Over the last few years we have seen a shift in the requirements set out in compliance mandates in an attempt to combat the increasing frequency and severity of data breaches. For example, in February of this year, PCI DSS (the compliance standard aimed at protecting payment card information) best practices were made mandatory. This was in an attempt to ensure that merchants and service providers took action to ensure … Read more
How to Manage Privileged Users for Better Security and Compliance
04.19.2018, IT Security, by
Philip Robinson.
On March 22nd, the city of Atlanta was hit by a very sophisticated “SamSam” ransomware attack that effectively crippled the government and much of the public services in the state. Citizens in the capital are unable to pay their parking fines or for essential services like water. The police are having to switch to paper reports as digital services have been compromised. These effects lasted for at least 6 days … Read more
How CISOs are Adapting to Meet the Rising Threat of a Cyber-Attack
04.02.2018, IT Security, by Philip Robinson.
CISOs are faced with a seemingly impossible task, as cyber-attacks are evolving faster than their ability to improve their defences. A recent survey, carried out by Ankura, shed some light on the way in which corporations are adapting to meet the demands of the evolving threat landscape. The survey involved 30 industry experts from a range of industries, including finance, healthcare, insurance, manufacturing, media, telecommunications and retail. Firstly, the report … Read more
In preparation for the upcoming GDPR regulation, the ICO have commissioned a media campaign to provide valuable information to consumers on what it means for them. Although the details of the campaign are still being ironed out, we know that it will be run in April under the banner “Your Data Matters,” will have a logo, strapline and aim to visually tell a story of data protection. The aim of … Read more
Governments Now Using “Have I Been Pwned” to Check Data Breach Status
03.19.2018, IT Security, by Philip Robinson.
You may be familiar with Troy Hunt’s simple, yet sophisticated, domain monitoring site, Have I Been Pwned (HIBP). The site gives users the opportunity to instantly check whether their personal or company domain has been involved in a data breach incident. It’s a very interesting site, and you might be surprised to learn just how many data breaches your personal information was involved in. I thoroughly recommend you take a … Read more
The term “Risk Assessment” has become a bit of a buzzword that is regularly being used by vendors to confuse, intimidate and fear-sell tools. Risk assessments are quite often misunderstood by organizations looking to improve their overall IT security, and the misinformation circling the web isn’t helping in this regard. With that being said, risk assessments are a vital part of understanding how vulnerable you may or may not be … Read more
A recent study by IT Security giant Sophos, The State of Endpoint Security Today, has revealed some very interesting facts about the devastating effects that ransomware has on organizations around the globe; and, in particular, on companies in the healthcare industry. Some of the key findings included the fact that more than half of the organizations that were surveyed had been affected by a ransomware attack, and on average they … Read more
So many organizations that claim to be able to prepare you for GDPR have been staunchly warning of the risks of non-compliance. Up until recently, we believed this was more of a scaremongering tactic than anything that held any real weight. We’ve all heard the lofty figures that organizations could be fined (up to €20 million or up to 4% of global annual turnover, whichever is higher) but many of … Read more
With all the talk this year being about the introduction of the GDPR, it’s understandable that other compliance mandates take a back seat. One such casualty of this focus is SOX compliance. SOX (or the Sarbanes-Oxley Act) has been around since 2002 and was put into place to protect shareholders and the general public from accounting errors and fraud, as well as improving the disclosure of corporate, enterprise disclosures. Also … Read more
GDPR: Are Companies Concerned About the Consequence of Non-Compliance?
03.05.2018, Compliance, by Philip Robinson.
In a word, yes! As the deadline for GDPR creeps ever closer, companies are becoming increasingly anxious about the potential consequences of non-compliance. Some of their main concerns include fines, reputational damage, job losses and, in some cases, they are concerned that they will go out of business. These concerns are not unfounded. After all, the GDPR is unquestionably the most stringent data privacy regulation the world has seen to … Read more