GDPR

Security is now a board level issue: how to secure the data supply chain

It has never been more crucial for businesses to implement and demonstrate their commitment to cybersecurity; with data increasingly being used to make significant business decisions. While historically, the major concerns for senior management around IT security have focused on intellectual property theft and reputational risk, ongoing changes in technology and politics have changed today’s business…


It has never been more crucial for businesses to implement and demonstrate their commitment to cybersecurity; with data increasingly being used to make significant business decisions. 

While historically, the major concerns for senior management around IT security have focused on intellectual property theft and reputational risk, ongoing changes in technology and politics have changed today’s business landscape and priorities significantly. With GDPR now in full force, organisations must demonstrate to stakeholders that they are making a credible effort to ensure that security is built into the heart of business operations. 

IT security budgets are falling

  • Half of organizations lack the security talent needed to remain secure
  • Empowering CISOs to strengthen password security
  • Vulnerabilities in the data supply chain

    Organisations must first understand what potential vulnerabilities look like within a data supply chain, so they can be recognised and mitigated. As cyberattacks increase in sophistication, they are likely to be so subtle that they don’t visibly impact a system; providing misleading information to force erroneous decisions. Ironically, whilst this type of attack will be very difficult to detect, early identification is vital in order to prevent significant damage.

    The first

    Read More

    Be the first to write a comment.

    Leave a Reply

    GDPR

    The 10 data privacy fails of the decade – and what we learnt from them

    Today marks one of the most important days in the calendar for professionals in data  – Data Privacy Day! As we enter the 2020s, let’s take a look back over the data privacy fails that shaped the previous decade – and what we learnt from them –  so we can ensure the next 10 years are…

    Today marks one of the most important days in the calendar for professionals in data  – Data Privacy Day! 

    As we enter the 2020s, let’s take a look back over the data privacy fails that shaped the previous decade – and what we learnt from them –  so we can ensure the next 10 years are remembered for championing greatness in data privacy, and produce a decade of privacy wins.

    1. Data privacy fails happened in the most unexpected of places…

    Imagine buying an app-controlled, Bluetooth connected vibrator to spice up your love life for when your partner isn’t in town. It’s all fun and games until you discover your partner hasn’t been controlling it…it’s actually been hacked by a total stranger. 

    Believe it or not, this actually happened in 2016, when it was discovered that anyone with a Bluetooth connection could hijack certain sex toys and control them because of their total lack of security protection. 

    And if that’s not off-putting enough, it turned out the company was collecting and storing personal data gathered by the vibrator’s app – without their users’ consent. The app tracked the toys’ temperature and vibration intensity when paired with it – so essentially, the company ended up with large data files that detailed the exact sexual stimulation requirements of their customers. 

    There is definitely such a thing as too much information…

    Vibrators are not the only unusual objects that were hacked over this past decade. In 2017, cybercriminals managed to hack into a casino in North America through its internet-connected fish tank!

    The aquarium in the lobby was fitted with a smart thermometer to regulate the tank’s temperate. It was through this device that the hackers were able to exploit a vulnerability and get a foothold in the network. Once there, they managed to access the high-roller database of gamblers and pull it back across the network, out the thermostat, and up into the cloud. You could say, they went fishing…

    What have we learnt?

    People should be able to buy things as personal as vibrators and as innocuous as fish tanks in safety. It’s simply astonishing that a vibrator was left so insecure when the risk of assault was so obvious. And it was even worse that the company was behaving so invasively as to capture such personal data without consent. While you could argue that the casino should have known better than to put a smart fish tank inside its security perimeter, the risk of exploiting a vulnerability to gain access to other systems has been well known for years, and the fish tank manufacturer simply should not have put its clients at such risk.

    As the Internet of Things continues to grow, more devices will begin to come online, and these devices will come in many shapes and sizes. It’s crucial that the manufacturers of these devices follow a Privacy by Design model, and ensure that privacy and security are baked into products right from the start of the development lifecycle – not tacked on at the end. It’s far less hassle to think about data privacy at the beginning, and work it into a product, than to fix security flaws later down the line – if that’s even possible.

    The adoption of IoT technology means cybercriminals can be more imaginative with their cybersecurity attacks, and these incidents are compelling reminders that the IoT devices are vulnerable to being hacked or compromised. The problem often occurs when manufacturers focus solely on the performance and usability of IoT devices, and ignore security measures and encryption mechanisms. Simple cybersecurity protocols such as authentication through OAuth, secure storage, penetration tests, and regular audits should be standard for internet-connected devices.

    It’s also important for consumers to remember that any object, no matter how innocuous, that can connect to the internet has the potential to get hacked. Be vigilant, keep your operating systems and software up-to-date, use strong passwords, and if at all possible keep internet of things devices separated from important data..

    2. The data privacy fail that stopped Harry from having his surname on his schoolbook…  

    No-one wants to lose their identity, but an overenthusiastic reading of the GDPR in 2019 nearly led to just that. A primary school banned the use of children’s surnames on textbooks, in order to comply with (their perception of) GDPR regulations.

    The bizarre situation led to a young boy, known as Harry Szlatoszlavek, being labelled as ‘Harry2’ by his classmates. ‘Harry2’ even received a Christmas card from another boy which read: ‘To Harry2 from Jack2.’,

    Read More

    Continue Reading
    GDPR

    The evolution of data privacy

    As we enter the new decade, data privacy has become a top business priority. The nonstop revelations about social media data usage, the introduction of new legislation such as the GDPR and the California Consumer Privacy Act (CCPA), and a more alert consumer base change how companies have to manage their data. Data Privacy Day…

    As we enter the new decade, data privacy has become a top business priority. The nonstop revelations about social media data usage, the introduction of new legislation such as the GDPR and the California Consumer Privacy Act (CCPA), and a more alert consumer base change how companies have to manage their data. Data Privacy Day reminds us that data security is evolving. We continue to face new data privacy challenges, so it is an ideal time to understand the trends and prepare for the future.

    About the author

    Stephen Manley, Chief Technologist, Druva.

    Begin with fighting ransomware

    All businesses, regardless of size and scale, are responsible for protecting customer data. However, with the increasing volume of valuable and sensitive data that will be generated and stored, ransomware has greater incentive and opportunity to attack unprepared organisations. Attackers have already begun to focus on corporate and government attacks with malware, rather than broad consumer attacks because the payoff is easier and larger. Furthermore, the opportunity is so large that cyber-attackers’ Ransomware as a Service has made virtually anybody in the world a threat.

    Despite t

    Read More

    Continue Reading
    GDPR

    Radiohead launches online ‘public library’ so you can stream their rare stuff

    Radiohead has launched a “public library” online and yes, you can get a library card. The legendary English band unveiled the Radiohead Public Library on Monday, an online archive of Radiohead’s back catalogue in one place, with links to either buy or stream via Spotify and Apple Music, along with videos and out-of-print merchandise. Fans…

    Radiohead has launched a “public library” online and yes, you can get a library card.

    The legendary English band unveiled the Radiohead Public Library on Monday, an online archive of Radiohead’s back catalogue in one place, with links to either buy or stream via Spotify and Apple Music, along with videos and out-of-print merchandise.

    Fans can head to the website to register as a library member, and create their own library card. It’s pretty neat, but it looks like you can’t customise it on the site — you have to download the PNG file to add your mugshot into the corner. If you want to print it out and laminate it to throw in your wallet, go for it. 

    And that QR code? It heads to the GDPR website — s

    Read More

    Continue Reading
    GDPR

    Cookie consent tools are undermining GDPR

    A new study by researchers at MIT, UCL and Aarhus University suggests that most cookie consent pop-ups served to European internet users are likely defying regional privacy laws such as GDPR.The researchers published their findings in a paper titled “Dark Patterns after the GDPR: Scraping Consent Pop-ups and Demonstrating their Influence” which argues that vendors…

    A new study by researchers at MIT, UCL and Aarhus University suggests that most cookie consent pop-ups served to European internet users are likely defying regional privacy laws such as GDPR.

    The researchers published their findings in a paper titled “Dark Patterns after the GDPR: Scraping Consent Pop-ups and Demonstrating their Influence” which argues that vendors of consent management platforms (CMPs) are engaging in illegal practices, saying:

    active consent is required for tracking

    Read More

    Continue Reading