Businesses of all sizes are moving to the cloud to take advantage of the greater data availability, significant cost savings and data redundancy that cloud computing provides compared to a traditional data center-based physical infrastructure. Moving to the cloud can also reduce shadow IT and get data stores out from storage closets and underneath desks so they can be governed and protected in compliance with regulations and best practices.
In 2018, the world’s trust was shaken. That year, it was revealed that Cambridge Analytica had furtively harvested data left exposed by Facebook. The information of over 87 million individuals was exploited to assemble voter profiles and customise the distribution of political advertisements in the run up to the 2016 US Presidential Election as well as Brexit.
When a network contains an excess of redundant, obsolete and trivial (ROT) data, productivity and desired outcomes can take a hit. The good news is that organizations can significantly reduce the impact of ROT data when they plan properly and invest in the right tools.
Sebastian Neef (@gehaxelt) is a IT security freelancer and a top contributor from the Detectify Crowdsource community. In this guest blog, he looks at ways WordPress plugins leak sensitive data in the wild: The OWASP Top 10 puts Sensitive Data Exposure on the 3rd place of the most common web security issues. In this blog post we will have a look at sensitive data exposure that you might not be aware of.
Data loss prevention (DLP) is a set of processes and technologies that ensure sensitive data is not lost, misused or exposed to unauthorized users by end-users or misconfiguration. Most data loss prevention solutions rely on data classification. This means that sensitive data is grouped into different buckets, e.g. regulated, confidential, financial data, intellectual property, and business-critical data.
Having worked with many individuals responding to incidents where their digital private images were shared without consent, social media or email accounts had unauthorised access, and even physical safety was a concern, it is all too familiar how terrifying the unknown can be. As someone who has been on both the victim’s and later the responder’s side, I am qualified to express both the terror and knowledge of things you can do to take back control.
The threats from data theft and fraud will continue to be a significant concern for all corporate entities in 2020. eCommerce sales, for example, are expected to reach almost one trillion dollars in the next three years, creating a growing opportunity for attackers to capitalize on fraud. A Juniper Research Report regarding online payment fraud trends estimated that digital card, not present fraud (CNP), one of several fraud categories, will reach $130 billion by 2023.
It may not be the most efficient way to steal data from an organisation, let alone the most practical, but researchers at Ben-Gurion University in Israel have once again detailed an imaginative way to exfiltrate information from an air-gapped computer. And this time they haven’t done it by listening to a PC’s fan, or watching the blinking LED lights on a hard drive or even picking up FM radio waves.
Each year on January 28, the United States, Canada, Israel and 47 European countries observe Data Privacy Day. The purpose of Data Privacy Day is to inspire dialogue on the importance of online privacy. These discussions also seek to inspire individuals and businesses to take action in an effort to respect privacy, safeguard data and enable trust. In observance of Data Privacy Day this year, here are five recommendations through which organizations can bolster their data security efforts.
