cioinsight.com
Home > RSS Feeds > News
  • Legislation that mandates stronger data protection will take effect in the European Union next May, affecting the way organizations collect, store, manage and protect customer data. Many European and U.S. companies doing business in the EU aren't ready to comply with the tougher rules of the EU General Data Protection Regulation (EU GDPR). That is one key finding of "EU GDPR: Countdown to Compliance," a report based on a recent survey of corporate IT professionals in five countries. Interestingly, many U.S. companies appear to be better prepared than their EU counterparts, "though they still have a long way to go," stresses Richard Stiennon, chief strategy officer of Blancco Technology Group, which conducted the study. One rule pertains to a consumer's "right to be forgotten": basically, to have all personally identifiable information (PII) permanently deleted from an organization's records. The many enterprises that aren't sure where their customer data is stored—or that use unreliable data removal methods—will struggle to comply, the report points out. Survey respondents are also concerned about the 72-hour breach notification and the need to maintain written records of data processing activities. Stiennon urges businesses to address these issues, observing, "American execs should have a complete picture of all the EU citizen and resident data their companies are storing and processing so they can ensure they are adequately protecting that data."

  • It doesn't take much research to know that 2016 was a bad year on the security front: A cursory review of the headlines tells the story. The year brought a new level of creativity and brazenness among cyber-criminals, who took things to a new level with expanded ransomware techniques, multi-million-dollar virtual bank heists, and even attempts to disrupt the U.S. presidential election. But a thoroughly detailed report can put things in a starker perspective, and Symantec's "2017 Internet Security Threat Report" makes it clear that the fast-changing threat landscape will challenge even the most diligent security teams well into 2017 and beyond. "New sophistication and innovation are the nature of the threat landscape, but this year, Symantec has identified seismic shifts in motivation and focus," said Kevin Haley, director of Symantec's Security Response unit. "Meanwhile, cyber-criminals caused unprecedented levels of disruption by focusing their exploits on relatively simple IT tools and cloud services." Email continued to be a favored platform, with Symantec finding that more than 400 companies are targeted by so-called business email compromise scams every day—a practice the FBI estimates has led to a loss of more than $3 billion over the past three years.

  • A growing number of influential tech companies signed on to the idea of honoring the Paris climate agreement, regardless of what the federal government does.

  • Malware continues to be a major factor in cyber-crime, and a growing volume contains ransomware. That's among the key findings of the 10th annual "Verizon 2017 Data Breach Investigations Report," which is based on data from 42,068 incidents and 1,935 breaches in 84 countries. Just three years ago, ransomware ranked 22nd among specific types of malware used. This year, it jumped to the fifth most-common type. Cyber-espionage is also on the rise, due largely to the proliferation of propriety research, prototypes and confidential personal data, which are hot-ticket items for cyber-criminals. Of the nearly 2,000 breaches analyzed for this year's report, more than 300 were espionage-related, and many of them originated as phishing emails. Pretexting—a scam in which a hacker pretends to need information to confirm a user's identity—is also increasing, predominantly via emails targeted at financial department employees. Marc Spitler, senior manager with Verizon Security Research and one of the lead authors of the report, urges businesses to implement the most up-to-date security protocols across their business. "There is no such thing as an impenetrable system, but getting the basics right makes a world of difference," he said. Spitler offered three quick tips: Grant system access only to staffers that need it for work; train employees to spot the warning signs of a breach; and patch promptly to guard against attacks.

  • The arms war between hackers and the business world continues to escalate. Although security tools and methods have improved dramatically over the last few years, cyber-attacks have become increasingly sophisticated, and almost every enterprise is now on high alert—especially after the recent WannaCry ransomware attack, which affected organizations around the world. Cyber-security firm SentinelOne offers some perspective in its "Enterprise Risk Index." Among the key issues and trends shaping today's cyber-security landscape: Nation state actors increasingly trade infection sustainability for stealth; they rely on multiple attack vectors in one attack chain; and the price for a ransomware infection is rising. However, the cost for recovery can also be steep. To more accurately pinpoint risk, the study focused on detections at the endpoint, rather than the gateway or statistical data from cloud collection systems. It also used machine learning to study behavioral characteristics of attacks. Here are some of the key findings from the study, which examined filtered data collected from more than two million data agents running on Windows machines.