Any IT security professional expecting a quiet summer this year will have been bitterly disappointed. From the global destruction wreaked by NotPetya in June to revelations of a dangerously widespread flaw in the IoT ecosystem the following month, there’s been plenty keep the white hat community busy. Most recently, WikiLeaks has publicised yet another CIA attack tool, this time one designed to capture video from connected cameras. The sheer volume of threats discovered on an almost weekly basis can be mind-boggling. Continue reading →
The UK government this week introduced its Data Protection Bill, ending months of speculation over just how committed it was to preserving the country’s fast-growing digital economy. If passed, the new legislation will write into UK law the EU General Data Protection Regulation. The good news is, UK IT and business leaders finally have clarity over the future: the GDPR will still apply post-Brexit. The bad news: there’s little more than nine months before the new regulation comes into force.
That’s why we’ve devoted plenty of time to focus on data protection issues at our upcoming CLOUDSEC conference in London next month. It promises to be a must-see event for any IT decision makers still struggling to comply with the sweeping new laws. Continue reading →
It’s difficult to even discuss data breaches today without referencing the European General Data Protection Regulation (GDPR). With less than a year to go, it is a major area of focus for UK IT leaders keen to avoid mandatory breach notifications and potentially astronomical fines. Yet breaches aren’t all about the customer data governed by the GDPR, as HBO found out this week. Hackers have reportedly made off with 1.5TB of data from the US TV network, uploading a script from an upcoming Game of Thrones episode and two full episodes.
It’s a good example of why IP theft-related risk should be just as big a driver of improving cybersecurity as attacks targeting customer data. Fortunately, attendees at this year’s much anticipated CLOUDSEC event will have some great learning opportunities designed to help them bolster defences against just such attacks. Continue reading →
Security experts have for years been urging organisations to adopt a data breach posture of “not if but when”, and to develop and test incident response plans accordingly. With sweeping new EU regulations coming into force early next year, those plans have never been more important. For those CISOs looking for a real-world example of what can happen when things go awry, look no further than the cautionary tale of automobile giant the AA. Continue reading →