
In addition to these measures, Maher recommended implementing advanced IT solutions, such as encryption, access controls and activity monitoring. "These tools can provide an extra layer of security to ensure that sensitive data remains protected and any misuse can be promptly identified and addressed," he said. Maher believes that combining these measures creates a secure environment, reducing privacy risks.
Separately, the recent Optus class action lawsuit sheds light on an API breach caused by a minor coding error, prompting discussions about the adequacy of security measures and further promoting security leaders to look into their most used solutions. The Australian Communications and Media Authority (ACMA) revealed that while Optus had security measures in place, a code change inadvertently weakened one of these measures, enabling the breach.
Richard Bird, Chief Security Officer at Traceable AI, commented on the incident, highlighting a recurring pattern of neglect in addressing known vulnerabilities. "Failure to remediate or monitor discovered vulnerabilities is a significant issue. It is insufficient to have no monitoring and protection capabilities when technology exists to prevent such problems," Bird remarked.
Patrick Mawyer, Senior Sales Engineer at Traceable AI, echoed Bird's sentiments, stressing the importance of continuous API testing. "Attention should not only be on monitoring and protecting the runtime but also on emphasising Application Security Testing (AST). Continuous testing ensures that APIs remain secure and resilient against potential attacks," Mawyer urged.
As cybersecurity threats evolve, experts underscore the necessity for robust policies, continuous monitoring, and proactive measures to safeguard data integrity and mitigate risks.
Security measures are becoming all the more important as geopolitical tensions continue to rise. Just recently, concerns have been voiced about potential cyber retaliation by Russia following its exclusion from the 2024 Euros. Andy Norton, European Cyber Risk Officer at Armis, highlighted the increased risk of cyberwarfare due to heightened geopolitical tensions.
"In 2016, the World Anti-Doping Agency experienced a cyberattack by Russia in response to a ban preventing its athletes from participating in the Rio Olympics. Similar retaliation should not be ruled out in the wake of Russia's exclusion from the 2024 Euros," Norton noted.
A recent survey indicated that 41% of IT leaders believe the threat of cyberwarfare has increased due to these tensions, compounded by the advent of weaponised AI. Norton warned that Russia could leverage AI to launch multiple cyber assaults swiftly. However, only 27% of IT leaders currently have a cybersecurity strategy in place, despite 56% expressing concern over cyberwarfare.
Norton urged organisations, especially those linked to the Euros, to adopt AI-powered solutions that provide actionable intelligence, enabling them to identify vulnerabilities before they are exploited. "Proactive measures are essential to reduce the risk of disruption," he asserted.