Cybersecurity in Europe is Improving: Thank You GDPR?

| December 4, 2018

article image
After years of debate over whether to impose new cybersecurity regulations on companies, General Data Protection Regulation (GDPR) laws went into effect in Europe in May 2018. Already we’ve seen several data breach victims ordered to pay fines under the new rules and cookie disclosure notices are popping up on more websites than ever. But let’s think about the bigger picture. Is GDPR working? How would we know? For years, global policymakers have struggled to develop effective responses to cyber threats, in part because we just don’t have the data to help us understand what’s actually happening in cyberspace. Think about it — if you’re a U.S. policymaker considering ways to address American unemployment, you can turn to the Department of Labor’s Bureau of Labor Statistics for data that measures labor market activity, working conditions, and price changes in the economy. Or the U.S. Census Bureau for quality data on personal and economic issues.

Spotlight

RedShield Security Limited

RedShield is one of the most effective web-application defence systems you can buy. Put simply, we are experts in web-application vulnerability remediation as a service. WEB-DEFENCE: RedShield redefines what a web-app protection service should do. We are the world’s first web-application defence system to be targeting 100% vulnerability mitigation.

OTHER ARTICLES
ENTERPRISE SECURITY

Cybersecurity Awareness: the need of the Hour for Businesses

Article | October 13, 2021

No business can afford to be apathetic with cybersecurity. Cybersecurity awareness in businesses- it is high time for businesses to focus on this as the number of online frauds targeting corporates and other businesses to make easy money is increasing. As technology evolves, these online criminals invent new ways to get into accounts and steal sensitive data. No doubt that if businesses are not focusing on an effective cybersecurity strategy, it will jeopardize your businesses. Sadly and alarmingly, many are not aware of it, including corporates, or take it seriously. In simple terms, cybersecurity awareness is the understanding of what cyber threats are, what impact they can make on a business, and the steps to reduce the risk and prevent online crime. This cybersecurity awareness will make your employees work safely and run your business hassle-free. Phishing, viruses, malware, worms, trojans, spams, etc., are some of the cyber threats a business can undergo. Need not say what impact these threats will bring to your business! It will create a lot of damage to your business; even the reputation and brand image can be lost. It can also devastate your business as a whole, and you may have to start from the beginning. How will you start again if you have invested all earnings in your business, which is devastated due to the cyber-attack? How can you promote cybersecurity awareness at your work premises and among your employees? Read further to get insights and protect your business. Promoting Cybersecurity Awareness in businesses A simple mistake from any of your employees can be an opportunity for online fraud to get into your business and steal sensitive data. Moreover, this human error is the most significant factor in significant cybersecurity breaches. This can be due to the employee not being aware of it and its consequences. Indeed, you cannot blame the employees if they are ignorant of it. Therefore, as an employer, the ball is in your court. Thus, promoting awareness of cybersecurity risks is a need of the hour for corporates and even for other small businesses. Go further to get some tips on how to promote cybersecurity awareness in your business. Not Just the Job of IT Department To maintain cybersecurity, you have to take every employee of your business onboard. Therefore, the cybersecurity strategy you develop should be inclusive of every employee in your organization. In addition, all departments promote better cyber awareness, including human resources, legal, marketing, sales, and finance. Therefore, the cybersecurity awareness efforts are simply a job of the entire organization and not just the responsibility of the IT team. Therefore, your success lies where you successfully involve every employee under the IT team's leadership. In an interview of Media 7 with Anjali Gugle, Security Architect and Officer, CX Cloud Platform Security at Cisco, she said, “Security is everybody’s responsibility. Because of that, it spans over different roles and responsibilities. In most cases, security is often an afterthought in the development lifecycle. We have embraced the "Shift left” approach to enterprise security with centralized policy management in cloud-based management. This enables deriving valuable security insights and continuous security monitoring as different security services come under one roof.” Anjali Gugle, Security Architect and Officer, CX Cloud Platform Security at Cisco Educate Yourself and Your Employees Your business needs to educate your employees about the probable cyber threats your business can face. Cybersecurity awareness programs will be in vain if you and your employees are not aware of the possible cyber security threats your business can face. This will make them recognize and get away from the most common threats the businesses face, including phishing emails, other traditional fishing attacks, ransomware, malware, and malicious social media links. You can also make them aware of the recent cyber-attacks in the business world and their losses. This knowledge is vital to any cybersecurity awareness efforts. Moreover, you cannot teach your employees unless you are aware of it. Awareness Programs As part of generating cybersecurity awareness in businesses, you can also conduct various cybersecurity awareness programs for your employees. For example, you can have the below methods as part of your cybersecurity programs. Cybersecurity quizzes Displaying cybersecurity posters at prominent places Sharing occasional cybersecurity updates and tips Showing interesting and entertaining cybersecurity videos This will inculcate a sense of cybersecurity awareness in their minds. Moreover, this awareness will make them think twice before they take any action online. Regular Cybersecurity Audits The cybersecurity requirements of each company can be different. The success of cybersecurity awareness programs, policies, and safety measures depends upon how they serve the needs of the organizations. Therefore, solutions that best meet the particular cybersecurity demands of the company should be implemented in companies. Business owners and managers have to focus on ensuring this. Regular cybersecurity audits will give you a picture of what requirements you have at present. It also will evaluate how effective your present policies are. This way, the company can formulate new protocols to protect your company. Summing UP Compromising with cybersecurity will devastate your business. Therefore, IT professionals should have the skills related to cybersecurity, while other employees need to have cybersecurity awareness. Cybersecurity awareness comprises knowledge of possible threats, their impacts, and measures to protect your business. Businesses can have various awareness programs to educate employees to be aware of the threats and increase awareness. Also, have to audit regularly the policies in your company to check their effectiveness. Frequently Asked Questions Why is cybersecurity awareness in businesses so important? When the employees in a company are aware of the possible cybersecurity threats, they are likely to refrain from suspicious activities. This is because they know the impact of cyber-attack on business. How can a company raise cybersecurity awareness among employees? The company can make the employees aware of cybersecurity threats by educating them on recent attacks and their impacts. Moreover, the company can also educate the employees regarding the possible threats a particular company can have. { "@context":"https://schema.org", "@type":"FAQPage", "mainEntity":[{ "@type":"Question", "name":"Why is cybersecurity awareness in businesses so important?", "acceptedAnswer":{ "@type":"Answer", "text":"When the employees in a company are aware of the possible cybersecurity threats, they are likely to refrain from suspicious activities. This is because they know the impact of cyber-attack on business." } },{ "@type": "Question", "name": "How can a company raise cybersecurity awareness among employees?", "acceptedAnswer": { "@type": "Answer", "text": "The company can make the employees aware of cybersecurity threats by educating them on recent attacks and their impacts. Moreover, the company can also educate the employees regarding the possible threats a particular company can have." } }] }

Read More

How Organizations can prepare for Cybersecurity

Article | October 13, 2021

According to a Gartner study in 2018, the global Cybersecurity market is estimated to be as big as US$170.4 billion by 2022. The rapid growth in cybersecurity market is boosted by new technological initiatives like cloud-based applications and workloads that require security beyond the traditional data centres, the internet of things devices, and data protection mandates like EU’s GDPR. Cybersecurity, at its core, is protecting information and systems from cyberthreats that come in many forms like ransomware, malware, phishing attacks and exploit kits. Technological advancements have unfortunately opened as many opportunities to cybercriminals as it has for the authorities. These negative elements are now capable of launching sophisticated cyberattacks at a reduced cost. Therefore, it becomes imperative for organizations across all industries to incorporate latest technologies to stay ahead of the cybercriminals. Table of Contents: - What is the cybersecurity scenario around the world? - Driving Management Awareness towards Cybersecurity - Preparing Cybersecurity Workforce - Cybersecurity Awareness for Other Employees - Conclusion What is the cybersecurity scenario around the world? Even as there has been a steady increase in cyberattacks, according to the 2018 Global State of Information Security Survey from PwC: 44% companies across the world do not have an overall information security strategy, 48% executives said they do not have an employee security awareness training program, and 54% said they do not have an incident response process. So, where does the problem lie? Many boards still see it as an IT problem. Matt Olsen, Co-Founder and President of Business Development and Strategy, IronNet Cybersecurity. Cybersecurity The greater responsibility of building a resilient cybersecurity of an organization lies with its leaders. There is a need to eliminate the stigma of ‘risk of doing business lies solely with the technology leaders of an organization. Oversight and proactive risk management must come under CEO focus. According to the National Association of Corporate Directors' 2016-2017 surveys of public and private company directors, very few leaders felt confident about their security against cyberattacks, perhaps due to their lack of involvement into the subject. Driving Management Awareness towards Cybersecurity • Gain buy-in by mapping security initiatives back to business objectives and explaining security in ways that speak to the business • Update management about your current activities pertaining to the security initiatives taken, recent news about breaches and resolve any doubts. • Illustrate the security maturity of your organization by using audit findings along with industry benchmarks such as BSIMM to show management how your organization fares and how you plan to improve, given their support. • Running awareness program for your management regarding spear-phishing, ransomware and other hacking campaigns that aim for executives and teach how to avoid them. The bottom line is that leaders can seize the opportunity now to take meaningful actions designed to bolster the resilience of their organizations, withstand disruptive cyber threats and build a secure digital society. The bottom line is that leaders can seize the opportunity now to take meaningful actions designed to bolster the resilience of their organizations, withstand disruptive cyber threats and build a secure digital society.. Pwc READ MORE: WEBROOT: WIDESPREAD LACK OF CYBERSECURITY BEST PRACTICES /11029 Preparing Cybersecurity Workforce Hackers are able to find 75% of the vulnerabilities within the application layer. Thus, developers have an important role to play in the cybersecurity of an organization and are responsible for the security of their systems. Training insecure codingis the best way to raise their cybersecurity awareness levels. Raising Cybersecurity Awareness in Developers: • Training developers to code from the attackers’ point of view, using specific snippets from your own apps. • Explain in-depth about vulnerabilities found by calling remedial sessions. • Find ways to make secure coding easier on developers, like integrating security testing and resources into their workflow and early in the SDLC/ • Seek feedback from developers on how your security policies fit into their workflow and find ways to improve. Cybersecurity Awareness for Other Employees According to the Online Trust Alliance’s2016 Data Protection and Breach Readiness Guide, employees cause about 30% of data breaches. Employees are the weakest link in the cybersecurity chain. But that can be changed by creating awareness and educating them on the risks surrounding equipment, passwords, social media, the latest social engineering ploys, and communications and collaboration tools.Make standard security tasks part of their everyday routine, including updating antivirus software and privacy settings, and taking steps as simple as covering cameras when they end a video conference call. Conclusion: The technological advancements are moving faster than anF-16, so the measure are by no means exhaustive. The important thing is to keep pace with numerous cybersecurity measures to not fall prey to a cyberattack. Every organizational level plays an important role in achieving a matured security infrastructure, thus making awareness and participation mandatory. Organizations should consider a natively integrated, automated security platform specifically designed to provide consistent, prevention-based protection for endpoints, data centers, networks, public and private clouds, and software-as-a-service environments READ MORE: A 4 STEP GUIDE TO STRONGER OT CYBERSECURITY

Read More

5G and IoT security: Why cybersecurity experts are sounding an alarm

Article | October 13, 2021

Seemingly everywhere you turn these days there is some announcement about 5G and the benefits it will bring, like greater speeds, increased efficiencies, and support for up to one million device connections on a private 5G network. All of this leads to more innovations and a significant change in how we do business. But 5G also creates new opportunities for hackers.Gartner predicts that 66% of organizations will take advantage of these benefits and adopt 5G by 2020 — with 59% of them planning to use 5G to support the Internet of Things across their business. Already, manufacturers including Nokia, Samsung, and Cisco have either started developing 5G enterprise solutions or have publicly announced plans to do so. In the enterprise, full deployment of private 5G networks will take time, as it requires significant investments to upgrade legacy network infrastructures, observers say. In the meantime, there are instances of devices in the workplace already operating on a 5G network.

Read More

Security News This Week: A Tiny Piece of Tape Tricked Teslas Into Speeding Up 50 MPH

Article | October 13, 2021

This week was filled with wide-scale calamity. Hundreds of millions of PCs have components whose firmware is vulnerable to hacking which is to say, pretty much all of them. It's a problem that's been known about for years, but doesn't seem to get any better. Likewise, Bluetooth implementation mistakes in seven SoC—system on chips—have exposed at least 480 internet-of-things devices to a range of attacks. IoT manufacturers will often outsource components, so a mistake in one SoC can impact a wide range of connected doodads. The most troubling part, though, is that medical devices like pacemakers and blood glucose monitors are among the affected tech. YouTube Gaming, meanwhile, wants to take Twitch's crown as the king of videogame streaming. But its most-viewed channels are almost all scams and cheats, a moderation challenge that it'll have to take more seriously if it wants the legitimacy it's spending big money to attain. In another corner of Alphabet's world, hundreds of Chrome extensions were caught siphoning data from people who installed them, part of a sprawling adware scheme.

Read More

Spotlight

RedShield Security Limited

RedShield is one of the most effective web-application defence systems you can buy. Put simply, we are experts in web-application vulnerability remediation as a service. WEB-DEFENCE: RedShield redefines what a web-app protection service should do. We are the world’s first web-application defence system to be targeting 100% vulnerability mitigation.

Events