fbpx

Free tools and resources for Data Protection Officers!

Category Archives for "Security"

Vulnerability versus incident

The news is filled with stories nearly every day of things going awry in technical systems: security, privacy, abuse, ethics and more.

Yet one of the most important distinctions — the difference between a vulnerability and an incident — is often overlooked. In short, a vulnerability holds the potential for harm; an incident is where harm has occurred.

Full article: Tech talk: Vulnerability versus incident

Employees are almost as dangerous to business security as hackers and cybercriminals

Non-malicious insiders are among the top three threat actors, according to an ISACA report. Employee mistakes and system errors are a larger threat to data security than hackers or insiders, one report found, while 75% of IT professionals say they are vulnerable to insider threats, another survey said.

Top three threat actors to businesses:

  1. Cybercriminals (32%)
  2. Hackers (23%)
  3. Non-malicious insiders (15%)

Source: Employees are almost as dangerous to business security as hackers and cybercriminals

NCSC publishes new guidance and security paper now available

UK’s National Cyber Security Centre (NCSC) has published two new items of security architecture guidance, to help designers of computer systems and networks learn from NCSC experiences.

First is a set of design principles. Second is a set of 6 security architecture ‘anti-patterns’.

Source: National Cyber Security Centre

Big Tech condemn GCHQ proposal to listen in on encrypted chats

An international coalition of civic society organizations, security and policy experts and tech companies — including Apple, Google, Microsoft and WhatsApp — has penned a critical slap-down to a surveillance proposal made last year by the UK’s intelligence agency, warning it would undermine trust and security and threaten fundamental rights.

GCHQ’s idea for a so-called ‘ghost protocol’ would be for state intelligence or law enforcement agencies to be invisibly CC’d by service providers into encrypted communications — on what’s billed as targeted, government authorized basis.

If implemented, it will undermine the authentication process, introduce potential unintentional vulnerabilities, and increase risks that communications systems could be abused or misused. Users won’t be able to trust that their communications are secure, thereby posing threats to fundamental human rights, including privacy and free expression.

Source: Apple, Google, Microsoft, WhatsApp sign open letter condemning GCHQ proposal to listen in on encrypted chats | TechCrunch

ENISA publishes report on Industry 4.0 Cybersecurity

The EU Agency for Cybersecurity ENISA is stepping up its efforts to foster cybersecurity for Industry 4.0 by publishing a new paper on ‘Challenges and Recommendations for Industry 4.0 Cybersecurity’.

ENISA lists high-level recommendations in order to facilitate the promotion and wider take-up of Industry 4.0 and relevant innovations in a secure manner. The recommendations are addressed to different key stakeholders groups.

Full report: Industry 4.0 – Cybersecurity Challenges and Recommendations

 

Only 0.25% of reported data breach cases fined under GDPR

Data requested by digi.me shows that of 11,468 data breach cases closed by the Information Commissioner’s Office (ICO) since GDPR’s implementation, only 29 have resulted in financial penalties. That makes a penalty rate of just 0.25 per cent.

The data also revealed that 37,798 data protection concerns have been raised by members of the public since 25 May 2018. This figure is nearly three times the number of actual data breach cases investigated by the ICO during this same period (12,854).

Source: Digi.me investigation reveals only 0.25pc of reported data breach cases fined under GDPR – digi.me

GDPR: Europe Counts 65,000 Data Breach Notifications So Far

European privacy authorities have received nearly 65,000 data breach notifications since the EU’s General Data Protection Regulation went into full effect in May 2018.

In addition, regulators in 11 European countries have imposed almost €56 million in General Data Protection Regulation fines. Though biggest part of it comes from Google €50 million GDPR fine.

Source: GDPR: Europe Counts 65,000 Data Breach Notifications So Far

Companies’ Stock Value Dropped 7.5% after Data Breaches

After analyzing the top three breaches from the past three years, Bitglass found that in the aftermath of a data breach, a decrease in stock price was a notable repercussion identifiable for publicly traded companies.

Research also showed that these breaches have cost an average of $347 million in legal fees, penalties and remediation costs. “Marriott uncovered the breach while seeking GDPR compliance; the company is now being fined $912 million under the regulation,” the report said.

Source: Companies’ Stock Value Dropped 7.5% after Data Breaches – Infosecurity Magazine

Irish data watchdog examining WhatsApp security flaw

Ireland’s data protection watchdog – the Irish Data Protection Commission- said it was “actively engaging” with WhatsApp’s Irish division to determine if EU user data had been impacted.

But because WhatsApp is still investigating whether any EU data was affected as a result of the flaw, the company has not notified the watchdog of the breach under the bloc’s stringent GDPR regulations. The commission therefore has not yet launched a formal investigation into the vulnerability.

Source: Irish data watchdog examining WhatsApp security flaw

Trump declares national emergency over IT threats

President Donald Trump has declared a national emergency to protect US computer networks from “foreign adversaries”.

He signed an executive order which effectively bars US companies from using foreign telecoms believed to pose national security risks.

Source: Trump declares national emergency over IT threats – BBC News

>