Last year, the average UK small business spent 600 hours preparing for the upcoming GDPR. There are concerns that the new data protection regulation will impact productivity, prevent marketing activity, and send businesses grinding to a halt. But it doesn’t have to be this way. The European Commission claims the tougher data protection regulation will be good for business, providing plenty of opportunities. So, as a break from all the fearmongering, here are five good reasons to be cheerful about GDPR. The chances of immediate fines are slim Although the potential fines are daunting, reaching €20 million or 4% of your global annual…
ISBuzz Team
This Wednesday marks the official 1-month countdown to the GDPR enforcement coming into effect. While we have all certainly heard lots about GDPR over the last twelve months, now is certainly the time in which we are all watching to see if companies are really policing data in the way they should to be GDPR compliant. The comment below, from Rufus Grig, CTO at Maintel, explores whether the US is close to its own GDPR moment. Rufus Grig, CTO at Maintel: “With the Facebook/Cambridge Analytica row causing a catastrophic drop in trust, is the US close to its own GDPR moment?…
SunTrust Banks Inc. has revealed that a former employee stolen the personal information of more than a 1.5 million clients. It is thought the individual had access to critical data including customer names, addresses, phone numbers, and certain account balances. Javvad Malik, Security Advocate at AlienVault commented below. Javvad Malik, Security Advocate at AlienVault: “While the focus of many companies is on detecting external threats, companies should not overlook the danger posed by insiders. It is therefore important for companies to have an all-encompassing threat detection and response strategy that can not only alert where external attacks are attempted, but where insiders misuse their legitimate…
The UK has already suffered stealth cyber attacks on more than 80 manufacturing plants, with criminals deploying tactics that could put critical national infrastructure at risk. In an anonymous survey of manufacturers, almost half admitted that they have fallen prey to cyber warfare, according to trade group EEF. IT security experts commented below. Tim Erlin, VP at Tripwire: “It’s important to distinguish between cyberattacks on manufacturers and cyberattacks on industrial control systems. While they may be related, they’re not the same thing. Any organization with connected computer systems may fall victim to cyberattacks across a broad spectrum of technologies, but attacks on…
The GDPR’s “right to erasure,” (53%) “data protection by design and by default,” (42%) and “records of processing activities” (39%) are cited as among the biggest challenges organisations face in achieving compliance. This is according to the GDPR Preparation and Challenges Survey Report from Cloud Security Alliance (CSA), the world’s leading organisation dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing environment. A leader in cloud security and a CSA Corporate Member, Netskope, commissioned CSA to assess the preparedness of organisations across a wide spectrum of industries in terms of their ability to meet the May…
Last year, we saw WannaCry take down the IT and operational technology (OT) systems of organisations across the world in every industry. While the motives behind WannaCry are still the subject of debate, the might and reach of the “ransomworm” attack are indisputable. But, which industry is most likely to fall victim to the next inevitable hacking scheme? Are there some sectors with more apparent threats or risks? And, will black hat criminals employ different tactics depending on the sector they intend to target? Recent events, such as the attack on Syria by Western powers, has spurred concern that Russia’s…
Kaspersky Lab has uncovered infrastructure used by the well-known Russian-speaking APT group Crouching Yeti, also known as Energetic Bear, which includes compromised servers across the world. According to the research, numerous servers in different countries were hit since 2016, sometimes in order to gain access to other resources. Others, including those hosting Russian websites, were used as watering holes. Crouching Yeti is a Russian-speaking advanced persistent threat (APT) group that Kaspersky Lab has been tracking since 2010. It is best known for targeting industrial sectors around the world, with a primary focus on energy facilities, for the main purpose of stealing valuable data…
Following news that the US and UK have issued a joint warning about sustained attacks to critical national infrastructure and internet service providers by Russian government agencies, ex-GCHQ security researcher turned entrepreneur, James Hadley, CEO at Immersive Labs commented below. James Hadley, CEO at Immersive Labs: “The UK is reaching a crucial point where cyber-attacks are constant. However, it still struggles to provide a consistent level of capabilities to repeal attacks on a diverse supply chain, from the bottom upwards. “For instance, the NCSC is one of the best in its field – but, of course, not everyone can be so elite.…
Experts from SANS last night presented the five most dangerous new cyber attack techniques in their annual RSA keynote session in San Francisco, and shared their views on how they work, how they can be stopped or at least slowed, and how businesses and consumers can prepare. The five threats outlined are: Repositories and Cloud Storage Data Leakage Big Data Analytics, De-Anonymization, and Correlation Attackers Monetize Compromised Systems Using Crypto Coin Miners Recognition of Hardware Flaws More Malware and Attacks Disrupting ICS and Utilities Instead of Seeking Profit Repositories and Cloud Storage Data Leakage Ed Skoudis, a top hacker exploits expert, SANS Faculty Fellow and…
In response to the news that a 19-year-old is facing a criminal charge for downloading files from Nova Scotia’s freedom-of-information portal, Aaron Zander, IT Engineer at HackerOne commented below. Aaron Zander, IT Engineer at HackerOne: “There are two issues at hand. The first, a teen was able to possess large swaths of Personally Identifiable Information (PII) that he shouldn’t. He was only able to possess this after Nova Scotia had incorrectly been populating these from an un-redacted database and never thought to check the information itself. They then posted all of these documents on the web publicly for anyone to…
