The past 12 months have been packed with geopolitical incident, global malware threats and ubiquitous big-name data breaches. From the CIA Vault7 and NSA Shadow Brokers leaks at the start of the year, to the WannaCry and NotPetya ‘ransomware’ campaigns, and Uber’s shock revelations just last month, there’s been plenty for UK CISOs to ruminate on. But now the year is nearly at an end, it might be useful to recap some of the biggest themes of 2017 — with an eye on fortifying systems for the 12 months to come. Continue reading →
Consumers and cybersecurity professionals around the world have been stunned by Uber’s revelation that it paid hackers $100,000 to delete data on 57 million users stolen last year. There are many strands to the case, and more details are likely to emerge over time. But fundamentally it highlights the need for firms to secure their cloud environments as rigorously as anything on premise.
The EU General Data Protection Regulation (GDPR) is a lengthy piece of legislation, even by European Commission standards. If nothing else, this drives home just how far-reaching and detailed it is. Yet many organisations currently grappling with compliance find it frustratingly short on some of the most important details. New Trend Micro research has found that confusion over some of the key terms in the legislation could mean many aren’t implementing the right cyber-security technologies to keep them compliant.
Layered security is the only way to ensure maximum threat protection, although we’d also encourage regulators to ease the compliance burden by providing more clarity to organisations. Continue reading →
The latest findings from PwC’s Global State of Information Security Survey 2018are out and they don’t bode well for GDPR compliance. In fact, many UK organisations polled don’t even know how many attacks they suffered last year or how they occurred, while board-level involvement in cybersecurity strategy remains minimal. These findings chime with those of a major piece of Trend Micro research into the forthcoming European data protection regulation.
To overcome these challenges, UK firms need to refocus their efforts around cybersecurity best practice, starting with a layered approach to threat protection blending multiple techniques at endpoint, gateway, datacentre and network levels. Continue reading →