Data breaches, Education, Exercises and Security

2022 Cyber Security Review of the Year

IT Governance

DECEMBER 20, 2022

Although there have still been a few surprises, with the death of Queen Elizabeth II and blazing heatwaves across the UK to name but two, it was a familiar year in the cyber security landscape. Cyber criminals continued to wreak havoc, with the likes of Twitter , Uber and Neopets all reporting mammoth data breaches.

Security

Security Data breaches Ransomware Military

Mapping the threat: an insight into data breaches across Europe

Thales Cloud Protection & Licensing

MAY 29, 2018

According to Thales eSecurity’s latest Data Threat Report, European Edition , almost three in four businesses have now fallen victim to some of the world’s most significant data breaches, resulting in a loss of sensitive data and diminished customer trust. Where the hazard really lies.

Data breaches

Data breaches Risk GDPR Education

4 of the 5 top causes of data breaches are because of human or process error

IT Governance

JANUARY 30, 2018

Although data breaches as a result of cyber attacks get all the press, it is often negligence or a lack of basic processes, policies and procedures that result in data breaches. The Information Commissioner’s Office (ICO) compiles quarterly statistics about the main causes of reported data security incidents.

Data breaches

Data breaches Security awareness Education Security

Webinars

Peak Performance: Continuous Testing & Evaluation of LLM-Based Applications

MORE WEBINARS

GUEST ESSAY: Top 5 cyber exposures tied to the rising use of international remote workforces

The Last Watchdog

AUGUST 23, 2021

With many employees now working remotely, securing company data isn’t as straightforward as it used to be. International workforces can be an excellent way to find top talent, but they can introduce unique security risks. Inconsistent data regulations. If any of these are security-related, it can be a cybersecurity risk.

Communications

Communications Cybersecurity GDPR Risk

Tips for Gamifying Your Cybersecurity Awareness Training Program

Security Affairs

NOVEMBER 29, 2022

In today’s technological world, educating people about cybersecurity awareness is an absolute necessity. According to one report , 82% of data breaches involved the human element, from social attacks to misuse of technologies. While cybersecurity awareness training can take many forms, most training programs are computer-based.

Cybersecurity

Cybersecurity Data breaches Education Phishing

Ways to Develop a Cybersecurity Training Program for Employees

Security Affairs

APRIL 15, 2022

Cybersecurity experts would have you believe that your organization’s employees have a crucial role in bolstering or damaging your company’s security initiatives. According to another study by CybSafe, human errors have been responsible for over 90% of data breaches in 2020. Customize Your Security Training.

Cybersecurity

Cybersecurity Data Privacy Data breaches Privacy

What is a phishing simulation?

IBM Big Data Hub

AUGUST 9, 2023

A phishing simulation is a cybersecurity exercise that tests an organization’s ability to recognize and respond to a phishing attack. Because even the best email gateways and security tools can’t protect organizations from every phishing campaign, organizations increasingly turn to phishing simulations.

Phishing

Phishing Security awareness Analytics Cybersecurity

Fixing Data Breaches Part 2: Data Ownership & Minimisation

Troy Hunt

DECEMBER 19, 2017

Yesterday, I wrote the first part of this 5-part series on fixing data breaches and I focused on education. The next few parts of this series all focus on cures - how do we fix data breaches once bad code has already been written or bad server configurations deployed? " I don't know what's in those 42 pages.

Data breaches

Data breaches Personal data GDPR Data collection

Insider Trading Charges Brought Against CIO for Post-Breach Trading

Hunton Privacy

MARCH 14, 2018

On March 14, 2018, the Department of Justice and the Securities and Exchange Commission (“SEC”) announced insider trading charges against a former chief information officer (“CIO”) of a business unit of Equifax, Inc.

Cybersecurity

Cybersecurity Data breaches Sales Education

France: The CNIL publishes a practical guide on Data Protection Officers

DLA Piper Privacy Matters

NOVEMBER 29, 2021

Among the organizations that have designated a DPO, the most represented sectors are, unsurprisingly, the public administration, education and health sectors. Such figures evidence the success of “mutualized” DPOs designated by two or more organizations. The Guide is composed of four main Parts : I. Provide information and advice.

GDPR

GDPR Compliance Personal data Communications

China Issues Draft of Personal Information Protection Law

Hunton Privacy

OCTOBER 27, 2020

China’s Cybersecurity Law, Data Security Law (draft) and Draft PIPL constitute three fundamental laws on cybersecurity and data protection. The definition includes information that can identify data subjects as well as information that is related to the data subjects. Seven Principles for Data Processing.

Cybersecurity

Cybersecurity Data breaches Personal data Government

7 Best Email Security Software & Tools in 2023

eSecurity Planet

OCTOBER 6, 2023

That makes email security software a worthwhile investment for organizations of all sizes. We analyzed the market for email security tools and software to arrive at this list of 7 top email security solutions, including their standout features, limitations and ideal use cases, followed by issues prospective buyers should consider.

Security

Security Phishing Compliance Cybersecurity

New SEC Cybersecurity Rules Could Affect Private Companies Too

eSecurity Planet

SEPTEMBER 23, 2022

Securities and Exchange Commission (SEC) strongly advised public companies to improve their cybersecurity. While the new security proposals have not yet become law, cybersecurity managers can begin to prepare metrics and audits that will not only help comply with those laws, but can also help create positive change now.

Cybersecurity

Cybersecurity Compliance Risk Communications

California Enacts Broad Privacy Laws Modeled on GDPR

Data Matters

JUNE 29, 2018

It was also the first to enact data breach notification legislation, which all other states have now followed. identifiers such as a real name, alias, postal address, unique personal identifier, online identifier, internet protocol address, email address, account name, Social Security number, driver’s license number or passport number.

GDPR

GDPR Privacy Sales Data breaches

Top 12 Firewall Best Practices to Optimize Network Security

eSecurity Planet

DECEMBER 10, 2023

The consistent implementation of firewall best practices establish a strong defense against cyber attacks to secure sensitive data, protect the integrity and continuity of business activities, and ensure network security measures function optimally.

Security

Security Education Access Risk

Expert Insight: Cliff Martin

IT Governance

NOVEMBER 28, 2023

Before that, he taught computer systems and network technologies in further and higher education. Now, Cliff supports clients with their cyber security requirements, helping them prevent and manage cyber incidents. Why do you think we’re seeing this problem of financial entities, and other organisations, not being secure on their own?

Risk

Risk Compliance Government Security

California Enacts Broad Privacy Protections Modeled on GDPR

Data Matters

JUNE 29, 2018

It was also the first to enact data breach notification legislation, which all other states have now followed. identifiers such as a real name, alias, postal address, unique personal identifier, online identifier, internet protocol address, email address, account name, Social Security number, driver’s license number or passport number.

GDPR

GDPR Privacy Sales Data breaches

When Accounts are "Hacked" Due to Poor Passwords, Victims Must Share the Blame

Troy Hunt

NOVEMBER 7, 2018

The first one was about HSBC disclosing a "security incident" which, upon closer inspection, boiled down to this: The security incident that HSBC described in its letter seems to fit the characteristics of brute-force password-guessing attempts, also known as a credentials stuffing attack.

Passwords

Passwords Education Data breaches Security

If You’re a Cloud Provider or Consumer, Consider These Guidelines on How to Conduct Yourself in Europe: eDiscovery Best Practices

eDiscovery Daily

NOVEMBER 26, 2017

While we were preparing to eat turkey and stuff ourselves with various goodies last week, the Cloud Security Alliance (CSA) provided an important guideline for compliance with the European Union General Data Protection Regulation (GDPR).

Cloud

Cloud GDPR Personal data Compliance

California Privacy Law Overhaul – Proposition 24 Passes

Data Matters

NOVEMBER 4, 2020

This new category includes certain government-issued identifications (such as social security, driver’s license, or passport numbers), account login information, mail and email contents, or data pertaining to precise geolocation, racial origin, religious affiliations, genetics, biometrics, consumer health, and sexual orientation data.

Privacy

Privacy B2B Sales Data breaches

How to Prevent Malware: 15 Best Practices for Malware Prevention

eSecurity Planet

OCTOBER 24, 2023

The stakes are even higher for businesses, government and other organizations, as successful attacks can be devastating to operations and sensitive data. Exercise Caution with Emails The first two items on this list could be lumped together with a single warning: Don’t click. These scans can detect and eliminate hidden malware.

Passwords

Passwords Encryption Authentication Phishing

Assessing the Impact of the Barbados’ Proposed Data Protection Bill on the Barbadian Private Sector

Data Matters

SEPTEMBER 24, 2019

Necessity : Personal data must be adequate, relevant and necessary in relation to the purposes for which they are processed. Accuracy : Personal data must be accurate and, where necessary, kept up-to-date. Retention : Personal data must not be kept for longer than is necessary. Mandatory data breach notification.

Personal data

Personal data GDPR Data Privacy Privacy

What Is a SaaS Security Checklist? Tips & Free Template

eSecurity Planet

APRIL 9, 2024

SaaS security checklists are frameworks for protecting data and applications in cloud-based environments. They serve as benchmarks for upholding strong security requirements, evaluating existing tools, and assessing potential solutions. Common threats include misconfigurations, cross-site scripting attacks, and data breaches.

Security

Security Compliance Cybersecurity Communications

The Week in Cyber Security and Data Privacy: 27 November – 3 December 2023

IT Governance

DECEMBER 5, 2023

At the end of each month, these incidents – and any others that we find – will be used to inform our monthly analysis of data breaches and cyber attacks. The security researcher Bob Diachenko of SecurityDiscovery first identified the exposed information in mid-September. Data breached: over 300 million records.

Data Privacy

Data Privacy Privacy Manufacturing Retail

The Good, Bad, And The Ugly: Key Takeaways From California’s New Privacy Law

Privacy and Cybersecurity Law

NOVEMBER 9, 2018

California law also requires businesses that suffer a breach of security to disclose the breach to consumers, and in some instances law enforcement, if sensitive information is compromised. This page will enable consumers to exercise the right to opt-out of the sale of their personal information.

Privacy

Privacy Sales Education Compliance

California Governor Signs into Law Bills Updating the CPRA and Bills Addressing the Privacy and Security of Genetic and Medical Data, Among Others

Hunton Privacy

OCTOBER 14, 2021

During the week of October 4, 2021, California Governor Gavin Newsom signed into law bills amending the California Privacy Rights Act of 2020 (“CPRA”), California’s data breach notification law and California’s data security law. Genetic Data: California Data Breach Notification and Data Security Law Amendment Bill.

Privacy

Privacy Insurance Security Data breaches

The Good, Bad, And The Ugly: Key Takeaways From California’s New Privacy Law

Privacy and Cybersecurity Law

NOVEMBER 8, 2018

California law also requires businesses that suffer a breach of security to disclose the breach to consumers, and in some instances law enforcement, if sensitive information is compromised. This page will enable consumers to exercise the right to opt-out of the sale of their personal information.

Privacy

Privacy Sales Compliance Cybersecurity

eDiscovery and the GDPR: Ready or Not, Here it Comes, Part Four: eDiscovery Best Practices

eDiscovery Daily

DECEMBER 10, 2017

In preparing for GDPR, all companies should start by doing the following: Determine Their Role Under the GDPR: Any organization that decides on why and how personal data is processed is essentially a “data controller”, regardless of geographic location. Identify all privacy-related data. Analyze all privacy-related data.

GDPR

GDPR e-Discovery IT Compliance

The Week in Cyber Security and Data Privacy: 29 January – 4 February 2024

IT Governance

FEBRUARY 6, 2024

38,846,799 known records breached in 140 publicly disclosed incidents Welcome to this week’s global round-up of the biggest and most interesting news stories. At the end of each month, these incidents – and any others that we find – will be used to inform our monthly analysis of data breaches and cyber attacks.

Data Privacy

Data Privacy Privacy Insurance Security

US: In Washington State’s landmark facial recognition law, public sector practices come under scrutiny and regulation

DLA Piper Privacy Matters

APRIL 23, 2020

These are defined as “decisions that result in the provision or denial of financial and lending services, housing, insurance, education enrollment, criminal justice, employment opportunities, health care services, or access to basic necessities such as food and water, or that impact civil rights of individuals.”

Privacy

Privacy Government Insurance IT

GUEST ESSAY: Leveraging best practices and an open standard to protect corporate data

The Last Watchdog

MARCH 21, 2022

At the same time – in fact, as a direct result of data’s central importance – more adversaries are working harder and finding more nefarious ways to steal or otherwise compromise your data. As just one measure, the number of data breaches in the first nine months of 2021 exceeded all those in 2020, a new record.

Encryption

Encryption Cloud Privacy GDPR

Intro to phishing: simulating attacks to build resiliency

Security Affairs

APRIL 21, 2023

Phishing-borne threats IBM’s 2022 Data Breach report highlighted how effective phishing-based attacks have become, being the second leading cause of cybersecurity incidents globally, by using a sample instance that affected hundreds of international entities.

Phishing

Phishing Security awareness Passwords Education

FTC Consumer Protection Head Shares New Vision for Consumer Privacy

Hunton Privacy

SEPTEMBER 30, 2010

Mr. Vladeck began by reminding the audience that the FTC is aggressively enforcing on privacy and data security matters, having brought 29 cases to date. He stressed the importance of practicing good data hygiene from the beginning, with a focus on information security and data minimization.

Privacy

Privacy Data collection Data breaches Access

The Hacker Mind Podcast: So You Want To Be A Pentester

ForAllSecure

FEBRUARY 23, 2021

In a few minutes I’m going to talk to a pentester who’s written a book that can help take your current skills as a sys admin and security engineer and turn them into skills needed to become a great digital pentester. You want to see if they can penetrate your security, and cause it to break in some way. I mean really?

Security

Security IT Education Communications

The Hacker Mind Podcast: So You Want To Be A Pentester

ForAllSecure

FEBRUARY 23, 2021

In a few minutes I’m going to talk to a pentester who’s written a book that can help take your current skills as a sys admin and security engineer and turn them into skills needed to become a great digital pentester. You want to see if they can penetrate your security, and cause it to break in some way. I mean really?

Security

Security IT Education Communications

Cybersecurity Awareness Month: The value of cyber hygiene in protecting your business from potential ransomware

Thales Cloud Protection & Licensing

SEPTEMBER 30, 2021

The line between our online and offline lives is blurring and in a highly interconnected world, societal well-being, economic prosperity, and national security are impacted by the internet. This is the only way to keep people safe from attacks on their data, personal information, finances, and infrastructure. BeCyberSmart.”.

Ransomware

Ransomware Cybersecurity Encryption Education

Operationalizing responsible AI principles for defense

IBM Big Data Hub

FEBRUARY 22, 2024

Artificial intelligence (AI) is transforming society, including the very character of national security. AI literacy is a must-have for security It’s important that personnel know how to deploy AI to improve organizational efficiencies. Data interpretation takes practice and is an interdisciplinary effort.

Artificial Intelligence

Artificial Intelligence Metadata Military Government

What it Takes to Be Your Organisation’s DPO or Data Privacy Lead

IT Governance

DECEMBER 6, 2023

As privacy professionals, we see consumers exercising their rights to withdraw consent to their data being processed via ‘opt out’ or ‘unsubscribe’ buttons, for example. You can design your data privacy systems such that they meet all these legal requirements. Quality DPO training educates and prepares the person for the role.

Data Privacy

Data Privacy Privacy GDPR IT

Ireland: DPC Annual Report 2020: Enforcement & Transfers Dominate Agenda

DLA Piper Privacy Matters

MARCH 4, 2021

In contrast, only 70 valid data breach notifications were received under the ePrivacy Regulations and 25 notifications under the Law Enforcement Directive. Around 60% of the data breaches notified occurred in the private sector. Data Protection Officers. support with refresher training and awareness programmes.

GDPR

GDPR Compliance Data breaches Marketing

Our Data Governance Is Broken. Let’s Reinvent It.

John Battelle's Searchblog

JANUARY 25, 2019

Most of my career has been spent evangelizing the power of technology to positively transform business, education, and politics. First, Data. Big data, data breaches, data mining, data science…Today, we’re all about the data. Let The Data Flow. And second… Governance.

Government

Government IT Marketing ROT

CyberheistNews Vol 13 #17 [Head Start] Effective Methods How To Teach Social Engineering to an AI

KnowBe4

APRIL 25, 2023

Security researchers are jailbreaking large language models to get around safety rules. Soon, the CEO of security firm Adversa AI had GPT-4 spouting homophobic statements, creating phishing emails, and supporting violence." Security Culture Benchmarking feature lets you compare your organization's security culture with your peers NEW!

Insurance

Insurance Security awareness Phishing Ransomware

CyberheistNews Vol 13 #15 [The New Face of Fraud] FTC Sheds Light on AI-Enhanced Family Emergency Scams

KnowBe4

APRIL 11, 2023

Share with friends, family and co-workers: [link] A Master Class on IT Security: Roger A. Grimes, Data-Driven Defense Evangelist at KnowBe4. This puts the onus on cybersecurity solutions and the users themselves, as the only additional means to keep the org secure. Full text of the alert is at the FTC website.

Passwords

Passwords Phishing Ransomware Security awareness

White House Urgent Warning: Act Now to Protect Against Potential Russian Cyberattacks

Data Matters

MARCH 22, 2022

According to Anne Neuberger, the Deputy National Security Advisor for Cyber and Emerging Technology, Russia has been conducting “preparatory activities”, which she said could include scanning of websites and hunting for software vulnerabilities. Deploy modern security tools to look for and mitigate threats. Encrypt data.

Cybersecurity

Cybersecurity Privacy Education Encryption

Jamaica’s New Privacy Protection Bill

Data Matters

NOVEMBER 21, 2017

On 10 October 2017, Jamaica introduced into its House of Parliament a comprehensive Bill for privacy and data protection, entitled “An Act to Protect the Privacy of Certain Data and for Connected Matters.” If passed, the new law will be named the “Data Protection Act, 2017.” .

Privacy

Privacy Personal data Compliance Data breaches

2022 Cyber Security Review of the Year

Mapping the threat: an insight into data breaches across Europe

Webinars

Trending Sources

4 of the 5 top causes of data breaches are because of human or process error

Webinars

GUEST ESSAY: Top 5 cyber exposures tied to the rising use of international remote workforces

Tips for Gamifying Your Cybersecurity Awareness Training Program

Ways to Develop a Cybersecurity Training Program for Employees

What is a phishing simulation?

Fixing Data Breaches Part 2: Data Ownership & Minimisation

Insider Trading Charges Brought Against CIO for Post-Breach Trading

France: The CNIL publishes a practical guide on Data Protection Officers

China Issues Draft of Personal Information Protection Law

7 Best Email Security Software & Tools in 2023

New SEC Cybersecurity Rules Could Affect Private Companies Too

California Enacts Broad Privacy Laws Modeled on GDPR

Top 12 Firewall Best Practices to Optimize Network Security

Expert Insight: Cliff Martin

California Enacts Broad Privacy Protections Modeled on GDPR

When Accounts are "Hacked" Due to Poor Passwords, Victims Must Share the Blame

If You’re a Cloud Provider or Consumer, Consider These Guidelines on How to Conduct Yourself in Europe: eDiscovery Best Practices

California Privacy Law Overhaul – Proposition 24 Passes

How to Prevent Malware: 15 Best Practices for Malware Prevention

Assessing the Impact of the Barbados’ Proposed Data Protection Bill on the Barbadian Private Sector

What Is a SaaS Security Checklist? Tips & Free Template

The Week in Cyber Security and Data Privacy: 27 November – 3 December 2023

The Good, Bad, And The Ugly: Key Takeaways From California’s New Privacy Law

California Governor Signs into Law Bills Updating the CPRA and Bills Addressing the Privacy and Security of Genetic and Medical Data, Among Others

The Good, Bad, And The Ugly: Key Takeaways From California’s New Privacy Law

eDiscovery and the GDPR: Ready or Not, Here it Comes, Part Four: eDiscovery Best Practices

The Week in Cyber Security and Data Privacy: 29 January – 4 February 2024

US: In Washington State’s landmark facial recognition law, public sector practices come under scrutiny and regulation

GUEST ESSAY: Leveraging best practices and an open standard to protect corporate data

Intro to phishing: simulating attacks to build resiliency

FTC Consumer Protection Head Shares New Vision for Consumer Privacy

The Hacker Mind Podcast: So You Want To Be A Pentester

The Hacker Mind Podcast: So You Want To Be A Pentester

Cybersecurity Awareness Month: The value of cyber hygiene in protecting your business from potential ransomware

Operationalizing responsible AI principles for defense

What it Takes to Be Your Organisation’s DPO or Data Privacy Lead

Ireland: DPC Annual Report 2020: Enforcement & Transfers Dominate Agenda

Our Data Governance Is Broken. Let’s Reinvent It.

CyberheistNews Vol 13 #17 [Head Start] Effective Methods How To Teach Social Engineering to an AI

CyberheistNews Vol 13 #15 [The New Face of Fraud] FTC Sheds Light on AI-Enhanced Family Emergency Scams

White House Urgent Warning: Act Now to Protect Against Potential Russian Cyberattacks

Jamaica’s New Privacy Protection Bill

Stay Connected