Curated advice, guidance, learning and trends in cybersecurity and privacy, as chosen by our consultants.

Say it again, I double dare you

Anyone familiar with phishing and social engineering will know scammers often use psychological tricks to get victims to divulge personal data. Now, a new study from the University of East Anglia has uncovered a fresh twist: ask them twice. Repetition can lead people to over-disclose information, that could then put them at risk of identity theft and cybercrime. First published in the Journal of Cybersecurity, the research aims to understand the ‘privacy paradox’, where people share information without protecting it from others who don’t need to see it.

The research combined an initial lab study of 27 people with a subsequent study online of 132 participants. The first study showed that asking for real personal data led to increased information disclosure when the same people were asked again. The second study repeated this effect and found no change in people’s associated concerns about their privacy. The researchers said that understanding why people disclose personal information could help influence ways of addressing the problem. This knowledge could also help security professionals with developing or updating security awareness programmes.

Irish Data protection and privacy newsround

Recent weeks have seen privacy regulators stampede towards clamping down on artificial intelligence tools like ChatGPT (does that make it a banned-wagon?). Ireland’s Data Protection Commission, however, is holding its horses. Commissioner Helen Dixon warned against rushing into bans, telling a conference that large language models need to be regulated but first understood. Chatbot crackdowns are not the answer. “I think it’s early days, but it’s time to be having those conversations now rather than rushing into prohibitions that really aren’t going to stand up,” she said.

In other data protection news, the EU has named 19 online platforms, which will fall under the upcoming Digital Services Act. The regulation comes into effect from next August 25th and will affect very large platforms with more than 45 million monthly active users across the bloc. This figure corresponds to 10 per cent of the EU population. The list includes familiar names including Facebook, Instagram, TikTok, and Twitter.

The European Data Protection Board (EDPB) has published its annual report. It rounds up initiatives undertaken over the past year, including consultations, binding decisions and cooperation activities.

Links we liked

Security tips that aren’t just for Christmas: Europol’s cyber advent calendar. MORE

Rowenna Fielding’s excellent primer on rights and freedoms for data privacy. MORE

Threat Prompt newsletter covers the intersection between AI and infosec. MORE

MITRE ATT&CK, the knowledge base of adversary tactics, hits version 13. MORE

The National Cyber Security Index ranks countries’ cyber threat readiness. MORE

How public agencies can manage mobile devices: a guide from Ireland’s NCSC. MORE

Working in the transportation sector? This ENISA report covers key threats. MORE

Are women better able to handle stressful situations in cybersecurity? MORE

Kevin Beaumont covers a recent ransomware response that went badly awry. MORE

Good advice for family members who may be getting deluged with spam calls. MORE

The draft EU Cyber Solidarity Act aims to improve security in Member States. MORE

Have you signed up to our monthly newsletter? Every month we send out the latest cybersecurity and data protection news, trends and advice from around the globe.

Sign up here

About the Author: admin

Let’s Talk

Please leave your contact details and a member of our team will be in touch shortly.

"*" indicates required fields