fbpx

Free tools and resources for Data Protection Officers!

Tag Archives for " cybersecurity "

Hackers are stealing personal medical data to impersonate your doctor

While personally identifiable information — full names, social security numbers, home addresses, dates of birth, credit card numbers — can be exploited by criminals to commit identity fraud, the theft of medical information can have equally serious impact on victims.

How hackers exploit medical data? Administrative paperwork — like medical licenses — to forge a doctor’s identity sells on the dark web for around $500.  Insurance provider’s login information can be used to steal victim’s identity to claim insurance. Forging health insurance cards, prescriptions, and drug labels with an intention to carry drugs through the airport. Using hacked personal health information against individuals who have health issues for extortion and other crimes.

Source: Hackers are stealing personal medical data to impersonate your doctor

Germany mulls giving end-to-end chat app encryption

Government officials in Germany are reportedly mulling a law to force chat app providers to hand over end-to-end encrypted conversations in plain text on demand.

Ministry of the Interior wants a new set of rules that would require operators of services like WhatsApp, Signal, Apple iMessage, and Telegram to cough up plain-text records of people’s private enciphered chats to authorities that obtain a court order.

Source: Germany mulls giving end-to-end chat app encryption das boot: Law requiring decrypted plain-text is in the works • The Register

Vulnerability versus incident

The news is filled with stories nearly every day of things going awry in technical systems: security, privacy, abuse, ethics and more.

Yet one of the most important distinctions — the difference between a vulnerability and an incident — is often overlooked. In short, a vulnerability holds the potential for harm; an incident is where harm has occurred.

Full article: Tech talk: Vulnerability versus incident

Employees are almost as dangerous to business security as hackers and cybercriminals

Non-malicious insiders are among the top three threat actors, according to an ISACA report. Employee mistakes and system errors are a larger threat to data security than hackers or insiders, one report found, while 75% of IT professionals say they are vulnerable to insider threats, another survey said.

Top three threat actors to businesses:

  1. Cybercriminals (32%)
  2. Hackers (23%)
  3. Non-malicious insiders (15%)

Source: Employees are almost as dangerous to business security as hackers and cybercriminals

NCSC publishes new guidance and security paper now available

UK’s National Cyber Security Centre (NCSC) has published two new items of security architecture guidance, to help designers of computer systems and networks learn from NCSC experiences.

First is a set of design principles. Second is a set of 6 security architecture ‘anti-patterns’.

Source: National Cyber Security Centre

Big Tech condemn GCHQ proposal to listen in on encrypted chats

An international coalition of civic society organizations, security and policy experts and tech companies — including Apple, Google, Microsoft and WhatsApp — has penned a critical slap-down to a surveillance proposal made last year by the UK’s intelligence agency, warning it would undermine trust and security and threaten fundamental rights.

GCHQ’s idea for a so-called ‘ghost protocol’ would be for state intelligence or law enforcement agencies to be invisibly CC’d by service providers into encrypted communications — on what’s billed as targeted, government authorized basis.

If implemented, it will undermine the authentication process, introduce potential unintentional vulnerabilities, and increase risks that communications systems could be abused or misused. Users won’t be able to trust that their communications are secure, thereby posing threats to fundamental human rights, including privacy and free expression.

Source: Apple, Google, Microsoft, WhatsApp sign open letter condemning GCHQ proposal to listen in on encrypted chats | TechCrunch

ENISA publishes report on Industry 4.0 Cybersecurity

The EU Agency for Cybersecurity ENISA is stepping up its efforts to foster cybersecurity for Industry 4.0 by publishing a new paper on ‘Challenges and Recommendations for Industry 4.0 Cybersecurity’.

ENISA lists high-level recommendations in order to facilitate the promotion and wider take-up of Industry 4.0 and relevant innovations in a secure manner. The recommendations are addressed to different key stakeholders groups.

Full report: Industry 4.0 – Cybersecurity Challenges and Recommendations

 

GDPR: Europe Counts 65,000 Data Breach Notifications So Far

European privacy authorities have received nearly 65,000 data breach notifications since the EU’s General Data Protection Regulation went into full effect in May 2018.

In addition, regulators in 11 European countries have imposed almost €56 million in General Data Protection Regulation fines. Though biggest part of it comes from Google €50 million GDPR fine.

Source: GDPR: Europe Counts 65,000 Data Breach Notifications So Far

Companies’ Stock Value Dropped 7.5% after Data Breaches

After analyzing the top three breaches from the past three years, Bitglass found that in the aftermath of a data breach, a decrease in stock price was a notable repercussion identifiable for publicly traded companies.

Research also showed that these breaches have cost an average of $347 million in legal fees, penalties and remediation costs. “Marriott uncovered the breach while seeking GDPR compliance; the company is now being fined $912 million under the regulation,” the report said.

Source: Companies’ Stock Value Dropped 7.5% after Data Breaches – Infosecurity Magazine

Trump declares national emergency over IT threats

President Donald Trump has declared a national emergency to protect US computer networks from “foreign adversaries”.

He signed an executive order which effectively bars US companies from using foreign telecoms believed to pose national security risks.

Source: Trump declares national emergency over IT threats – BBC News

>