How prepared is your business for the GDPR?

The GDPR is the biggest privacy shakeup since the dawn of the internet and it is just weeks before it comes into force on 25th May. GDPR comes with potentially head-spinning financial penalties for businesses found not complying, so it really is essential for any business which touches EU citizen's personal data, to thoroughly do their privacy rights homework and properly prepare.

Sage have produced a nice GDPR infographic which breaks down the basics of the GDPR with tips on complying, which is shared below.

I am currently writing a comprehensive GDPR Application Developer's Guidance series for IBM developerWorks, which will be released in the coming weeks.


The GDPR: A guide for international business - A Sage Infographic

Cyber Security Roundup for February 2018

February saw over 5,000 websites infected by cryptocurrency mining malware after a popular accessibility plugin called ‘BrowseAloud’ was compromised by hackers. This led to several UK Government and Councils websites going offline, including the Information Commissioner's Office, the Student Loans Company, and Manchester City, Camden and Croydon Council website. Symantec Researchers also announced that 'Crytojacking' attacks had increased 1,200% in the UK. Cryptojacking once involved the installation of cryptocurrency mining malware on users computers, but now it is more frequently used in-browser, by hacking a website and execute a malicious mining JavaScript as the user visits the compromised website, as with the case with the 'BrowseAloud' incident.

More than 25% of UK Councils are said to have suffered a breach in the last five years according to the privacy group Big Brother Watch, who said UK Councils are unprepared for Cyber Attacks.

There was a  fascinating report released about Artificial Intelligence (AI) Threat, written by 26 leading AI experts, the report forecasts the various malicious usages for AI, including with cybercrime, and manipulation of social media and national news media agendas.

GDPR preparation or panic, depending on your position, is gaining momentum with less than 100 days before the privacy regulation comes into force in late May. Here are some of the latest GDPR articles of note.

Digital Guardian released an interactive article where you can attempt to guess the value of various types of stolen data to cybercriminals -.Digital Guardian: Do you know your data's worth?

Bestvpns released a comprehensive infographic covering the 77 Facts About Cyber Crime we should all know about in 2018.

On the international front, the Winter Olympic games were subjected to several cyber-attacks kicking websites and other services offline during the games.  The UK government blamed Russia for the NotPetya attacks as part of an attack on the Ukraine. North Korea's nation-state allegedly backed APT37 (Reaper) is believed to be expanding its cyber-attack capabilities with an objective of causing disruption according to FireEye.  An Open AWS S3 Bucket exposed the private information of thousands of FedEx customers, and Google reported it will longer label all HTTP websites at 'not secure' from July 2018. 

February was yet another frantic month for security updates, which saw Microsoft release over 50 patches, and there were new critical security updates by Adobe, Apple, Cisco, Dell, and Drupal.

NEWS

• Government Websites, including ICO, Infected by Cryptocurrency Mining Malware
• UK Councils are 'unprepared' for Cyber Attacks
• 'Cryptojacking' Attacks surge 1,200% in the UK
• Open AWS S3 Bucket Exposes Private Information of Thousands of FedEx Customers
• UK Government Publicly Blames Russia for NotPetya attacks
• Winter Olympics hit with ‘Olympic Destroyer’ Malware during Opening Ceremony
• Google will label all HTTP sites 'not secure' starting in July 2018
• Microsoft releases 50 Patches for IE/Edge, Windows, Office, ChakraCore & Flash
• Adobe Releases Critical Fixes for Flash Player
• Adobe Releases Critical Security Update for Flash Player, as Exploited by APT 123
• Apple Release patch for Telugu 'Text Bomb' bug that Causes System Crashes
• Cisco Update eliminates DoS Vulnerability in Aggregation Services Router OS
• Cisco releases a second fix for a Critical Vulnerability in ASA
• Dell Storage Platform Security Bugs allows Root Access
• Drupal 7 and 8 Patch Multiple Critical Vulnerabilities

AWARENESS, EDUCATION AND THREAT INTELLIGENCE

• Digital Guardian: Do you know your data's worth?
• 77 Facts About Cyber Crime
• GDPR Preparation: Recent Articles of Note
• North Korea (APT37) expanding Cyber Attack capabilities, Intention is Disruption
• Coldroot RAT Still Undetectable Despite Being Uploaded on GitHub Two Years Ago
• Hackers could Obfuscate Malware through Code Signing and SSL Certificates
• Two New Thefts using SWIFT Network Confirmed

REPORTS

• The Malicious Use of Artificial Intelligence: Forecasting, Prevention, and Mitigation
• Avecto Microsoft Vulnerabilities Report 2017
• The Global Cloud Data Security Study
• 2018 CrowdStrike Global Threat Report: Nation-State Cyber Attacks on the Rise