GDPR Compliance – Encryption

Perficient Data & Analytics

Nowhere GDPR Articles mention that encryption is necessary but implementing such measures can reduce the occurrence of a data breach. In the event of a breach, one need not inform the data subjects if proper data protection measures have been applied. Standard Encryption.

Is All Encryption Equal?

Thales eSecurity

Data encryption has been around almost since the age of computers. In truth, anyone with minimal experience can write a simple script that uses default services built into virtually every OS to encrypt data. The answer to these question changes your encryption strategy.

Encrypted Messaging Apps Have Limitations You Should Know

WIRED Threat Level

As recent events have shown, using an encrypted messaging app like WhatsApp or Signal is no privacy panacea. Security

Why Enterprises Should Control Their Encryption Keys

Thales eSecurity

Cloud providers have done a good job of integrating default encryption services within their core infrastructure. However, as discussed in previous blogs , the encryption service is only as secure as the keys that are used to encrypt the data.

Boards Now Face ‘the Encryption Question’

Thales eSecurity

So, what are we doing about encryption?”. A spokesperson later added that this will focus on ensuring universal encryption of passport numbers. Marriott’s response may well set a new normal, in the travel industry: all sensitive traveler data should be encrypted.

Malicious developer distributed tainted version of Event-Stream NodeJS Module to steal Bitcoins

Security Affairs

Hacker compromised third-party NodeJS module “Event-Stream” introducing a malicious code aimed at stealing funds in Bitcoin wallet apps. The Event-Stream library is a very popular NodeJS module used to allow developers the management of data streams, it has nearly 2 million downloads a week. The bad news is that the code remained undetected for more than 2 months because it was encrypted. For example: $ npm ls event-stream flatmap -stream.

Guest Blog: End-to-End Data Encryption with Data Reduction from Thales & Pure Storage

Thales eSecurity

At the 2019 RSA Conference, Pure Storage and Thales introduced Vormetric Transparent Encryption for Efficient Storage – the IT and security industries’ first end-to-end data encryption framework that realizes storage array data reduction. Storage Costs of Encrypted Data.

Bypassing Passcodes in iOS

Schneier on Security

If a full seven days (168 hours) elapse [sic] since the last time iOS saved one of these events, the Lightning port is entirely disabled," Thomas wrote in a blog post published in a customer-only portal, which Motherboard obtained. apple encryption hacking ios passwords

Tools 72

GUEST ESSAY: Why the hack of South Korea’s weapons, munitions systems was so predictable

The Last Watchdog

war plans, including strategies to be implemented in event of collapsing diplomatic relations. In today’s environment for commercial business, let alone government security and defense agencies, the de rigueur approach for cyber security necessarily includes end-to-end encryption, single sign-on, and two-factor authentication, at minimum.

German DPAs Address a Wide Range of Topics at Annual Conference and Adopt Resolutions

Hunton Privacy

securing electronic communications by implementing and developing end-to-end encryption. Resolution on End-to-End Encryption. They request that the public sector takes a leadership role and implements “end-to-end” encryption using the “Online Services Computer Interface (OSCI)” standard developed by the federal state of Bremen. European Union Events Health Privacy International Online Privacy Data Protection Authority Encryption EU Regulation Germany

iNSYNQ Ransom Attack Began With Phishing Email

Krebs on Security

Because of the quick reaction we had, we were able to contain the encryption part” to roughly 50 percent of customer systems, he said. “It’s one thing to prepare for these sorts of events but it’s an entirely different experience to deal with first hand.”

Protecting Big Data, while Preserving Analytical Agility

Thales eSecurity

Moreover, encryption keys must be protected and managed in a trusted manner for security and compliance with regulations. So, while strong encryption secures data, it must be done in a manner that does not impact performance or interfere with the database query process.

The state of European cybersecurity and lessons to learn

Thales eSecurity

Encryption, encryption, encryption. Only 27% of European organisations encrypt their data, leaving the door wide open to the likes of cyber-criminals and hacktivists.

Virginia Adds State Income Tax Provision to Data Breach Notification Law

Hunton Privacy

Recently, Virginia passed an amendment to its data breach notification law that adds state income tax information to the types of data that require notification to the Virginia Office of the Attorney General in the event of unauthorized access and acquisition of such data. State Law Consumer Protection Encryption Personal Data State Attorneys General Virginia

Q&A: Here’s how Google’s labeling HTTP websites “Not Secure” will strengthen the Internet

The Last Watchdog

In a move to blanket the Internet with encrypted website traffic, Google is moving forward with its insistence that straggling website publishers adopt HTTPS Secure Sockets Layer (SSL). SSL and TLS come into play in the form of digital certificates issued by Certificate Authorities (CAs) — vendors that diligently verify the authenticity of websites, and then also help the website owners encrypt the information consumers type into web page forms.

UK ICO Issues Unprecedented Fine Against Mobile Phone Retailer for Lax Security

Hunton Privacy

In its decision, the ICO meticulously detailed the chronology of events and technical failures that led to the breach. the encryption keys for historical transactions were not stored safely. Cybersecurity Enforcement International Security Breach Encryption EU Regulation Information Commissioners Office Penalty Personal Data Privacy United Kingdom

Priming the payments ecosystem for explosive growth

Thales eSecurity

This week marks the return of Amazon Prime Day – Amazon’s seasonal retail event which has fast become a masterclass in driving demand and growth through great customer experience.

Finding the Best Business Cloud Storage with Advanced Security Features – Plus 3 Bonus Security Tips

OneHub

Event Logging and Two-Factor Authentication. Event logs track notifications, errors, and events happening in the background of your computer. If you suspect malicious activity within your network, checking your event log is one way to confirm or dismiss your suspicions.

China Releases National Standard on Personal Information Security

Hunton Privacy

Encryption measures must be adopted whenever sensitive personal information is retained. In the event of an actual data breach incident, the enterprise must inform the affected data subjects by email, letter, telephone or other reasonable and efficient method. Cybersecurity Information Security Online Privacy Security Breach Anonymization China Consent Data Processor Encryption Information Sharing Personal Data Personal Information Privacy Privacy Policy

Korean Privacy Law Updated

Hunton Privacy

encryption of RRNs. Information Security International Compliance Consent Data Transfer Encryption Korea Personal Information TelemarketingOn April 26, 2016, Korean law firm Bae, Kim & Lee LLC released a Privacy News Alert outlining amendments to Korea’s Personal Information Protection Act (“PIPA”) and the Act on the Promotion of IT Network Use and Information Protection (“IT Network Act”).

Amended Nebraska Data Breach Notification Law Adds Regulator Notification Requirement

Hunton Privacy

Specifically, the Bill: requires entities to notify the Nebraska Attorney General in the event of a data breach, and no later than notice is provided to Nebraska residents; adds to the definition of “personal information” a user name or email address, in combination with a password or security question and answer, that would permit access to an online account; and. State Law Consumer Protection Encryption Legislation Personal Information Personally Identifiable Information

Supply-Chain Attack against the Electron Development Platform

Schneier on Security

Those modifications can create new event-based "features" that can access the file system, activate a Web cam, and exfiltrate information from systems using the functionality of trusted applications­ -- including user credentials and sensitive data.

Ransomware, Leakware, Scareware… Oh My!

Thales eSecurity

Encryption is… a panic room for your data and means you’ve treated your data well by preparing for those smash-and-grab attacks in advance. Ransomware essentially comes in two icky flavors: file encryption or cryptolocker. The Dagger of Choice: Encryption with Strong Access Controls.

Protecting America’s Critical Infrastructure

Thales eSecurity

But any disruption of critical infrastructure is very alarming, and the March event should be a wake-up call about the importance of ensuring utilities are consistently and effectively protecting themselves against cyberattacks.

PCI Security Standards Council Releases Enhanced Validation Requirements for Designated Entities as PCI DSS Version 3.0 Set to Retire

Hunton Privacy

Identify and respond to suspicious events. contains mostly minor updates and clarifications, the new version notably updates the standard’s encryption requirements to clarify that Secure Sockets Layer (“SSL”) and early Transport Layer Security (“TLS”) are not considered strong cryptography, and therefore will no longer be PCI DSS-compliant encryption protocols as of June 30, 2016.

Regulating the Internet – Really?

Privacy and Cybersecurity Law

Topics will include: Legal disruption: Impact of digital on the existing regulatory framework From lock and key to encryption – Applying privacy law on digital Can data monopolies exist within privacy and competition law?

Blockchain, Cybersecurity and Global Finance

Hunton Privacy

The technology – a distributed, consensus-driven ledger that enables and records encrypted digital asset transfers without the need of a confirming third party – is revolutionary to global financial services, whose core functions include the trusted intermediary role ( e.g. , payment processor, broker, dealer, custodian). Cybersecurity Financial Privacy Information Security Data Transfer Encryption

Payments and Security: Putting security where your money is

Thales eSecurity

And many security breaches don’t even make the news either because it’s no longer newsworthy when just a few thousand are affected, or a ransomware event is painstakingly kept completely out of the public eye. Originally published in Payments Journal on July 31, 2019.

Recapping RSA Conference 2019: No Silver Bullet for Security

Thales eSecurity

I was really looking forward to participating in RSA 2019 and it was a great event. Other key moments for Thales during the show included our “Thales in Wonderland” customer appreciation event last Monday, where we had a packed room during a fun and festive evening.

Information Governance: Trends and Highlights From 2018

InfoGoTo

Securely storing PII and fully removing it from all systems when no longer needed (involving complete data access logs, end-to-end encryption and documented expungement procedures and logs).

North Korea-linked group Lazarus targets Latin American banks

Security Affairs

“There seems to be a resurgence of activity from the group, and recent events show how their tools and techniques have evolved. ZNFJ-A) – encrypted backdoor. Auditcred.dll.mui/rOptimizer.dll.mui (detected by Trend Micro as TROJ_BINLODRCONF.ZNFJ-A) – encrypted configuration file.

Groups 111

Weekly Update 138

Troy Hunt

All great events but combined with the burden of travel, all a bit tiring too (plus, it turns out that emails don't stop coming in when you're busy.) After a mammoth 30-hour door-to-door journey, I'm back in the USA!

2018 Global Data Regulations & Compliance Heat Up – Are you Ready?

Thales eSecurity

The only true way to protect data is to encrypt it. Encryption is key when it comes to protecting data. Using encryption solutions like the solutions Thales provides, companies can encrypt their data, rendering the data unintelligible in the event of a breach.

Data: E-Retail Hacks More Lucrative Than Ever

Krebs on Security

For example, in March 2019 an analysis of Gemini’s data strongly suggested that criminals had compromised Ticketstorm.com , an Oklahoma-based business that sells tickets to a range of sporting events and concerts.

Retail 214

NYDFS Cybersecurity Regulations: A glimpse into the future

Thales eSecurity

Leading up to that date, companies have had to meet several milestones including hiring a CISO, encrypting all its non-public consumer data and enabling multi-factor authentication. Encryption especially is the last line of defense in the event the company is ever breached.

Logging in Datapower

Perficient Data & Analytics

As many transactions flow through many events occur. Some of these events occur because of normal processing and some of the other occurs because of exceptions. Click Event Subscription. Log target must have at least one Event subscription.

The Necessity of Data Security: Recapping the 2019 Thales Data Security Summit

Thales eSecurity

Cloud vendors offer their own recipes for authentication, encryption and key management, but lack of resources and expertise can make it challenging to craft new security policies that govern all. They typically do not provide encryption, seamless upgrades for flaws and updates, or optics.

The Future of Payments? Frictionless.

Thales eSecurity

For example, in our annual Data Threat Report we found that 97% of respondents are storing sensitive data in digitally transformative environments, but only 30% are deploying encryption. Without encryption and a layered defense, the data in question is an open target for hackers.

WannaCry & NotPetya Ransomware Attacks – One Year Later

Thales eSecurity

The cyber community is often reminded of past events such as large-scale data breaches and vicious cyberattacks that caused mass destruction and caught the publics’ attention. By encrypting your data, anything that’s retrieved by hackers is rendered useless to them.

2018 is the Year for POPI in South Africa

Thales eSecurity

The country’s Protection of Personal Information (POPI) Act imposes requirements on holders of personal data to guard against unauthorised access and, in the event of a breach, mandates that the organisation notify the Regulator and the impacted data subjects. Encrypt Everything.