GDPR: It’s an issue of transparency
The General Data Protection Regulation (GDPR) has been on the lips of security professionals for a long time now – but in just over a month, it will become a reality. While it is easy to get stuck with reviewing the potential fines or setting up efficient security procedures to ensure compliance, many are still…
One in 10 C-level execs say GDPR will cost them over $1 million
Companies are taking the new General Data Protection Regulation (GDPR) much more seriously than HIPAA and PCI: 99 percent are actively involved in the process to become GDPR-compliant, despite the cost and internal reorganization involved, a new survey that polled 300 C-level security executives has shown. About half (49 percent) are 75 percent of the…
Where Are You in Your GDPR Journey?
At first glance, it may seem strange to be asking you where you are in your GDPR journey when enforcement for the regulation begins on May 25 — which is now less than 60 days away. After all, GDPR was approved way back in April 2016, and here at IBM we’ve been talking and blogging…
Data privacy: What your employees don’t know but should
What do employees in your organization understand about security, data privacy, and compliance? According to a recent report from Bothell, Wash.-based MediaPro, perhaps not as much as they should. With data privacy fast becoming a hot-button issue, and the European Union’s General Data Protection Regulation (GDPR) right around the corner, what your employees don’t know…
GDPR Compliance: A Carrot or Stick Approach?
As most of you know, the new General Data Protection Regulation (GDPR) comes into forceon May 25, 2018 and will introduce major new laws for data processing in European Union (EU) member countries and anywhere EU personal data is processed. In other words, even if your business is based in the U.S., if you process data of EU…
Most top US higher ed institutions fail to protect students from phishing
88.8 percent of the root domains operated by top colleges and universities in the United States are putting their students, staff and other recipients at risk for phishing attacks that spoof the institution’s domain, according to 250ok. Phishing and spoofing attacks against consumers are likely when companies do not have a published Sender Policy Framework…
Road Trip or Road Rash? Compliance, Meet Security
I’ve been on the road a lot lately. Literally, I’ve been in the car, traveling along every kind of road, alongside virtually every type of vehicle you can imagine. And I sometimes found myself noticing things about the people who were driving all those cars, trucks and motorcycles. The motorcyclists were the ones I found…
AMD, Apple Sued Over CPU Vulnerabilities
Apple and Advanced Micro Devices (AMD) are also facing class action lawsuits following the disclosure of critical CPU vulnerabilities that affect billions of devices. The Meltdown and Spectre attack methods, which rely on vulnerabilities that have been around for roughly two decades, allow malicious applications to bypass memory isolation mechanisms and access passwords, photos, documents, emails, and…
Kaspersky Sues U.S. Government Over Product Ban
Kaspersky Lab has filed a lawsuit against the U.S. government in response to the decision of the Department of Homeland Security (DHS) to ban the use of the company’s products in federal agencies. The Russia-based cybersecurity firm’s appeal, filed in the U.S. District Court for the District of Columbia, targets the DHS’s Binding Operational Directive…
Trump Signs Bill Banning Kaspersky Products
U.S. President Donald Trump on Tuesday signed a bill that prohibits the use of Kaspersky Lab products and services in federal agencies. The National Defense Authorization Act for FY2018 (H.R. 2810) focuses on Department of Defense and Department of Energy programs, authorizes recruitment and retention bonuses for the Armed Forces, and makes changes to national…