Insights

Today, we can all finally breathe a little easier as Georgia Governor Nathan Deal vetoed the cybersecurity legislation known as SB 315. Facing mounting pressure from technology firms and researchers, the Governor said there were “concerns regarding national security implications and other potential ramifications” that lead him to veto the bill. "It is my hope that legislators will work with the cybersecurity and law enforcement communities moving forward to develop a comprehensive policy that promotes national security, protects online information, and continues to advance Georgia’s position as a leader in the technology industry." - Deal Georgia Senate Bill 315 would have changed state law defining computer crimes simply as “unauthorized computer access” with a provision to exempt individuals engaged in “active defense measures designed to prevent or detect unauthorized computer access.” The lack of detail in the bill was concerning to many in the cybersecurity field as the exemption could…

Have you got your ticket for BSides ATL yet? If not, hurry before they sell out and come join us at the Kennesaw State University Center this Saturday, May 5th for this great event! Critical Path Security is proud to be an official sponsor of this event for and by information security community members. BSides creates opportunities for individuals to participate in an intimate atmosphere that encourages collaboration with discussions, demos, and interaction from participants. This year's theme is "Standing on the Shoulders of Giants" and will focus on how the success of our predecessors fuels future innovations. Swing by the Critical Path Security booth anytime to check out some cool tech demos, have a conversation about security, or pick up a limited edition gun-wielding-unicorn t-shirt we had made specifically for BSides ATL 2018. Donations to the Electronic Frontier Foundation are appreciated. If you can't find the time to catch…

A glance at any media outlet shows that cyber attacks are more advanced and prevalent than seen in the past. Additionally, it is clear that virtually no company is immune to a cyber incident. Almost all companies and associations collect and store sensitive data, whether it is customer or employee data, intellectual property, or other confidential information. Of the numerous topics covered during recent interviews was the rising costs associated with a cyber incident, which are often quite severe. For example, the costs associated with a data breach may include forensic and investigative activities, business continuity, downtime of business-critical applications, and lawsuits. Did we mention that with the introduction of GDPR, a breach can be absolutely devastating? Yet, none of these will nearly be as impactful as the impact on the organization's reputation. There is no legal action that will absolve a business in the "Court of Public Opinion". If…

Over the years, members of Critical Path Security have engaged wholeheartedly in the practice of responsible disclosure of vulnerabilities. This was highlighted in findings related to Apple, Cisco, and Websense in which our researchers provided vendors with ample time and path of communication to validate findings, develop remediation plans, prior to notifying the public of the flaws. However, despite the objections of the cybersecurity community, the Georgia legislature has passed a bill that would open independent researchers, such as Critical Path Security staff who identify vulnerabilities in computer systems, to prosecution and up to a year in jail. Patrick Kelley, CTO of Critical Path Security, shared the following. “Over the last two decades, I’ve found numerous vulnerabilities in various platforms, many of them used by government agencies and healthcare. In the beginning, when my initial finding of WiredRed was released, I found it necessary to release the finding under a…