Direct-to-consumer DNA testing services have grown in popularity in recent years. By now there is no doubt that consumer DNA testing is here to stay, but we still need to ponder: Is the digitization of our DNA the safe thing to do?
If you consider that your DNA is the ultimate personally identifying information (PII), its dark web street value could be sky high. How would you feel if your DNA was suddenly out there on the dark web, free for the taking? And now that we have seen the first mega breach in the sector, what are the implications?
Read more about the security implications of DNA services on Forbes.
GDPR is now six months old – it’s time to take an assessment of the regulation’s impact so far. At first blush it would appear very little has changed. There are no well-publicized actions being taken against offenders. No large fines levied. So does this mean its yet another regulation that will be ignored? Actually nothing could be farther from the truth.
GDPR is a much-evolved form of European regulation allowing data subjects to file suits against data collectors whom they believe are violating their rights. The day GDPR came into law complaints were filed by data subjects against Facebook and Google. This battle is going to be fought in 28 EU countries courts much sooner than in their Data Protection commissioners ministries who enforce the law and handout fines for violations.
McAfee released its Cloud Adoption and Risk Report, which analyzed billions of events in anonymized customers production cloud use to assess the current state of cloud deployments and to uncover risks. The report revealed that nearly a quarter of the data in the cloud can be categorized as sensitive, putting an organization at risk if stolen or leaked.
The study found that while organizations aggressively use the public cloud to create new digital experiences for their customers, the average enterprise experiences more than 2,200 misconfiguration incidents per month in their infrastructure-as-a-service (IaaS) and platform-as-a-service (PaaS) instances.
There are two types of organizations: those that have been compromised and know it, and those that have been compromised and don’t know it. That (and the anxiety of whether data is being stolen or changed) keeps CIOs awake at night. As recent ransomware attacks are making news globally for their mounting costs, it’s obvious that once they’ve been hacked, these organizations discover there are deeper problems in their infrastructure or security hygiene that ransomware has exploited.
Avoiding ransomware problems boils down to three basic approaches that apply in general to both private and public sector organizations: good cyber hygiene and user training, best practices, and routine testing of backup and recovery plans.
Read more about how to reduce the threat of ransomware on DarkReading.
Businesses worldwide face a sense of creeping dread and imminent disruption due to the threat of cybercrime. Nowadays, they are more prone than ever to terrors such as malware hijacking browsers to sniff or intercept application authentication credentials. Then there are the strains of malware that target financial logins to menace both browser and mobile clients.
There’s no way around it. Getting your cybersecurity posture right is the only way to stay safe. Get it wrong, however, and you’ll get the fright of your life in the shape of EU’s General Data Protection Regulation (GDPR) enforcement. There is definitively nowhere to hide this Halloween if you’re breached or fall short of tightening compliance expectations.
Read about the cybercrime threat and about the preventative measures you can take to improve your security posture and safeguard your employees’ applications and sensitive data on Information Security Buzz.
There is a broad spectrum of cybersecurity preparedness on the enterprise landscape, but even organizations that are relatively well-resourced and committed to cybersecurity stand to benefit from cybersecurity audits. Recent audit findings revealed gaps in the Washington Metropolitan Area Transit Authority’s cybersecurity posture, while deficiencies were similarly pinpointed in an audit of the Michigan Department of Technology, Management and Budget.
There is no question that, in many cases, earlier and expanded input from auditors would have helped organizations that have suffered high-profile cyberattacks from sifting through the financial and reputational damage that ensued.
Read more about the importance of cybersecurity audits on DarkReading.
In 2018, the average cost of a data breach is more than $3.75 million, and experts expect this number to rise in the coming years. This staggering—and potentially catastrophic—cost per incident is why implementing proper security practices is so important, so it is vital that enterprises both large and small understand how to secure their IT environments successfully.
So, what should you be measuring when it comes to your security program? As the old saying goes: If you can’t measure it, you can’t manage it.
Read about four Key Performance Indicators (KPIs) that can help enterprises navigate the murky waters of cybersecurity and reduce anxiety surrounding the possibility of cyber attacks, on Help Net Security.
The idea of using the internet to commit crimes isn’t new, but the problem continues to grow as people become more reliant on the internet for making purchases and storing personal information. Just as you’d take steps to defend yourself from crime in a major city, you should do so while using the internet. Sometimes, avoiding a questionable areas isn’t enough.
To help you out, Cloudwards has published a new guide to cybercrime that explores the most potent threats on the internet today.
Read the full overview of the common kinds of cybercrime, which includes real-world examples and suggest tools you can use to protect yourself, on Cloudwards.
This year we’ve seen massive malware attacks spanning from nation state campaigns originating in North Korea and Russia to popular restaurants and everything in between. Each new incident serves as a grim reminder to business leaders that hackers will not relent. Yet with cloud adoption growing rapidly in the enterprise, the odds of a malware infection spreading and leading to a potential breach are increasing.
According to a study conducted by the Ponemon Institute, almost 90 percent of businesses believe an increase in cloud usage will increase the probability of a data breach – and this trend isn’t going away anytime soon.
“Managing risk is one of the most, if not the most important, functions in an organization,” says Tony Martin-Vegue, enterprise security management strategist for LendingClub, a peer-to-peer lending company based in San Francisco. “It’s really important to have a structured, formalized process for measuring risk, managing risk, and the entire remediation process.”
Large organizations will have teams dedicated to assessing and re-assessing risk on a regular basis. Small organizations may lack the team, but they will not lack the need to understand what risks IT faces and how those risks are reflected in the rest of the business units.
Read about seven steps that apply to a variety of frameworks — and that are applicable no matter where the risk assessment process takes your organization, on DarkReading.