Get inside the latest trends in cyber security news, updates and industry threats from April in our monthly recap.
How Internet Service Policies are Changing in Preparation for GDPR
The news has been flooded with coverage of the recent issues stemming from large tech corporations and their misleading data policies – and the spotlight is gaining attention from service users and regulators who are fighting back for online privacy.
Maybe the most notable company under fire, Facebook has been in the headlines after it was uncovered the social network was gaining access to user data without proper consent. However this is not an isolated or rare occurrence with free online services. In most cases these unpaid platforms are able to provide service to users in exchange for their data.
However a driving force bringing to light these recent cases is helping put a stop them, and it comes from Europe’s new General Data Protection Regulations (GDPR) that goes into effect on May 25, 2018.
A massive overhaul of privacy on the web, GDPR is working towards preventing companies from opting users into unclear terms that are typically hidden in legal documents most do not read. This new wave in regulating user protection is forcing companies to restructure their terms and it can be seen through the flood of new service terms surfacing each day.
Services such as GoDaddy, Squarespace, Square, LinkedIn, Strava and SoundCloud along with most apps requiring users to sign-up for an account are pushing their updated terms out that comply with GDPR regulations.
As a whole this new regulatory is geared towards shaping safer web services with an emphasis on creating clearer terms and conditions that eliminate the opportunity for hidden, backdoor documentation. The GDPR will help to enable both the provider and user full disclosure of the data being accessed in online services to eliminate any misrepresentation that could potentially expose sensitive information and bad business practices.
So how does this latest policy impact organizations? As shared in our March report, the issue of data misuse spans across all markets and requires companies and their employees to take a deeper look into the services they are using. GDPR will help to eliminate some of the issues facing user privacy, but it is still critical for businesses to understand the type of terms they are agreeing to and how they are potentially allowing access to their organization’s sensitive data.
Cyber Security Importance in the Boardroom
There is no doubt the threats of cyber security is a growing problem organizations are facing with new risks popping up daily. This area of business where critical information, processes and technologies are in constant threat of a security hack has been gaining importance – especially in the boardroom.
Forbes recently did an interview with industry thought leader, Michael Yaeger, a special counsel focused on cybercrime/cybersecurity and data security matters, to answer the growing question: where does cyber security fit in the board’s accountability to company stakeholders. Highlighting how this growing problem and the ever-evolving risks of security are driving companies and their boards to take more action and precautions, the interview honed into some key areas.
“One basic function of a modern corporate Board is to oversee risk management, and many risks do not present themselves as cybersecurity issues.” a point discussed where disclosure of trade secrets and other sensitive business information from internal sources can alone create disastrous security risks. The article highlights the importance to implement privacy policies from the top down as a critical step in preserving company information as not all security risks originate from external threats and can come from a lack of employee training and awareness.
And as the topic of protecting sensitive company information is a hot button in today’s cyber space, board execs themselves are finding their not only at the top of the corporate hierarchy but also the top targets cyber criminals are after. The reasons are clear, the higher up, the more critical knowledge and access to data there is; and this is creating increased interest to protect themselves.
However as the advances in technology are making it even harder to stay ahead of cyber threats, boards must maintain an ongoing commitment to audit and revise security measures and services. “The board must ensure that the company has cyber risk management policies and procedures consistent with its strategy and risk appetite. Boards should review annual budgets for privacy and security, assign roles and responsibilities, and get regular briefings on cyber issues.” shares Yaeger a former Assistant U.S. Attorney of Eastern New York, where he investigated and prosecuted cases in the Business and Securities Fraud Section.
But not all security risks can be prevented, a sobering truth companies must come to terms with and implement incident response systems to minimize the damage from potential breaches. Building and prioritizing these security practices within an organization, boards will enable better protection and adequate response in the face of growing cyber threats.
Ending by urging companies to take a look into their security measures and evaluate them against a benchmark of being “reasonable”, reasonable in preventing and reasonable in responding to security threats; the vitality of an organization will reflect the board’s willingness to continuously evaluate and update their cyber security.
Learn more about our enterprise-class security and IT services and how we’re helping organizations stay ahead of cyber threats at infonaligy.com.
BakerHosteler Releases its Latest Security Incident Response Report
A comprehensive look behind the largest threats in cyber security facing today’s businesses, the 2018 Security Incident Response Report from BakerHosteler recently released and brought to light some of the long-term growing issues and new threats in the cyberspace.
There was no shortage of incidents throughout 2017, another record-setting year for data security attacks that cost and compromised businesses of all sizes. Attackers continued to up their game in exploiting vulnerabilities to gain access to sensitive, valuable data.
As the report highlights, while the advancing practices and technology of businesses continued to grow so did that of attackers who worked to develop new attacks that exposed weaknesses in industry innovations.
Taking the incidents that hit businesses throughout 2017, the report’s key findings include:
MFA is the Gold Standard
- Multifactor authentication (MFA) is becoming essential in organizations’ security measures and is raising interest in becoming a regulatory expectation.
Cloud security issues mainly stem from users
- Businesses migrating to the cloud has increased security related issues but these are most often caused by access privileges and cloud users rather than service providers.
The issues of the past are still present
- Businesses are still not executing on the basics and reoccurring security issues continue to arise from lack of good hygiene, preventive security measures and IT services.
Organizational Security involves all:
- With high stake incidents continuing on the rise, involvement of senior management and boards are necessary in data breach prevention and response.
No company is too small
- Businesses of all sizes are at risk of becoming the victim of a cyber-attack. With the more relaxed security practices of small to medium-sized businesses, attackers are taking advantage of them.
In-depth review of who these incidents are targeting in company industries and sizes are covered in the report with the majority in the healthcare, education, business services and hospitality sectors operating at 10M -100M annually. Majority of these incidents occurred from attacks stemming from phishing and network intrusion where ransomware and remote network use were involved.
Helping business executives prioritize their security spending and incident response plans; the key takeaway from this report reflects upon the many organizations that are not yet up to speed with the growing cyber threats in today’s marketplace. Lack of preventative and incident response measures are causing takedowns on a vast scale and only by targeting the needs of an organization’s security will the cyber liability across the globe decrease.
CFO’s & Cyber Security: Getting Control Back & Understanding True Costs
Our upcoming Lunch & Learn event specially designed for CFO’s and financial executives will be taking a look behind the long and short term costs of security incidents and how to better protect, prevent and respond in the face of a security breach. Gain real-world insights from the threats facing today’s organizations and the critical areas to focus in on with your security protection. Hear about the ways executives are helping their organization stay away from the growing risks in today’s digital space and how incident response efforts can help minimize the losses from an attack.
Attendance is free and lunch will be provided during the May, 31st event that takes place in Plano, Tx.