Tech News Thursday is upon us again!
This weeks news article is in regards to our previous articles on data breaches, vulnerabilities within systems, inception and mitigating the risk of a breach.
Why is this to be discussed?
Well, take a deep dive into this news article by Tobias Mann for The Register to understand why this is such an important issue to be discussed:
Nearly every AMD CPU since 2017 vulnerable to Inception bug • The Register
In the article, it is discussed that ‘stealing sensitive data from a running vulnerable machine‘ and ‘manipulating a person’s dreams to achieve a desired outcome in the real world‘ can be effectively executed by a vulnerable machine.
So, what does this mean for organisations?
The simple answer is that company misuse of data, which is essentially the misuse of information for which it wasn’t intended to be used, is a negligent act.
In order for a major data breach within an organisation on a vulnerable machine to occur, it only takes an individual (internal or external) to be able to gain access to the machine before being able to start their breach or theft, as seen in Northern Ireland’s Police Force Data Breach situation that was previously discussed.
It is indeed the security teams’ responsibility to prohibit one from illegally gaining access to such sensitive and vulnerable data; yet, one could also argue that it is up to the organisations’ decision-makers to choose who has direct access to sensitive data (building a hierarchy within the data information being shared).
That being said, do you think the power to control (and have access to) key data should only be distributed to those who are ensuring its safety, such as the technical team, HR, or the ruling bodies of the organisation?
Let’s discuss your thoughts.