After Avast's Malefaction, Data Protection should be High-Priority

SC Magazine UK | February 14, 2020

  • Avast had been harvesting the web browsing data habits from its hundreds of millions of customers to supply some of the world’s biggest firms.

  • Avast's wrongdoings are what many privacy and security experts have long warned about: Attempts to deanonymize data sets.

  • The story stands as a lesson for consumers and calls for them to ensure that their data is protected and safe at all times.

Avast, a free anti-virus software provider, which is being used by millions around the world, has admitted to selling " highly sensitive" web browsing data via a subsidiary company called Jumpshot.


Investigations done by Vice and PC Mag had reported that Avast had been harvesting the web browsing data habits from its hundreds of millions of customers to supply some of the world’s biggest firms.


Soon after the reports came out, Czech authorities bounce into action, to start an investigation of their own. The investigation found that the anonymized web history data could then be traced back to individual users. Avast via Jumpshot was tasked with selling the user data from millions of devices to major brands and e-commerce providers.


Shares in Avast tanked after reports of sale of user data surfaced.


Recap on the Avast's Malefactions


Jumpshot, a US-based marketing company was purchased by Avast back in 2013.


The Czech-based anti-virus giants scraped data from the software it provides to customers and handed the information to the marketing subsidiary Jumpshot, which then repackaged the information and sold it for millions of dollars.


Even though Avast required users to opt into this data sharing, the investigation found many were unaware Jumpshot was then selling on their data. The revelations emerged following a joint investigation by trade publications Motherboard and PCMag.


The data sold include Google searches, Google Maps location searches, activity on companies’ LinkedIn pages, YouTube visits and data on people visiting porn websites.


Avast did not deny the allegations and said it had moved to stop the data-sharing practices.


READ MORE: Privacy experts Skeptical of proposed data protection agency


What the Latest on it?


The expose has led to the Czech data protection authority starting up an investigation into Avast and its activities. In an official statement, the company has said that it has initiated a preliminary investigation of the case based on the information revealed.


At the moment we are collecting information on the whole case. There is a suspicion of a serious and extensive breach of the protection of users’ personal data. Based on the findings, further steps will be taken and general public will be informed in due time.

- Ivana Janu, President, Czech Office for Personal Data Protection.


Lessons for Information Security

The story raises several serious questions about the ethics of processing and selling data. It also stands as a lesson on information security for consumers and calls for them to ensure that their data is protected and safe at all times.


It is an unfortunate fact that in this day and age, consumers must be wary of who they trust with their data. When the antivirus companies are the bad guy, it’s difficult to see who is good. The best course of action is to constantly ensure that your personal data stays secure. This can be done by managing preferences on websites, but when it comes to software as a service (SaaS) it becomes even more sinister and we must be even more wary.

-Robert Ramsden-Board, VP EMEA, Securonix

“As the saying goes, if you're not paying for the product, then you are the product. That wisdom certainly proved true in this case. AVG and Avast abused users' trust and put them at risk, which could well be a death sentence for a business that users rely on for protection,” said Paul Bischoff, a privacy advocate at Comparitech.com, while talking about users preferring to use free anti-virus versions even though availability of paid products by both Avast and AVG.



Boris Cipot, a senior security engineer at Synopsys, while talking about the recent developments and the seriousness amongst the authorities regarding to GDPR said, “I just wonder how many of such cases will need to be uncovered before this type of data trafficking stops and we can finally rest assured that the companies we trust with our data will not reuse it, or in some cases even misuse it.”


Avast's wrongdoings are what many privacy and security experts have long warned about: Attempts to deanonymize data sets. Even data that has been purportedly made anonymous can still often be linked back to individual users. It also highlights a continuing gulf between increasingly strict data protection regulations and user expectations.


Is your anti-virus spying on you?


READ MORE: 3 trends in Data privacy breach laws that will carry over to 2020

Spotlight

Cyberattacks may be the biggest risk that global businesses are unprepared for  Record numbers of data breaches have driven large organizations to increase spending on security at twice the rate of other information technology during the past several years, according to market-growth studies by Gartner, IDC and others that predict growth of between 4.7 percent and 9.9 percent during the next five to seven years.


Other News
ENTERPRISE SECURITY

M.C. Dean launches Enterprise Security SaaS

M.C. Dean | March 25, 2022

M.C. Dean, a leader in cyber-physical solutions and systems integrator for enterprise-class security systems, today announced the launch of its Enterprise Security software as a service (SaaS) on AWS commercial and GovCloud. "Our Enterprise Security SaaS offering provides integrated access control, intrusion detection, and video surveillance managed services with the ease, flexibility, and resiliency of the cloud." Eric Dean, M.C. Dean chief technology officer M.C. Dean's fully managed Enterprise Security SaaS runs on high availability AWS Cloud with leading commercial-off-the-shelf security systems combined with 24x7x365 service monitoring and customer support. The service supports web-based and client software access with enterprise-level system integrations such as single sign-on and standard or custom options. Flexible & Resilient: Benefit from cloud-enabled system self-restoration and managed database capabilities. Automated deployments can build and rebuild systems within seconds. Active directory integrations provide secure, seamless access. Take advantage of centralized support for low-cost, high-performance nationwide installation and maintenance. Highly Secure: Enterprise Security SaaS is designed to meet FedRAMP, FICAM, and other industry requirements. Keep application data separate and secure while accelerating cybersecurity authorizations for commercial and government clients. Time & Cost Effective: Replace costly CapEx with utility-based pricing and immediate availability. Streamline setup costs and timelines, while reducing the price per site and device. About M.C. Dean M.C. Dean is Building Intelligence®. We design, build, operate, and maintain cyber-physical solutions for the nation's most recognizable mission-critical facilities, secure environments, complex infrastructure, and global enterprises. The company's capabilities include electrical, electronic security, telecommunications, life safety, automation and controls, audio visual, and IT systems. M.C. Dean is headquartered in Tysons, Virginia and employs more than 5,100 professionals who engineer and deploy automated, secure, and resilient power and technology systems; and deliver the management platforms essential for long-term system sustainability.

Read More

PLATFORM SECURITY

Red Sift Partners with SMX to Provide End-to-End Cloud Email Security to Organizations in Australia and New Zealand

Red Sift | May 09, 2022

Red Sift, provider of the only integrated cloud email security and brand protection platform, today announced a strategic partnership with SMX, the cybersecure email specialist, to help enterprises in Australia and New Zealand strengthen their email security posture and threat protection. Through this exclusive arrangement, Red Sift’s best-in-class Reporting Platform integrates with SMX’s new Domain Protection Service (DPS) to deliver a new joint DMARC implementation offering, helping customers improve email threat monitoring and agility in responding to threats. Red Sift and SMX will be showcasing their joint offering at AusCERT 2022 in Broadbeach, Australia, May 10-13 (booth #B19). SMX’s DPS service enables enterprises to maintain an effective DMARC implementation, using Red Sift’s best-in-class Reporting Platform to identify, quantify, and respond in real-time to dynamic threats. Red Sift’s real-time reporting provides vital data that allows SMX to deliver their expertise in refining the security profile and manage SMX DPS deployments effectively across an enterprise’s domains. SMX’s expertise, coupled with Red Sift’s reporting capabilities, provides the level of agility and monitoring required to keep up with today’s email threat landscape. “Every company in Australasia has a unique threat environment and clients increasingly want a region-specific, locally designed and supported approach to cyber security,” says Richard Fraser, CEO of SMX. “Our DMARC managed service, DPS, made possible through this strategic partnership with Red Sift, provides clients with the tailored protection profile required to respond in real-time to dynamic threats, and will enhance email cyber-security throughout Australia and New Zealand.” According to Gartner, 90% of the Global 2000 will have DMARC in place by 2026. As email threats continue to evolve and become increasingly complex, it is more important now than ever before that enterprises establish a streamlined and sustainable DMARC implementation process that can be easily updated to reflect today’s dynamic digital environment. With the Red Sift and SMX partnership, enterprises now have access to an end-to-end email threat monitoring service, powered by real-time reporting with actionable insights that enable them to maximize their agility in quantifying and responding to threats. As a result, customers have greater confidence in their DMARC implementation and overall email security posture. “SMX shares our mission to provide enterprises with the solutions necessary to proactively protect their business and brand reputation from email security threats, rather than ‘mopping up’ after an attack. Our partnership with SMX enables us to help more organizations in Australia and New Zealand strengthen their DMARC implementations, and we’re excited to continue to scale globally in partnership with SMX.” Cameron McLean, Regional Manager, Asia Pacific, Red Sift Experts from Red Sift and SMX will be on hand at booth #B19 at AusCERT 2022 to showcase their joint DMARC managed service for enterprises. About Red Sift Red Sift enables security-first organizations to successfully communicate with and ensure the trust of their employees, vendors and customers. As the only integrated cloud email and brand protection platform, Red Sift automates BIMI and DMARC processes, makes it easy to identify and stop business email compromise, and secures domains from impersonation to prevent attacks. Founded in 2015, Red Sift is a global organization with international offices in the UK, Spain, Australia, and North America. It boasts a client base of all sizes and across all industries, including Wise, Telefonica, Pipedrive, ITV, Dominos, and top global law firms. Find out how Red Sift is delivering actionable cybersecurity insights to its global customers at redsift.com. About SMX SMX is a cyber security company with specialist expertise in email. It’s all we do. That means you get local expertise to help you secure your organisation’s email. And when you protect your email, you’re also protecting your brand reputation. For more than 17 years, our in-house development team has been delivering that to hundreds of public and private sector businesses, offering training, support and the latest in tech solutions.

Read More

DATA SECURITY

Dataprise Expands its DRaaS and Data Protection Offerings with Acquisition of Industry Leader Global Data Vault

Dataprise | January 18, 2022

Dataprise, a leading strategic IT managed service provider, today announced the acquisition of Global Data Vault, a leader in Disaster-Recovery-as-a-Service (DRaaS), Backup-as-a-Service (BaaS) and modern data protection solutions. The addition of Global Data Vault creates one of the industry's broadest portfolios of integrated data protection and cybersecurity offerings to solve client's toughest business resilience, risk mitigation and compliance challenges. "Clients turn to Dataprise to be their one strategic IT partner, which requires we bring the broadest portfolio of services powered by the best technology and deepest expertise. Today, the mandate for a holistic cybersecurity and data protection strategy is a top priority for our clients, Global Data Vault is a powerful addition as they bring industry leading cloud-based data protection solutions that bolster our premier cybersecurity portfolio, top-notch employees, a strong Veeam partnership, and relentless focus on client success." Steve Lewis, CEO of Dataprise Founded in 2004, Global Data Vault is a recognized leader in the BaaS and DRaaS industry and holds the distinction of being a Platinum Veeam Cloud & Service Provider. Global Data Vault's mission is to protect organizations' critical data with modern data protection strategies to ensure business continuity and eliminate downtime. Headquartered in Dallas, TX, Global Data Vault protects hundreds of clients across the United States, Canada, and the United Kingdom. "Our clients are facing new challenges driven by dramatic changes in the cybersecurity threat landscape and evolution of IT strategies including cloud adoption," said Anthony Galley, Chairman of Global Data Vault. "Dataprise has an enviable portfolio of cybersecurity, managed IT services, and cloud services that enhance the value of our modern data protection and DRaaS offerings. Together with Dataprise we are perfectly positioned to provide our clients even greater value." "We're excited for the opportunity that joining Dataprise presents for our clients, employees and partners. We now have a much broader set of services, capabilities and resources all aimed at protecting client data and ensuring business continuity," said Will Baccich, CEO of Global Data Vault. This marks Dataprise's second acquisition as the company executes on its strategy to build the broadest managed services portfolio and give clients one strategic IT partner to solve it all. The recent acquisition of Wireless Watchdogs added a comprehensive Mobility Managed Services (MMS) and Mobile Device Management (MDM) portfolio aimed at solving mobile device, Internet of Things (IoT) and endpoint management challenges. About Dataprise Founded in 1995, Dataprise believes that technology should enable our clients to be the absolute best at what they do. This commitment to client success is why Dataprise is recognized as the premier strategic managed service and security partner to strategic CIOs and IT leaders across the United States. Dataprise delivers best-in-class managed cybersecurity, disaster recovery as a service (DRaaS), managed infrastructure and managed end-user services that transform business, enhance user experiences, and eliminate risks.

Read More

DATA SECURITY

HackNotice Releases First-Ever Combined Security and Threat Awareness Service for Free

HackNotice | February 07, 2022

HackNotice, the world's leading threat awareness company, announced the first-ever security and threat awareness combined service, accessible to new and existing users. The added security awareness training course enables individuals to deepen their understanding of good cyber hygiene practices. The course offers 50 training videos, a security exam, and a certification. Cybersecurity training is mostly offered to company employees, often costing hundreds of thousands of dollars for intensive, week-long seminars and lectures. However, having good security awareness is vital for any individual. The newly released self-paced course ensures that anyone online can learn good cyber practices. "What makes the combined service great is that our threat modeling and security awareness course work together. When someone faces a large amount of personal information exposure, we recommend more phishing training. When someone has several passwords stolen, we have them focus on our password training. Now, users can receive the critical training that they need instantly, tailored to their specific risks," Steve Thomas, CEO, and Co-Founder of HackNotice For customers of HackNotice Teams, HackNotice's security and threat awareness service, the new course is an excellent addition for companies looking to strengthen their enterprises' security programs. Quick, in-the-moment, lessons are a perfect way to engage employees and business departments within the organization. Clients can also access dynamic reports to see user and departmental progress, and areas of improvement. About HackNotice Hacknotice is the only company-wide threat awareness platform, making employees more cautious online. Users monitor, review, and take swift actions against their real cyber-threats. The platform focuses on bridging the gap between security teams and other employees through real-time alerts, around-the-clock monitoring, recovery recommendations, and additional education. HackNotice's mission is to make all employees threat aware, creating a resilient culture of security.

Read More

Spotlight

Cyberattacks may be the biggest risk that global businesses are unprepared for  Record numbers of data breaches have driven large organizations to increase spending on security at twice the rate of other information technology during the past several years, according to market-growth studies by Gartner, IDC and others that predict growth of between 4.7 percent and 9.9 percent during the next five to seven years.

Resources