fbpx

Download free GDPR compliance checklist!

Tag Archives for " cybersecurity "

EBF publishes proposals on Cyber incident reporting

In order to ensure that financial institutions are able to quickly and effectively report cyber incidents without at the same time sacrificing a proper incident management and recovery process, The European Banking Federation (EBF) published its proposals on cyber incident reporting.

In particular EBF makes the following proposals for supervisors and regulators:

  • Establish a central reporting and coordination hub in each Member State;
  • Harmonise reporting thresholds and create a common taxonomy for cyber security incidents;
  • Foster public-private real-time collaboration between regulators, supervisors, law enforcement, financial institutions and other cross-sectoral infrastructure actors;
  • Further involve national CERTs in information sharing;
  • Introduce a regular bi-directional information flow between regulators/ supervisors and the industry.

Full report: EBF position on Cyber incident reporting

Ireland publishes note on data breach trends

Ireland’s Data Protection Commission has published information note on data breach trends from the first year of the General Data Protection Regulation (GDPR).

The total number of breach notifications received by the DPC during that time amounted to 5,818. Of all breach notifications received by the DPC, approximately 4% have been classified a ‘non-breaches’ and did not meet the definition of a personal data breach.

a total of 13% failed to satisfy the requirement of notification to the DPC ‘without undue delay’ (normally within 72 hours), as required under the provisions of GDPR.

Source: Data Breach Trends from the First Year of the GDPR

Security researchers expose new Alexa and Google Home vulnerability

Security researchers with SRLabs have disclosed a new vulnerability affecting both Google and Amazon smart speakers that could allow hackers to eavesdrop on or even phish unsuspecting users.

By uploading a malicious piece of software disguised as an innocuous Alexa Skill or Google Action, the researchers showed how you can get the smart speakers to silently record users, or even ask them for the password to their Google account. There’s no evidence that this vulnerability has been exploited in the real world, however, and SRLabs disclosed their findings to both Amazon and Google before making them public.

Source: Security researchers expose new Alexa and Google Home vulnerability – The Verge

Italy hit by a wave of musical ransomware attacks

The musical ransomware, FTCode, plays German rock music whilst encrypting victims’ files.

Researchers at AppRiver discovered FTCode within malicious email campaigns targeting Italian Officer 365 customers. Victims receive emails containing malicious content posing as invoices, documents scans and resumes.

Source: #Privacy: Italy hit by a wave of musical ransomware attacks

Only 25% of companies disclose data breaches despite GDPR

A high number of businesses in Europe are choosing to not disclose cyber-security breaches to the public, despite the risk of heavy GDPR fines, a new study reports.

Researchers discovered that 75% of cyber-attacks are not published, with many companies indicating that they turn a blind eye to their legal obligations.

According to the research, less than a fifth (19%) of corporations gave official notification of hacks they suffered over the last five years, despite 66% of firms surveyed saying they were aware of their legal obligations under new EU data laws in terms of reporting to their local Data Protection Authority.

Source: #Privacy: 25% of companies disclose data breaches despite in GDPR era

£100 million data breach claim against Equifax

North West based data breach and cybersecurity specialist Hayes Connor Solicitors is the first in the UK to serve a representative data breach claim in the High Court.

The action could see Equifax ordered to pay up to £100 million in compensation to its estimated 15 million UK customers affected by its 2017 data breach.

The action follows the Court of Appeal’s decision on the Lloyd v Google case on 2nd October which ruled that a law firm could bring a claim for compensation for just one affected individual following a data breach and be awarded compensation for the entire affected population.

Source: Hayes Connor issues landmark £100 million data breach claim against Equifax | Business Up North

Cyberattacks cost small companies $200K, putting many out of business

About 43% of cyberattacks are aimed at small businesses. On average, these cost $200,000, putting 60% of these companies out of business in six months.

At the same time, though, 66% of senior decision-makers at small businesses still believe they’re unlikely to be targeted by online criminals. Similarly, 6 in 10 have no digital defense plan in place whatsoever, underscoring the need for heightened industry awareness and education across the board.

Source: Cyberattacks cost small companies $200K, putting many out of business

Remote Simjacking campaigns could disrupt SIM cards in 29 countries

Adaptive Mobile Security has published a new report detailing SimJacker attacks and the number of countries affected. The report identified 29 countries across five continents to which mobile operators ship SIM cards vulnerable to Simjacker attacks.

The countries include Mexico, Dominican Republic, Brazil, Peru, Saudi Arabia, Iraq, Italy, Bulgaria, Nigeria, Ivory Coast and more. Of the 29 countries, customers of a total of 61 mobile operators are currently using vulnerable SIMs with S@T Browser toolkit.

Source: #Privacy: Remote Simjacking campaigns could disrupt SIM cards in 29 countries

Study Finds Rampant Lapses in Securing Access to Sensitive Information

Sila Solutions Group, a North American technology and management consulting firm, in partnership with the Ponemon Institute, a leading research organization on data protection and emerging information technologies, today released the results of The 2019 Study on Privileged Access Security.

70 percent think it likely that privileged users within their organizations are accessing sensitive or confidential data for no discernible business need and more than half expect privilege user abuse to increase in next 12-24 months.

According to respondents, privileged access rights also regularly remain active even after a role change (30 percent). 62 percent of participants felt it likely that their organization assigns privileged access rights that go beyond an individual’s role or responsibilities. This proliferation of access is emphasized with more than 75 percent of respondents having privileged access to three or more IT resources.

Source: Sila and Ponemon Institute Study Finds Rampant Lapses in Securing Access to Sensitive Information

Organisations worldwide failing to adequately protect sensitive data in the cloud, study finds

A new global study from Thales, with research from the Ponemon Institute, has exposed an increasing disparity between the rapid growth of data stored in the cloud and an organisation’s approach to cloud security.

Although nearly half (48%) of corporate data is stored in the cloud, only a third (32%) of organisations admit they employ a security-first approach to data storage in the cloud.

Source: #Privacy: Organisations worldwide failing to adequately protect sensitive data in the cloud, study finds

>