IT Governance has provided a useful checklist for SME businesses looking for information on how companies, in this GDPR environment, need to respond and report data breaches. This is mandatory for businesses that interact with personal identifiable information as it underpins the GDPR legislation they must adhere to.
Symantec Corporation, one of the world’s biggest data security providers, argues that the ever-changing IT landscape means that network managers, IT leaders and business managers need to move away from theoretical “ifs” and instead focus on the probabilities of “when and by whom” their network infrastructure will be attacked maliciously.
“In a multi-platform environment, sensitive information may no longer be completely under our control. It could be on any device, shared in unauthorized locations, or accessed by the right people in the wrong way. This raises the need to manage every facet of what is being accessed, by whom, when, where, and how.”
They argue that data discovery, visibility of data flows, data classification, identify management, encryption, access control along with sound governance and compliance in collaboration will help protect businesses.
To find out more, why not read Symantec’s latest research here…
The National Cyber Security Centre, the UK Government’s top cyber security agency, defeats around 10 attacks a week – more than one a day. The majority of attacks are from ‘state-sponsored’ cyber actors
The agency removed nearly 140,000 phishing sites from the UK and globally. It awarded nearly 10,000 Cyber Essentials Certificates – a ground breaking new certification scheme to help promote good cyber security hygiene and control standards in the UK.
However, to help counter this ever-growing threat. The NCSC has a strategy to help promote good practice:
“To improve information sharing with the cyber security industry, we are continuing to develop a suite of services which automate the processing and sharing of information and events. We have already launched a pilot that shares indicators of compromise with one of the UK’s leading internet service providers. This gives their customers better protection automatically at no extra cost.”
This drive and Government commitment to help improve cyber security will help construct a solid groundwork among cyber security practitioners that will help drive a new gold standard within the sector.
The news that thousands of British Airways passenger information had been affected during a malicious cyber attack at the UK’s flag bearing airline. The firm reported itself to the Information Commissioner’s Office for investigation.
The interim statement is as follows:
“The ICO’s investigation into a cyber attack at British Airways is ongoing. Meanwhile, we advise people who may have been affected to be vigilant when checking their financial records and to follow the advice on the ICO, National Cyber Security Centre and Action Fraud websites about how they can protect themselves and their data online.”
The ICO will continue to investigate the breach.
The troubled social networking giant, Facebook, was this week hit by a gigantic £500,000 fine from UK data protection regulator, the Information Commissioner’s Office. The fine was due to serious data protection breaches and is the highest pre-GDPR fine possible.
The fine, whilst massive, will be a drop in the ocean for the social networking giant. The company could have been hit with a €20 million Euro fine if the breach had occurred during the new data protection regime that heralded the arrival of GDPR.
The ICO stated:
“The ICO’s investigation found that between 2007 and 2014, Facebook processed the personal information of users unfairly by allowing application developers access to their information without sufficiently clear and informed consent, and allowing access even if users had not downloaded the app, but were simply ‘friends’ with people who had.
Even after the misuse of the data was discovered in December 2015, Facebook did not do enough to ensure those who continued to hold it had taken adequate and timely remedial action, including deletion. In the case of SCL Group, Facebook did not suspend the company from its platform until 2018.”
A million UK Facebook users’ personal data was harvested and the length of time between discovery and the suspension (of the penetrators) raises questions and concerns about Facebook’s standards. This was a failure that resulted in the protection of privacy afforded under the Data Protection Act to be nil and void as Facebook failed to protect its users from rouge elements.
The personal identifiable information of nearly 10 million Cathay Pacific airline users have been accessed illegally. The breach is one of the biggest in global aviation history. The leak has resulted in a massive data breach – one that has seen email addresses, passport numbers, expired credit card details and other important personal information being released.
The company announced a data security ‘event’ on its blog. The ‘event’ was the discovery of a major unauthorized breach of its IT infrastructure. The company stated:
“We are in the process of contacting affected passengers, using multiple communications channels, and providing them with information on steps they can take to protect themselves. We have no evidence that any personal data has been misused. No-one’s travel or loyalty profile was accessed in full, and no passwords were compromised.”
Anyone affected has been asked to visit www.infosecurity.cathaypacific.com to find out more about what they need to do. The company can also contact the UK call centre if they have any worries.