Security Central: Verizon Proves Vulnerable, Apple Plays Nice with China
When it comes to organizations protecting their customers' data, it takes a village and requires a colossal amount of effort. Put simply, it ain't easy. On top of that, an organization is only as secure as its most vulnerable partner. Unfortunately for Verizon, they rather 'stepped in it' with that one this week.
When it comes to organizations protecting their customers’ data, it takes a village and requires a colossal amount of effort. Put simply, it ain’t easy. On top of that, an organization is only as secure as its most vulnerable partner. Unfortunately for Verizon, they rather ‘stepped in it’ with that one this week. According to USA Today, the names, addresses and phone numbers of 14 million Verizon customers were publicly exposed by one of the company’s software vendors, NICE Systems, via an unprotected Amazon S3 storage server.
NICE Systems was using Amazon’s S3 cloud platform to store “customer call data” from various telelcom providers, Verizon included. According to a statement released by NICE, this was “limited information for a specific project” for “a business that NICE divested several years ago and no longer has anything to do with[…]”
“There has been no loss or theft of Verizon or Verizon customer information,” Verizon spokesman David Samberg said.
Consumer rights group Public Knowledge called on the Federal Communications Commission to investigate.
“Telecommunications companies have a duty to protect the personal information of their subscribers. This includes ensuring that their employees, contractors, and business partners take appropriate security measures when they handle sensitive customer data,” Yosef Getachew, policy fellow at Public Knowledge said in a statement. Certainly something to keep in mind when advising customers.
Where politics and cybersecurity mix, especially as of late, there have certainly been a fair number of heads scratched, eyes rolled and shoulders shrugged. But a recent announcement by President Trump left folks, as one can imagine, utterly perplexed.
President Trump proposed creating a “cyber security unit” with… wait for it… Russia. Did I just hear a collective face palm? Trump retracted the proposal pretty much immediately after the idea was shot down by literally almost everyone, including members of his own GOP party.
According to Ars Technica, Trump met with Vladimir Putin on Friday and stated on Sunday that they had discussed building “an impenetrable Cyber Security unit” to address issues such as election meddling. Yep. You read that right.
“It’s not the dumbest idea I have ever heard, but it’s pretty close,” Senator Lindsey Graham, a Republican of South Carolina, said of the plan. Senate Republican Marco Rubio also jumped in on the action, tweeting that “partnering with Putin on a ‘Cyber Security Unit’ is akin to partnering with [Syrian President Bashar] Assad on a ‘Chemical Weapons Unit.”
Apparently, Trump and Putin had put their heads together at a meeting during a Group of 20 nations summit in Germany to partner on a joint “cyber unit to make sure that there was absolutely no interference whatsoever, that they would work on cyber security together.”
However, the following Sunday, it was evident that the plan had been struck down. President Trump, of course, took to Twitter, saying that the deal was off. “The fact that President Putin and I discussed a Cyber Security unit doesn’t mean I think it can happen. It can’t… ,” Trump said.
The laughable “cyber security unit” developments come at an interesting time as the investigations into whether or not Russia was tied to the interference in the US election back in November continues. On Sunday, President Trump stated that he had “strongly pressed President Putin twice about Russian meddling in our election. [Putin] vehemently denied it.” Trump has also denied any campaign or political scheming with Russia.
Our last story takes a look back at the new, tougher cybersecurity laws that China put in place last month. On Wednesday, Apple Inc announced that it is setting up its first data center in China, in partnership with a local internet services company, to comply with the new beefed up cyber-security laws (as reported by Reuters).
Apple said it will build the center in the southern province of Guizhou with data management firm Guizhou-Cloud Big Data Industry Co Ltd. An Apple spokesman in Shanghai told Reuters that the data center is part of a planned $1 billion investment into the province.
“The addition of this data center will allow us to improve the speed and reliability of our products and services while also complying with newly passed regulations,” Apple told Reuters in a statement. “These regulations require cloud services be operated by Chinese companies so we’re partnering with GCBD to offer iCloud.”
Apple is the first foreign firm to announce amendments to its data storage for China to fit the new cybersecurity law, which requires foreign firms to store data within the country. Overseas businesses have balked at the new law, saying that its strict data surveillance and storage requirements are overly vague, and that they slow down/hinder processes and business dealings with with excessive compliance risks and threatening proprietary data.
Experts say that the law was not designed to put foreign firms at a disadvantage, but was put in place due to the threat of cyber-attacks. Apple has also stated that it has strong data privacy and security protections in place. “No backdoors will be created into any of our systems,” it said.
Will more companies follow Apple’s lead? Stay tuned!
The views expressed in this column do not necessarily reflect the views of Penton Media or The VAR Guy editorial staff.