The latest findings from PwC’s Global State of Information Security Survey 2018are out and they don’t bode well for GDPR compliance. In fact, many UK organisations polled don’t even know how many attacks they suffered last year or how they occurred, while board-level involvement in cybersecurity strategy remains minimal. These findings chime with those of a major piece of Trend Micro research into the forthcoming European data protection regulation.
To overcome these challenges, UK firms need to refocus their efforts around cybersecurity best practice, starting with a layered approach to threat protection blending multiple techniques at endpoint, gateway, datacentre and network levels. Continue reading →
No organisation is breach-proof: we all know that the odds are stacked too high in the attackers’ favour. However, by following industry best practices we can make it as difficult as possible for hackers, and discourage all but the most determined and well resourced. That’s why it will dismay many in the industry to learn that Equifax knew about the vulnerability that it claims led to a massive breach at the firm this year, all the way back in March. However, it was apparently only fully patched months later once the damage had been done.
Given the scale of the breach, and the fact the firm could have been hit with fines of over $60m under the forthcoming GDPR regime, this should serve as yet another cautionary tale to IT leaders. Best practice security, including effective patch management, is called “best practice” for a reason. Continue reading →
The EU General Data Protection Regulation (GDPR) is one of the most important and far-reaching pieces of legislation ever to come out of Brussels. That’s part of the reason so much has already been written about it. But before you reach GDPR-saturation point, consider new findings from a comprehensive new Trend Micro study which has revealed a worrying lack of leadership from senior executives when it comes to compliance efforts.
More concerning still, three-quarters (73%) of UK IT bosses we spoke to weren’t even aware of the potentially huge fines in store for non-compliance. With a 25 May 2018 deadline fast-approaching, time is running out. Continue reading →
Any IT security professional expecting a quiet summer this year will have been bitterly disappointed. From the global destruction wreaked by NotPetya in June to revelations of a dangerously widespread flaw in the IoT ecosystem the following month, there’s been plenty keep the white hat community busy. Most recently, WikiLeaks has publicised yet another CIA attack tool, this time one designed to capture video from connected cameras. The sheer volume of threats discovered on an almost weekly basis can be mind-boggling. Continue reading →