CyberSecurity World

2016 has been an interesting year for Cyber Crime with companies like Yahoo, LinkedIn, Lynda.com, TalkTalk (again), Ashley Maddison (being fined $1.6 million for 2015 data breach), KFC, Wells Fargo, MailChimp, AdultFriendFinder, MichaelPage; to name a few.  It's Christmas time and I don't want to be the bearer of bad news however it will get worse as the months/years go on and as companies we can only be prepared and react at our best ability. But a word to the wise; learn from others mistakes. Communication is the key here with customers and suppliers; that is internally and externally. Many bury their head in the sand but making sure you have a robust and up-to-date Incident response plan, Governance Risk and Compliance, Runbooks, Security awareness training, Solutions are being used, or needed etc.  EU GDPR will come into force by 2018 which gives another year to get the ducks in a row . Which could lead to fines of up to €20 million or 4% of global annual turnover fo

The new Information Commissioner, Elizabeth Denham, has revealed that the ICO is questioning Yahoo about its catastrophic data breach, and is looking to probe WhatsApp and other Facebook-owned companies over how they share data with one another. In her first speech as Information Commissioner, Denham said that the ICO would be choosing its investigations carefully to ensure they are relevant to the general public. Last Friday, the ICO had stepped in to ask questions about the Yahoo data breach, which involved eight million UK accounts. "The data breach is unprecedented. The numbers are staggering," Denham told BBC Radio 4, in a subsequent interview. "Why did it take so long for Yahoo to notify the public of the breach? It looks like it happened two years ago. What can these account holders do to protect themselves? "I'm asking those questions on behalf of UK citizens," she said. Cited and more information at  Computing

The company reported suspicious activity earlier this year, but the scale of the breach is far bigger than first anticipated. At least 1,025 of its restaurants were targeted - with debit and credit card information stolen. The company did not speculate how many people may have been affected, though it did say all of the locations were in the US. Malware - malicious software - had been installed on point-of-sale systems in the affected locations. The chain said it was confident the threat had been removed, and was now offering help to customers who may have been affected. Help includes the offer of one year of "complimentary" fraud protection services. In a statement outlining the details of the attack, Wendy's said the malware could have been operational in its restaurants from as early as Autumn 2015. Suspicious activity was noticed in February of this year. The company went public with this discovery in May - saying it believed around 300 restaurants

ICO Referendum result response An ICO spokesperson said: “The Data Protection Act remains the law of the land irrespective of the referendum result. “If the UK is not part of the EU, then upcoming EU reforms to data protection law would not directly apply to the UK. But if the UK wants to trade with the Single Market on equal terms we would have to prove 'adequacy' - in other words UK data protection standards would have to be equivalent to the EU's General Data Protection Regulation framework starting in 2018. “With so many businesses and services operating across borders, international consistency around data protection laws and rights is crucial both to businesses and organisations and to consumers and citizens. The ICO’s role has always involved working closely with regulators in other countries, and that would continue to be the case. “Having clear laws with safeguards in place is more important than ever given the growing digital economy, and we will be s

The ICO recently carried out a study of the recent security incidents that have been reported or notified to the ICO. It's no shock that data breaches are on the rise with two-thirds of sectors studied reporting an increase in the first quarter compared with the same time a year ago, according to new ICO figures. The data protection watchdog, ICO have shown findings for the period 1 January – 31 March 2016 and uncovered some worrying statistics. Below are the key data security issues for each sector:  Data security incidents by type: The main data security issues within the health sector were: Data being posted or faxed to an incorrect recipient – 22% of incidents. Loss or theft of paperwork – 20% of incidents. The main issues for local government were: Data being posted or faxed to an incorrect recipient – 23% of incidents. Failure to redact data – 16% of incidents. Loss of theft of paperwork – 14% of incidents. The main issues for education were: Los

"If you want to change attitudes, start with a change in behaviour"  This quote was taken by William Glasser, an American psychiatrist. I think it's really relative to this subject, as a user, you may be fully aware of IT/Cyber Security and how your actions can reflect on the company you work for...However it doesn't mean it is going to change the way you work. As a company you need to start to change users   behaviours ... The below is taken from the company I work for ZeroDayLab  blog, which I feel, are the key components to Security Awareness/Behaviour Training. Top 5 are below (part 2 to follow) Interested in the datasheet? please let me know... Security, The Risk of Human Error...& a Tricky Thing Called Motivation… Top 10 Considerations for Truly Effective Security Awareness Training Even though 52% of breaches are attributed to human error, security awareness is still quite a new thing for many companies.  Well, not that new,