Welcome to December –  we hope you had a restful and enjoyable Thanksgiving holiday.

Here are a few privacy bits and bytes to start your week.

1. ICYMI – 60 Minutes Explains Credit Card Hacking

In preparation for Cyber Monday, 60 Minutes presented a well-researched and interesting story on credit card hacking.   For privacy and security professionals, it may be old news, but as a consciousness-raising and mainstream piece of reporting, it is first-rate. Some points:

  • From the time of intrusion into a system, the average time to detection of the bad guys is a “whopping 229 days.”
  • 80 percent of breaches involve stolen or weak passwords.   The most common — “123456″ (Hey, it meets the minimum requirements of 6 characters!)
  • “Detect it sooner.  Respond sooner.”

See the entire script and video here (or play it for your favorite CEO….).

2.  Sony Pictures Entertainment Hit by Possible Retribution Attack

Reuters reports that Sony Entertainment Pictures has retained Mandiant, a forensics security firm, to investigate and remediate a cyber attack that knocked out the studio’s network a week ago.    The FBI is also reportedly involved in the investigation into the possibility that hackers working on behalf of North Korea may be behind the attack.  The timing coincides with the upcoming release of Sony’s “The Interview,” depicting a CIA plot to assassinate North Korean leader Kim Jong-Un.  The nation’s state-owned outlets have threatened “merciless retaliation” against the U.S. and other nations if the film is released.

The hack also apparently leaked five unreleased Sony films to file-sharing sites.  The studio has confirmed that it is working with law enforcement to track down the leaks.

Read more here at re/code.

3.  The Microsoft Storm – The View from Ireland

Back in August, we wrote about Microsoft’s court battle over production of email data held in its Irish data center.     That battle continues on appeal from a New York court’s refusal to grant Microsoft’s request to quash the U.S. government’s warrant seeking that particular data.   Karlin Lillington, the technology columnist for the Irish Times, writes about the view of this battle from the data’s country of residence — and its potential to influence the future of cloud computing.  Worth a read here.

4.  Hey GC, When’s the Last Time You Spoke with Your CTO or CISO?

One would expect that corporate Chief Information Officers (CIO), Chief Information Security Officers (CISO) and General Counsels/Chief Legal Officers have a lot to talk about these days including data privacy, breach response, network security assessments, e-discovery, BYOD policies and cloud computing security risks. However, a recent Gartner survey of CLOs found that over half of them have conversations with the CIOs no more than once a month.

Take some time to view a free webinar discussing how CIO/CISOs and CLOs can (and should) collaborate to overcome the obstacles to effective cyber risk management including:

  • Risk mitigation options
  • Planning for the best, expecting the worst

See the webinar here.