We can all agree that 2020 has been a year we won’t forget anytime soon. Faced with unanticipated challenges, new concerns, and constant adjustments forced by the global pandemic, we were compelled to rethink the ways in which we work, study, and socialize. In many cases, this meant transferring day-to-day activities to an online environment, which pushed organizations of every kind to re-examine their approaches to cybersecurity. A positive note is that these changes presented a prime opportunity to highlight the criticality of cybersecurity and promote increased awareness and best practices. NIST’s cybersecurity experts redoubled their efforts in this area, and our Cybersecurity Insights Blog chronicled many of the highlights along the way. Before closing the door on 2020, we wanted to take a look back at the Top Five posts of the year.
We introduced a new series on the blog in July to begin shedding light on the subject of Differential Privacy. In this series, NIST’s Katie Boeckl and co-authors Joseph Near and David Darais from the University of Vermont examine one of the big challenges in data analysis today: How do we use data to learn about a population without infringing on the privacy of specific individuals? Differential privacy presents several advantages, but it isn’t always easy to access the necessary tools, standards, or best practices to implement it. This series provides basic concepts, use cases, available tools, and technical approaches for IT and privacy professionals.
The Differential Privacy series earned two spots on the blog’s Top Five list this year. In Threat Models for Differential Privacy posted in September, authors Near and Darais explained that the type of adversaries a system is designed to thwart must be considered when developing the system. Both privacy, which comes down to controlling what someone can infer from data, and security, which means controlling who can access the data, must be factored in. The authors described different models of differential privacy – central, local, and hybrid – and outlined their respective advantages and downsides.
September was a very busy month for the Cybersecurity Insights Blog, producing both our fourth and third most read posts of the year. In The Next Generation Security and Privacy Controls—Protecting the Nation’s Critical Assets, NIST’s Ron Ross, Victoria Yan Pillitteri, and Naomi Lefkovitz reviewed the newly unveiled NIST SP 800-53, Revision 5. As they explained, the revision is really a renovation, presenting both structural and technical updates for systematically ensuring the trustworthiness and resilience of critical systems. The authors shared the most significant changes in the revised controls catalog and previewed supplemental materials.
Not surprisingly, our two most read posts this year addressed challenges brought about by the sudden pivot in the spring to working from home. In Telework Security Basics, NIST’s Jeff Greene outlined several simple things we can all do to improve the security of our home working environments. From making sure the Wi-Fi is protected to keeping devices patched and updated, these measures can help prevent increased risk to our organizations and our home networks. The popular post included a short video on telework security basics and links to additional resources.
The top Cybersecurity Insights Blog post of 2020 dealt with a topic many of us became all-too-familiar with over the course of the year: virtual meetings. In Preventing Eavesdropping and Protecting Privacy on Virtual Meetings posted in March, Greene walked us through some basic precautions to help make sure virtual meetings do not create opportunities for data breaches or security incidents. Garnering more than 20 percent of the blog’s “clicks” this year, it clearly answered a demand for information on a timely subject.