GDPR an opportunity to improve data systems and processes

Computer Weekly | May 20, 2019

GDPR an opportunity to improve data systems and processes
A year after the official implementation of the GDPR, it is important to highlight the positive opportunities that compliance provides and the insights breach reports are providing, say Deloitte consultants. Financial services organisations are among those that are taking compliance with the European Union’s General Data Protection Regulation (GDPR) very seriously, and the insights this is delivering is likely to help drive momentum in other sectors, according to Stephen Bonner, cyber risk partner at Deloitte. “In the larger financial services organisations, customer trust is absolutely key to what they do. But even for those who have been taking it seriously for a long time, the GDPR has helped to give data protection officers a voice in a more business-focused, broader discussion to get the support they need,” he told Computer Weekly. A year after the official implementation of the GDPR, Bonner said the real benefits of the regulation will start being realised as more organisations in all sectors report data breach incidents on a much bigger scale than ever before.

Spotlight

When 6.46 million LinkedIn password hashes were dumped in a Russian hacker forum, Rapid7 analyzed the first 165,000 cracked to see what password security lessons could be learned. The results reveal a worrying trend of people continuing to use obvious words or number sequences, which have by now become part of hackers' code-cracking algorithms. This infographic identifies the common mistakes to avoid in creating secure passwords.

Related News

Abnormal Security Finds phishing emails Designed to Spoof Notification Messages from Microsoft Teams

Microsoft | May 04, 2020

Attackers are exploiting the surge in the use of Microsoft Teams in an attempt to trap unsuspecting users, says Abnormal Security. Since Microsoft Teams is linked to Microsoft 365 and Office 365, any credentials stolen in the scam could be used to sign into other Microsoft accounts and services. The landing pages that host the phishing pages were created to look just like the real Microsoft pages. Cybercriminals have been taking advantage of virtually every aspect of the coronavirus to try to increase business. Among other consequences, the need to quarantine and work from home has triggered a surge in demand for virtual meeting and video chatting apps, including the business-oriented Microsoft Teams. A new phishing campaign discovered by security provider Abnormal Security is exploiting the greater use of Teams as a way to hijack Microsoft account credentials. The first campaign started on April 14 and went on for two days but hasn't been since since, according to Kenneth Laio, vice president of Cybersecurity Strategy at Abnormal Security. The second campaign began on April 29, lasted a few hours, and has not been recorded since then. The phishing emails were sent to Abnormal customers in such industries as energy, retail, and hospitality, Laio said. However, the attacks weren't targeted to any specific company or industry and, in fact, were designed in a generic way so they could be launched against anyone. The landing pages that host the phishing pages were created to look just like the real Microsoft pages. The images were copied from actual Microsoft notifications and emails, according to Abnormal Security. Plus, the sender email comes from a domain called "sharepointonline-irs.com," which may look legitimate at first glance, but is not registered either by Microsoft or the IRS. Learn more: THE TIME HAS COME TO BRING IN AI, MACHINE LEARNING AND AUTOMATION IN CYBERSECURITY. We would advise organizations and their employees to double-check the sender name and address for messages or notifications coming from Microsoft Teams. ~ Kenneth Laio, vice president Abnormal Security The images can be especially convincing on a mobile device where they take up most of the content on the screen. Further, users who are accustomed to notifications from Microsoft and other vendors might fail to investigate the messages and simply take the bait. Since Microsoft Teams is linked to Microsoft 365 and Office 365, any credentials stolen in the scam could be used to sign into other Microsoft accounts and services. To help organizations defend themselves and their employees from these Microsoft Teams phishing scams, Laio offers two pieces of advice. The phishing emails were sent to Abnormal customers in such industries as energy, retail, and hospitality, However, the attacks weren't targeted to any specific company or industry. ~ Laio said "We would advise organizations and their employees to double-check the sender name and address for messages or notifications coming from Microsoft Teams," Laio said. "For both campaigns, the sender names are innocuous ('chat content' and 'work flow'), but the email addresses that they are sent from have no relation to Microsoft, Microsoft Teams, or the organization itself. "In addition, we would advise everyone to always double check the web page's URL before signing in. Attackers will often hide malicious links in redirects or host them on separate websites that can be reached by safe links. This allows them to bypass link scanning within emails by traditional email security solutions. Learn more: CORONAVIRUS MALWARE ROUNDUP: WATCH OUT FOR THESE SCAMS. v

Read More

DATA SECURITY

NETSCOUT Announces Availability of Omnis Cyber Intelligence

NETSCOUT | November 08, 2021

NETSCOUT SYSTEMS, INC.a leading provider of cybersecurity, service assurance, and business analytics solutions, today announced the availability of Omnis® Cyber Intelligence (OCI), the industry's fastest and most scalable network security software solution, built on the foundation of the industry's most prominent network monitoring and packet recording and analysis technology. It uniquely detects and investigates suspicious activities in real-time and retrospectively, identifies threats early in the attack life cycle to prevent infections from spreading, stops future attacks, and identifies compromised assets. With cyberattacks increasing and breaches making front-page news, IT security teams find that their existing tools are no match for this growing threat, and both their expenses and their cyber risk are growing out of control. This is the case because the typical data sets feeding these tools are reactive, not granular, and do not extend to the earliest indications of a potential attack. NETSCOUT's approach to turn the situation around is to leverage its market-leading visibility technology to increase the range and depth of security intelligence and make it accessible to security teams in real-time. The solution consists of an analytics stack and cyber security software sensors called Omnis CyberStreams. NETSCOUT's Omnis Cyber Intelligence arms security teams with proactive, actionable intelligence helping them to: Perform continuous scanning and analysis for reconnaissance to detect attacks earlier, minimizing exposure and, in many cases, thwarting the threat. Rapidly access high-resolution historical evidence far back in time to understand how an attack started to prevent similar breaches and stop ongoing malicious activity. Monitor exposed attack surfaces within their infrastructure to optimize the effectiveness of the defenses deployed. Evaluate the extent of penetration and impacted assets when attacks occur to prevent malware from spreading. Deploy on-premises, in virtualized data centers, and the public cloud, supporting an organization's evolving deployment preferences without impacting security governance and workflows. Integrate with their security ecosystem through APIs and partnerships with leading vendors such as Splunk, Palo Alto Networks, and AWS. As a result, the effectiveness of customers' existing security tools and the productivity of analysts improve, and they can get ahead of the vicious cycle of both rising costs and rising cyber risk. "NETSCOUT's unique ASI technology allows companies to truly unlock the actionable intelligence embedded in network transactions and packets,Where others have failed, NETSCOUT has made the use of packet data fast and affordable with their patented metadata extraction, intelligent reduction, and indexing. Omnis Cyber Intelligence provides security analysts with the information they need to quickly and accurately assess the scope and scale of an incident and reduce the associated risk and negative impact." Christopher Kissel, research director, security and trust products, IDC "Enterprises have invested heavily in cybersecurity solutions, but they are largely ineffective because they lack the actionable visibility needed to spot attacks before they have broad impact," stated Sanjay Munshi, vice president, product management, NETSCOUT. "As attack surfaces expand, the Omnis Cyber Intelligence solution extends throughout the infrastructure, integrates into existing ecosystems, and becomes part of the growing movement towards XDR, using meaningful metadata, or smart data, and powerful cyber analytics to quickly get to the root cause of the cybersecurity issue and mitigate risk." About NETSCOUT NETSCOUT SYSTEMS, INC. helps assure digital business services against security, availability, and performance disruptions. Our market and technology leadership stems from combining our patented smart data technology with smart analytics. We provide real-time, pervasive visibility and insights customers need to accelerate and secure their digital transformation. Omnis® Cyber Intelligence delivers the fastest and most scalable network security solution available on the market. NETSCOUT nGenius® service assurance solutions provide real-time, contextual analysis of service, network, and application performance. And Arbor® Smart DDoS Protection by NETSCOUT products help protect against attacks that threaten availability and advanced threats that infiltrate networks to steal critical business assets.

Read More

DATA SECURITY

Credence Security, a Leading Cybersecurity and Digital Forensics Value-Added Distributor, has Launched a New Partner Portal

CREDENCE SECURITY | June 03, 2021

The demand for leading cybersecurity and digital forensics solutions is higher than ever. For over 20 years, Credence Security, a PAN-EMEA specialty distributor, has led in these areas along with governance, risk, and compliance, based in Dubai and regional presence in Johannesburg, London, Nairobi, New Delhi, and Saudi Arabia. Credence Security provides cybersecurity and digital forensics solutions to both public and private sector enterprises through a select network of specialist resellers. In exciting news from the company, in response to its continued rapid growth, Credence Security recently announced the launch of its new Credence Security Partner Portal, which will enable easier deal registration, better tracking of opportunities, and SPIFF programs, access to sales and marketing materials, and much more. This is expected to be a precious tool for the company's resellers. "Our channel partners are one of our most important relationships," commented Philip Cherian, Regional Channel Director. "We paid attention to our partner feedback and enhanced our Channel Partner Program and Partner Experience Portal, doubling down on our commitment to helping them succeed by continuing to invest in our Channel, tools, and infrastructure to support our partners across the region and make it even easier for them to do business with our vendors and us." Credence Security is built on the foundation of 4 focus pillars – Continuous Adaptive Risk and Trust Assessment, Data Protection and Governance, Digital Forensics and Incident Response and Identity, Payments, and Data Security. "The value delivered in all of these areas is something that continues to grow, both as technology advances, but also from the company making every effort to understand the challenges partners and clients face so they can be more effectively addressed," commented Moe Bux, Regional Sales Director. "This strategy has been a key component in Credence Security's success and continued value-added growth." The Credence Security Partner Portal launch arrives on the back of a record-breaking year for the channel team, which saw its best year across the channel in respect of: • Channel team growth • Overall revenue growth generated by our specialist resellers • Partner growth in both geographical as well as vertical expansion ABOUT CREDENCE SECURITY Established in 1999, Credence Security, a PAN-EMEA specialty distributor, is cybersecurity, forensics, governance, risk, and compliance. Unlike most other distributors, we take a consultative "value-add" solution approach; we collaborate with our partners and their customers to understand their needs, both from a technology and business perspective, and then work very closely with our partners to deliver tailor-made solutions. Working closely with globally recognized, award-winning vendors including AccessData, ESET, Entrust, Magnet Forensics, ZeroFox, and Trustwave, Credence Security provides best-in-class, Cybersecurity and Forensics technologies and solutions to protect organizations against advanced persistent threats, malicious adversaries, and internal malpractice.

Read More

Spotlight

When 6.46 million LinkedIn password hashes were dumped in a Russian hacker forum, Rapid7 analyzed the first 165,000 cracked to see what password security lessons could be learned. The results reveal a worrying trend of people continuing to use obvious words or number sequences, which have by now become part of hackers' code-cracking algorithms. This infographic identifies the common mistakes to avoid in creating secure passwords.