Download free GDPR compliance checklist!

Tag Archives for " report "

Companies lagging in GDPR compliance

New survey finds that many companies in the U.S. and abroad have greeted last year’s implementation of the European Union’s landmark privacy regulation with a resounding lack of urgency.

An average of one out of four companies in every country reported having a low degree of confidence in their readiness to respond to a data breach covered by GDPR. That’s according to a survey of more than 1,200 organizations in the U.S., Europe, China and Japan.

Source: Companies lagging in GDPR compliance, survey finds – New England In-House

EU releases progress report on draft ePrivacy Regulation

The Committee of the Permanent Representatives of the Governments of the Member States to the European Union (Coreper) on November 27, 2019, released its progress report on the draft ePrivacy Regulation.

The report outlines the main elements discussed in the Working Party’s meetings on Telecommunications and Information Society (‘WP TELE’) during the second half of 2019, such as

  • the protection of terminal equipment information, with specific reference to the issue of conditional access to websites’ content,
  • the processing activities that is necessary to provide the electronic communications service,
  • data retention issues,
  • the way the Draft ePrivacy Regulation would interact with new technologies, such as machine-to-machine and Internet of Things services. 

The report also highlights that the Coreper did not support the last draft ePrivacy Regulation, as presented by the Presidency of the Council of the European Union.

Cybersecurity trend predictions for 2020

If there’s one thing we learnt in 2019, it’s that attacks are not only rising in numbers, but also in complexity and persistence.

Thanks to increasingly sophisticated technology, cyber security is quickly becoming a fast-evolving game of wits — one where defenders will need to dramatically step up their security game if they are to outmanoeuvre hackers at every turn.

Full article: #Privacy: Cybersecurity trend predictions for 2020

Less than half of US businesses are ready for CCPA compliance

The survey, conducted by Osterman Research, Inc., revealed the current state of security team preparedness and critical gaps in compliance with the California Consumer Protection Act (CCPA) before it comes into effect on 1st January 2020.

Key findings include only 15% of organisations report having a mature approach to data privacy, more than half (59%) have yet to allocate budget to CCPA compliance, and 58% are currently using or will look to implement machine learning-driven systems to improve manual processes for data security.

Source: #Privacy: Less than half of US businesses are ready for CCPA compliance

Ransomware increases 74.23% year on year

New research by Bitdefender identifies a significant rise in ransomware this year, in comparison to 2018.

In its Mid-Year Threat Landscape Report, researchers noted that since the fall of GrandCrab earlier this year, many spinoff ransomware families have filled the gap.

The top three threats facing business and consumers included coin-mining malware, commonly used in cryptojacking campaigns, exploits leveraging unpatched or previously known vulnerabilities and fireless attacks and banking trojans.

Source: #Privacy: Ransomware increases 74.23% year on year

Over 100K malicious sites using valid certificates

New research has uncovered suspicious retail look-alike domains using valid certificates.

Research conducted by Venafi, analysed suspicious domains targeting 20 major retailers in the US, UK, France, Germany and Australia. Over 100,000 lookalike domains using valid TLS certificates, to appear safe and trustworthy, were identified.

Source: #Privacy: Over 100K malicious sites using valid certificates

Most organisations still misunderstand cloud security

A report based on a survey of over 700 respondents from the United States, Canada and UK, foundthat 60% of respondents misunderstand the shared responsibility model for cloud security and incorrectly believe the cloud provider is responsible for securing privileged access.

Furthermore, 68% of organisations are not employing a common security model or enforcing least privilege access to reduce risk, and the majority list security as their main challenge with cloud migrations.

Source: #Privacy: Most organisations still misunderstand cloud security, report reveals

Tech and mobile companies want to monetise your data … but are scared of GDPR 

The vast majority of technology, media and telecom (TMT) companies want to monetise customer data, but are concerned about regulations such as Europe’s GDPR, according to research from law firm Simmons & Simmons.

It found that 78 per cent of companies have some form of data commercialisation in place but only 20 per cent have an overarching plan for its use.

Survey also revealed that 53 per cent of TMT companies think they need to improve their understanding of data privacy regulation. Meanwhile, just 31 per cent of respondents said they had updated their communication to customers on data collection and use in the last two years – despite a number offering financial incentives and offering a more personalised service to incentivise data sharing.

Source: Tech and mobile companies want to monetise your data … but are scared of GDPR • The Register

Study reveals 2019’s darkest cyber-threats

Webroot has released its third annual Nastiest Malware list, shedding light on 2019’s worst cybersecurity threats.

From ransomware strains and crypto-mining campaigns that delivered the most attack payloads to phishing attacks that wreaked the most havoc, it’s clear that cyber threats across the board are becoming more advanced and difficult to detect.

Full article: #Privacy: Study reveals 2019’s darkest cyber-threats

Ireland publishes note on data breach trends

Ireland’s Data Protection Commission has published information note on data breach trends from the first year of the General Data Protection Regulation (GDPR).

The total number of breach notifications received by the DPC during that time amounted to 5,818. Of all breach notifications received by the DPC, approximately 4% have been classified a ‘non-breaches’ and did not meet the definition of a personal data breach.

a total of 13% failed to satisfy the requirement of notification to the DPC ‘without undue delay’ (normally within 72 hours), as required under the provisions of GDPR.

Source: Data Breach Trends from the First Year of the GDPR