Last month the Court of Justice of the European Union (CJEU) issued one of the most significant decisions in the court’s history, invalidating Privacy Shield, an important but relatively obscure agreement used to facilitate the transfer of private customer data between the U.S. and Europe, and also calling into question several privacy-related mechanisms. The decision has left widespread uncertainty and turmoil in its wake, threatening to further damage trans-Atlantic commerce amidst a global pandemic and strengthen Chinese and Russian efforts to push their own model of “privacy.” Now is the time work with our allies on privacy and economic recovery, not to cut off our nose to spite our face.

In June 2020, a software exploit dubbed GoldenSpy was observed targeting corporations doing business in China – the underlying executable file was part of required tax software. Companies were required to install the software to enable payment of local Chinese taxes, and the software’s backdoor enabled command and control of victim systems and remote code execution.

The first half of 2020 has yielded multiple significant developments on ransomware and related disruptive attacks – including new targets and evolving tactics, techniques and procedures (TTPs). These trends require priority attention across all functions with security-related responsibilities. By better understanding these events and their risk implications, our clients and partners can more effectively manage ransomware risk and apply appropriate safeguards.

As the rate of new COVID-19 cases gradually stabilizes across a number of major metropolitan areas, companies are transitioning from risk avoidance to risk acceptance and contemplating how best to return their workforce to the office in a way that balances productivity and duty of care.

To execute a safe and successful transition, it’s paramount that business leaders leverage adaptive thinking and flexible policies that accommodate a broad array of employee and customer needs to protect individuals at greater risk of severe outcomes.

The use of local business partners is as old as global commerce itself. European merchants leveraged middle men across the ancient Silk Road, while the first multinational corporations relied on local resources and manpower for their global operations.

Today, requirements set up by foreign governments often mandate business relationships with native firms in order to guarantee the benefits of resource extraction or technology transfer. In other cases, complex business environments all but necessitate local know-how in order to get things done. But as firms move into emerging and frontier markets, they face increasing challenges on their home turf, especially in areas of compliance and reputation management.

2019 continues to be a year filled with ransomware attacks. One of the key themes at DHS’ 2nd Annual National Cybersecurity Summit was the rapid and overwhelming increase in cyber attacks on businesses and local governments. For example, Verizon’s 2019 Data Breach Investigations Report indicated 24 percent of all instances of malware involved ransomware. Malwarebytes, an internet security company, reported that the detection of ransomware attacks on businesses in 2019’s Q1 increased 195 percent from 2018’S Q4. According to Johns Hopkins University Professor Avi Ruben, many of the recently reported attacks were specifically focused on local governments and municipalities because “they tend to have lower IT budgets than they should.

Last week’s Second Annual National Cybersecurity Summit, hosted by the newly established Cyber and Infrastructure Security Agency (CISA), covered a wide variety of cybersecurity-related topics, including privacy policy, supply chain issues, and international partnerships. But one of the most consistently discussed topics during the summit was the security of 5G networks. It should come as no surprise to anyone in the security space that 5G security would be a hot topic at a DHS-hosted summit, especially considering President Trump’s May Executive Order aimed at preventing Chinese telecommunications companies, such as Huawei, from selling their equipment in the United States.

As several U.S. communities, and the Nation, continue to mourn the loss of innocent lives due to senseless and incomprehensible active shooter incidents—with three of four recent incidents occurring in commercial business environments—it is common for business leaders and their employees to ask “Can this happen in my community or at my office?” The answer is, unfortunately, “Yes.” A natural follow-up question may be “What would we do” and “Are we prepared to respond?” The answers to these questions are not as straight forward and heavily depends on the specific company and what proactive steps, if any, the business has taken to prepare for adverse events.

Last week, The Chertoff Group hosted the Security Series Event “AI, Threat Intelligence, and The Cyber Arms Race” which convened an exclusive group of thought leaders to discuss critical security issues facing the public and private sectors.

Below are key take-aways and trends to watch from the event. Check out the full panel to hear how experts are leveraging AI solutions to prevent, detect, and respond to adversaries attacking our critical infrastructure and the private sector.