Is All Encryption Equal?

Thales eSecurity

Data encryption has been around almost since the age of computers. In truth, anyone with minimal experience can write a simple script that uses default services built into virtually every OS to encrypt data. The answer to these question changes your encryption strategy.

GDPR Compliance – Encryption

Perficient Data & Analytics

Nowhere GDPR Articles mention that encryption is necessary but implementing such measures can reduce the occurrence of a data breach. In the event of a breach, one need not inform the data subjects if proper data protection measures have been applied. Standard Encryption.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Why Enterprises Should Control Their Encryption Keys

Thales eSecurity

Cloud providers have done a good job of integrating default encryption services within their core infrastructure. However, as discussed in previous blogs , the encryption service is only as secure as the keys that are used to encrypt the data.

Encrypted Messaging Apps Have Limitations You Should Know

WIRED Threat Level

As recent events have shown, using an encrypted messaging app like WhatsApp or Signal is no privacy panacea. Security

Boards Now Face ‘the Encryption Question’

Thales eSecurity

So, what are we doing about encryption?”. A spokesperson later added that this will focus on ensuring universal encryption of passport numbers. Marriott’s response may well set a new normal, in the travel industry: all sensitive traveler data should be encrypted.

Encryption – A Feasible Savior against Prevalent Privacy Issues in Business Communication

Security Affairs

Even though encryption should be taken seriously by businesses of all sizes, only a small fraction of the corporate sector puts their back on it. Why is Encryption a Feasible Option against Digital Threats? Popular email providers, although, offer end-to-end encryption.

Guest Blog: End-to-End Data Encryption with Data Reduction from Thales & Pure Storage

Thales eSecurity

At the 2019 RSA Conference, Pure Storage and Thales introduced Vormetric Transparent Encryption for Efficient Storage – the IT and security industries’ first end-to-end data encryption framework that realizes storage array data reduction. Storage Costs of Encrypted Data.

Guest Blog: End-to-End Data Encryption with Data Reduction from Thales & Pure Storage

Thales eSecurity

At the 2019 RSA Conference, Pure Storage and Thales introduced Vormetric Transparent Encryption for Efficient Storage – the IT and security industries’ first end-to-end data encryption framework that realizes storage array data reduction. Storage Costs of Encrypted Data.

Security and Privacy Implications of Zoom

Schneier on Security

In the event that targets click on those links on networks that aren't fully locked down, Zoom will send the Windows usernames and the corresponding NTLM hashes to the address contained in the link. Zoom's encryption is awful. They're also lying about the type of encryption.

European Commission has chosen the Signal app to secure its communications

Security Affairs

The popular cross-platform encrypted messaging service Signal has been chosen by the European Commission for its communications. The European Commission has decided to adopt for its staff the popular cross-platform encrypted messaging service Signal for its communications.

Learn About the Underground World of Anti-Cheats at Black Hat Europe

Dark Reading

Applied Security Briefing lineup for this December event also includes expert looks at Google's ClusterFuzz and the art of breaking PDF encryption

Spotlight Podcast: Unpacking Black Hat Hacks with Digicert CTO Dan Timpson

The Security Ledger

Authentication, Encryption and Code Authenticity Core Issues. But if you look behind many of the security demonstrations, a common theme emerges: poor security designs and implementation centered on a trifecta of issues: authentication, encryption and code signing.

IoT 52

Bypassing Passcodes in iOS

Schneier on Security

If a full seven days (168 hours) elapse [sic] since the last time iOS saved one of these events, the Lightning port is entirely disabled," Thomas wrote in a blog post published in a customer-only portal, which Motherboard obtained. apple encryption hacking ios passwords

Ransomware Gangs Don’t Need PR Help

Krebs on Security

Often the rationale behind couching these events as newsworthy is that the attacks involve publicly traded companies or recognizable brands, and that investors and the public have a right to know.

How to Keep Your Information Safe for Data Privacy Day 2020

Thales eSecurity

An extension of the celebration for Data Protection Day in Europe, Data Privacy Day functions as the signature event of the National Cyber Security Centre’s ongoing education and awareness efforts surrounding online privacy. Encryption.

Data Protection in the Digital Transformation Era

Thales eSecurity

In this post, we’ll elaborate on how organizations can finalize the best approach to implement data encryption at an organizational level in an agile and efficient way. In a nutshell, no matter it’s data-at-rest or data-in-motion , it should be encrypted regardless of its state.

German DPAs Address a Wide Range of Topics at Annual Conference and Adopt Resolutions

Hunton Privacy

securing electronic communications by implementing and developing end-to-end encryption. Resolution on End-to-End Encryption. They request that the public sector takes a leadership role and implements “end-to-end” encryption using the “Online Services Computer Interface (OSCI)” standard developed by the federal state of Bremen. European Union Events Health Privacy International Online Privacy Data Protection Authority Encryption EU Regulation Germany

GUEST ESSAY: Why the hack of South Korea’s weapons, munitions systems was so predictable

The Last Watchdog

war plans, including strategies to be implemented in event of collapsing diplomatic relations. In today’s environment for commercial business, let alone government security and defense agencies, the de rigueur approach for cyber security necessarily includes end-to-end encryption, single sign-on, and two-factor authentication, at minimum.

Securing Corporate Data When Remote Working is the Norm

Thales eSecurity

If your business is taking an ‘encrypt everything’ approach, data discovery with risk analysis will help prioritize where to deploy data security solutions first. Encrypt all sensitive data. Consequently, securely storing these encryption keys is of utmost importance to your business.

HSMs: Facilitating Key Management in a Hybrid Cloud Environment

Thales eSecurity

Organizations are actively working to prevent data breaches by encrypting their sensitive information. Encryption isn’t a foolproof security measure, however. Fortunately, organizations can bolster their implementations of encryption by practicing good key management.

ROT 113

Virginia Adds State Income Tax Provision to Data Breach Notification Law

Hunton Privacy

Recently, Virginia passed an amendment to its data breach notification law that adds state income tax information to the types of data that require notification to the Virginia Office of the Attorney General in the event of unauthorized access and acquisition of such data. State Law Consumer Protection Encryption Personal Data State Attorneys General Virginia

Protecting Big Data, while Preserving Analytical Agility

Thales eSecurity

Moreover, encryption keys must be protected and managed in a trusted manner for security and compliance with regulations. So, while strong encryption secures data, it must be done in a manner that does not impact performance or interfere with the database query process.

UK ICO Issues Unprecedented Fine Against Mobile Phone Retailer for Lax Security

Hunton Privacy

In its decision, the ICO meticulously detailed the chronology of events and technical failures that led to the breach. the encryption keys for historical transactions were not stored safely. Cybersecurity Enforcement International Security Breach Encryption EU Regulation Information Commissioners Office Penalty Personal Data Privacy United Kingdom

STEPS FORWARD: How the Middle East led the U.S. to adopt smarter mobile security rules

The Last Watchdog

One consensus tenant that emerged from this whirlwind of rule-making in the ME and EU was the requirement to “containerize” business data, that is keep data encrypted at all times, including when accessed by and stored on mobile devices.

MDM 169

Korean Privacy Law Updated

Hunton Privacy

encryption of RRNs. Information Security International Compliance Consent Data Transfer Encryption Korea Personal Information TelemarketingOn April 26, 2016, Korean law firm Bae, Kim & Lee LLC released a Privacy News Alert outlining amendments to Korea’s Personal Information Protection Act (“PIPA”) and the Act on the Promotion of IT Network Use and Information Protection (“IT Network Act”).

China Releases National Standard on Personal Information Security

Hunton Privacy

Encryption measures must be adopted whenever sensitive personal information is retained. In the event of an actual data breach incident, the enterprise must inform the affected data subjects by email, letter, telephone or other reasonable and efficient method. Cybersecurity Information Security Online Privacy Security Breach Anonymization China Consent Data Processor Encryption Information Sharing Personal Data Personal Information Privacy Privacy Policy

Amended Nebraska Data Breach Notification Law Adds Regulator Notification Requirement

Hunton Privacy

Specifically, the Bill: requires entities to notify the Nebraska Attorney General in the event of a data breach, and no later than notice is provided to Nebraska residents; adds to the definition of “personal information” a user name or email address, in combination with a password or security question and answer, that would permit access to an online account; and. State Law Consumer Protection Encryption Legislation Personal Information Personally Identifiable Information

Q&A: Here’s how Google’s labeling HTTP websites “Not Secure” will strengthen the Internet

The Last Watchdog

In a move to blanket the Internet with encrypted website traffic, Google is moving forward with its insistence that straggling website publishers adopt HTTPS Secure Sockets Layer (SSL). SSL and TLS come into play in the form of digital certificates issued by Certificate Authorities (CAs) — vendors that diligently verify the authenticity of websites, and then also help the website owners encrypt the information consumers type into web page forms.

Microsoft warns about ongoing PonyFinal ransomware attacks

Security Affairs

Threat actors also use a remote manipulator system to bypass event logging. The PonyFinal ransomware usually adds the “ enc” extension to the names of the encrypted files, it drops a ransom note (named README_files.txt) on the infected systems.

The iPhone 11 Pro’s Location Data Puzzler

Krebs on Security

This post will be updated in the event Apple provides a more detailed response.

The state of European cybersecurity and lessons to learn

Thales eSecurity

Encryption, encryption, encryption. Only 27% of European organisations encrypt their data, leaving the door wide open to the likes of cyber-criminals and hacktivists.

PCI Security Standards Council Releases Enhanced Validation Requirements for Designated Entities as PCI DSS Version 3.0 Set to Retire

Hunton Privacy

Identify and respond to suspicious events. contains mostly minor updates and clarifications, the new version notably updates the standard’s encryption requirements to clarify that Secure Sockets Layer (“SSL”) and early Transport Layer Security (“TLS”) are not considered strong cryptography, and therefore will no longer be PCI DSS-compliant encryption protocols as of June 30, 2016.

RSAC 2020: The roaring 20s. A new decade brings new cybersecurity opportunities and challenges

Thales eSecurity

In a matter of a few days, security professionals from near and far will descend upon downtown San Francisco to attend the world’s premier cybersecurity event– RSA Conference 2020. His session , “Should You Trust Cloud Providers with Your Encryption Keys” will be held on Wednesday, Feb.

Cloud 77

IoT and Quantum Computing’s Impact on the Federal Government

Thales eSecurity

The focus on the rest of 2019 and looking ahead to 2020 was very clear when I attended two recent industry events. I spoke at both an Air Force Information Technology and Cyberpower (AFITC) training event and the 2019 Billington Cybersecurity Summit.

IoT 106

Blockchain, Cybersecurity and Global Finance

Hunton Privacy

The technology – a distributed, consensus-driven ledger that enables and records encrypted digital asset transfers without the need of a confirming third party – is revolutionary to global financial services, whose core functions include the trusted intermediary role ( e.g. , payment processor, broker, dealer, custodian). Cybersecurity Financial Privacy Information Security Data Transfer Encryption

iNSYNQ Ransom Attack Began With Phishing Email

Krebs on Security

Because of the quick reaction we had, we were able to contain the encryption part” to roughly 50 percent of customer systems, he said. “It’s one thing to prepare for these sorts of events but it’s an entirely different experience to deal with first hand.”

Priming the payments ecosystem for explosive growth

Thales eSecurity

This week marks the return of Amazon Prime Day – Amazon’s seasonal retail event which has fast become a masterclass in driving demand and growth through great customer experience.

Ransomware, Leakware, Scareware… Oh My!

Thales eSecurity

Encryption is… a panic room for your data and means you’ve treated your data well by preparing for those smash-and-grab attacks in advance. Ransomware essentially comes in two icky flavors: file encryption or cryptolocker. The Dagger of Choice: Encryption with Strong Access Controls.

Retailers Face Many Challenges, Data Security Doesn’t Have to be One of the Them

Thales eSecurity

And herein lies another big challenge for retailers: payment and personal preference data resides inextricably together creating a “perfect storm” in the event of a cyberattack. Retailers must encrypt everything — not just payment or customer preference data.

2018 Global Data Regulations & Compliance Heat Up – Are you Ready?

Thales eSecurity

The only true way to protect data is to encrypt it. Encryption is key when it comes to protecting data. Using encryption solutions like the solutions Thales provides, companies can encrypt their data, rendering the data unintelligible in the event of a breach.