GDPR an opportunity to improve data systems and processes

Computer Weekly | May 20, 2019

A year after the official implementation of the GDPR, it is important to highlight the positive opportunities that compliance provides and the insights breach reports are providing, say Deloitte consultants. Financial services organisations are among those that are taking compliance with the European Union’s General Data Protection Regulation (GDPR) very seriously, and the insights this is delivering is likely to help drive momentum in other sectors, according to Stephen Bonner, cyber risk partner at Deloitte. “In the larger financial services organisations, customer trust is absolutely key to what they do. But even for those who have been taking it seriously for a long time, the GDPR has helped to give data protection officers a voice in a more business-focused, broader discussion to get the support they need,” he told Computer Weekly. A year after the official implementation of the GDPR, Bonner said the real benefits of the regulation will start being realised as more organisations in all sectors report data breach incidents on a much bigger scale than ever before.

Spotlight

The days of technical efficacy and "best-of-breed" functionality being the key drivers of security vendor selection are well and truly over, if they ever existed. Security buyers are more motivated by how well products and services fit in with their existing environment; how they enable better operating models and approaches; and where the capability resides to get the job done, whether that be in-house or among trusted third parties. In fact, security is increasingly about bigger considerations than mitigating the latest threat through an additional feature.

Spotlight

The days of technical efficacy and "best-of-breed" functionality being the key drivers of security vendor selection are well and truly over, if they ever existed. Security buyers are more motivated by how well products and services fit in with their existing environment; how they enable better operating models and approaches; and where the capability resides to get the job done, whether that be in-house or among trusted third parties. In fact, security is increasingly about bigger considerations than mitigating the latest threat through an additional feature.

Related News

PLATFORM SECURITY

Delinea Onsite Survey Reveals Top Cybersecurity Concern in 2022

Delinea | June 10, 2022

Delinea, a leading supplier of privileged access management (PAM) solutions for seamless security, today released the findings of its own anonymous onsite poll of cybersecurity experts attending this week's RSA Conference at the Moscone Center in San Francisco. The poll of over 100 cybersecurity experts questioned participants about their top cybersecurity worries for 2022, as well as where they stood on cyber insurance and cyber hygiene procedures. Notably, the poll discovered that cloud security (37%) would be the top cybersecurity issue in 2022, surpassing ransomware (19%) and remote employees (17%). According to the poll, 80% of respondents believe their company has not been infiltrated in the last 12 months. This positive effect might be attributed to greater cyber hygiene among workers. According to the poll, 59% of respondents do not use the same password on several accounts, and almost two-thirds (66%) utilize multi-factor authentication (MFA) wherever it is available. "Protecting digital assets in the cloud is becoming priority number one, reflecting a more proactive approach to cybersecurity. As businesses become more reliant on the cloud for infrastructure, application development, and business process automation, security skills and solutions need to keep up. Securing privileged access to cloud infrastructure and workloads before attackers take advantage is imperative." Joseph Carson, chief security scientist and advisory CISO at Delinea Joseph Carson further added "Passwords should never be the only security control for accessing critical systems, applications, and privileges. By implementing MFA controls, it adds an extra layer of protection, should an attacker be able to compromise a password. MFA should be required not only at system log-in, but also at the point of horizontal and vertical privilege elevation."

Read More

SOFTWARE SECURITY

Cybersecurity Company Lumu Raises $8M, Signs Partnership with KnowBe4, the World's Largest Integrated Platform for Security Awareness Training

Lumu | August 08, 2022

Lumu, creators of the Continuous Compromise Assessment cybersecurity model that empowers organizations to measure compromise in real time, today announced it has closed an $8 million investment round, bringing total funding to $15.5 million. Led by Panoramic Ventures, the investment will serve as growth capital for sales and marketing initiatives to further Lumu's mission of helping organizations operate cybersecurity proficiently. Other investors include KnowBe4 Ventures, Lane Bess, former Zscaler and Palo Alto Networks executive, and Tom Noonan, former CEO at Internet Security Systems and the SoftBank Group's SB Opportunity Fund. "We are excited to continue to support Lumu through this phase of hypergrowth, as organizations across all verticals are realizing the value of measuring compromise within their networks and acting on this factual data immediately," said Paul Judge, Managing Partner of Panoramic Ventures. "The innovation Lumu is bringing to the market is evident and a true game-changer for cybersecurity operations." Lumu's Continuous Compromise Assessment model enables any organization to measure and understand compromise to close the breach detection gap from months to minutes continuously and intentionally. Teams receive actionable information about who was impacted, when the incident took place and how best to respond before it escalates to a bigger problem. The company has experienced hyper-growth in 2021 and 2022 and now has more than 3,100 organizations using its technology. The Lumu platform has analyzed more than 1 trillion metadata and detected more than 345 million adversarial contacts. "With today's economy, hiring constraints and the non-stop cyber threats, companies need tools that enable an accurate understanding of, and swift response to, potential attacks. "Our platform provides context at the granular level to understand each and every incident and the specific techniques used by attackers so that cybersecurity operators can mitigate malicious incidents and overall improve their cybersecurity stack. With cybercriminals quick to take advantage of economic downturns, this funding round emphasizes just how critical of a time it is for enterprises to prioritize protection and defense mechanisms." Ricardo Villadiego, Founder and CEO of Lumu The capital will also be used to scale the company's initiative to consistently attract exceptional talent to amplify the reach of Lumu's cyber industry-leading resilience message and to build credibility with target audiences to help companies of all sizes and verticals proficiently operate cybersecurity functions. KnowBe4 is one of the key investors joining Lumu's funding round. The companies will join forces to further their missions of enabling employees and security teams to make smarter security decisions every day. Miami-based Lumu is founded and led by Ricardo Villadiego, a successful second-time founder who is part of the SB Opportunity Fund's community of visionary Black, Latinx, and Native American entrepreneurs. About Lumu Headquartered in Miami, Florida, Lumu is a cybersecurity company focused on helping enterprise organizations illuminate threats and isolate confirmed instances of compromise. Applying principles of Continuous Compromise Assessment, Lumu has built a powerful closed-loop, self-learning solution that helps security teams accelerate compromise detection, gain real-time visibility across their infrastructure, and close the breach detection gap from months to minutes.

Read More

PLATFORM SECURITY

Vectra Becomes AWS Security Competency Partner

Vectra | June 30, 2022

Vectra AI, a pioneer in threat detection and response, said today that it has been an Amazon Web Services (AWS) Security Competency Partner, proving its technical knowledge and demonstrated customer success when it comes to further protecting AWS environments. The competence designation acknowledges Vectra's strong cloud security experience and proven technology, which assists clients in further enhancing their security measures across hybrid architectures and cloud environments. Vectra's AWS Security Competency distinguishes it as an AWS Partner Network (APN) member that delivers specialized threat detection technologies to assist organizations in adopting, developing, and deploying complex security projects on AWS. To be eligible for this distinction, APN members must have extensive AWS knowledge and be able to offer solutions on AWS effortlessly. Vectra earned AWS Security Competency accreditation after a thorough qualification process based on references and customer feedback. "Becoming an AWS Security Competency Partner is an exciting milestone for Vectra and for many of our customers who leverage AWS as a critical component in their everyday operations. Solving threat detection and response challenges for our customers is top priority and this competency further validates our ability to do that in the cloud and wherever organizations choose to configure their environments." Michael Porat, Vectra SVP, Corporate and Business Development "We are an AWS shop. Using AWS VPC Traffic Mirroring, Vectra gives us full visibility into our Nitro-based instances," said Mirza Baig, IT Security Manager at Municipal Property Assessment Corporation (MPAC). To monitor all infrastructure-as-a-service traffic, the Vectra platform interfaces with AWS Virtual Private Cloud (VPC) traffic mirroring. It also integrates with AWS Security Hub to publish Vectra detections as findings, enabling security teams to correlate Vectra attacker detections with other data sources for faster threat hunting and incident investigations. "Achieving the AWS Security Competency validates Vectra for its technical expertise and ability by enabling customers to further secure their journey through the different stages of cloud adoption—from migration through day-to-day management," said Dudi Matot, Security Segment Lead at AWS.

Read More