Keeping the eye on the (cybersecurity) ball, the DEA asking to access a password manager, cybersecurity and privacy as two sides of the same coin, and how to be easily fooled by a phishing attack.


Why is it so hard for us to pay attention to cybersecurity? (ZDNet)

Figures in the 2019 Cyber Security Breaches Survey from the UK government suggest: ‘Around a third (32%) of businesses and two in ten charities (22%) report having cyber security breaches or attacks in the last 12 months. As in previous years, this is much higher specifically among medium businesses (60%), large businesses (61%) and high-income charities (52%). Among this 32 per cent of businesses and 22 per cent of charities facing breaches or attacks, the most common types are:

• phishing attacks (identified by 80% of these businesses and 81% of these charities)

• others impersonating an organisation in emails or online (28% of these businesses and 20% of these charities)

• viruses, spyware or malware, including ransomware attacks (27% of these businesses and 18% of these charities).’

Danny Palmer via



What Happened When The DEA Demanded Passwords From LastPass (Forbes)

‘In one case—the first documented government request to any major password manager—the Drug Enforcement Administration (DEA) demanded logins and physical and IP addresses, as well as communications between a user and LogMeIn, the owner of massively popular tool LastPass.’ Thomas Brewster describes what happened next, via



Unintended inferences: The biggest threat to data privacy and cybersecurity (TechRepublic)

‘Considering cybersecurity and privacy two sides of the same coin is a good thing, according to Burt; it’s a trend he feels businesses, in general, should embrace. “From a practical perspective, this means legal and privacy personnel will become more technical, and technical personnel will become more familiar with legal and compliance mandates,” suggests Burt. “The idea of two distinct teams, operating independent of each other, will become a relic of the past.”‘. Michael Kassner via



We invited professional hackers to attack us: Here’s what happened (CNET)

‘Anyone can be hit by a phishing attack, and many consumers are vulnerable to losing thousands of dollars to identity theft scams. Phishing is also expensive for businesses, with the average cost of a data breach resulting from a phishing hack now in excess of $1 million per incident. To learn more about the sophisticated targeting methods used by many attackers, my CBS News colleague Graham Kates and I asked a team of professional hackers to target us with a sustained phishing simulation designed to mimic a real-world attack. We learned that even when you’re prepared for a cyberattack, it’s remarkably easy to be fooled by a determined phisher.’ By Dan Patterson for