Privacy is the individual’s right to control the use of their personal data, and DSAR is the mechanism by which individuals can enforce this right. This right to their own information, as used by an organization, is guaranteed by privacy laws like Europe’s General Data Protection Regulation (GDPR) and the California Consumer Protection Act (CCPA). If your organization collects and uses personal data, especially for European or Californian customers, you should be prepared to respond to DSARs.

We’re back again with a monthly-ish blog reflecting on major goings on in the security world. I am writing the first draft on the rarest of holidays, leap day1! February gets extended by a day every four years, and if we had to guess Ivanti wishes this month would end.

Smart homes, connected cars, and smart watches: these are examples of consumer-focused devices in the Internet of Things (IoT). But the Internet of Things extends beyond consumer use as new technologies are implemented in industrial settings and critical infrastructure. With the continuing development of the Internet of Things come new attack surfaces and cybersecurity risk directly related to the IoT.

As technology has become available, the hospitality industry has focused on making the most out of innovations such as contactless services and eco-friendly practices. The era of mobile and contactless services has ushered in a new normal for hospitality organizations, offering guests seamless experiences with a simple tap of their smartphones.

Achieving SOC 2 compliance demonstrates to customers that your organization takes data security and privacy seriously. The journey to achieve SOC 2 compliance, however, is not easy. For example, when you perform a preliminary assessment to determine your current state of security, you’re likely to find multiple gaps between that current state and what SOC 2 standards expect you to have. You’ll need to close those gaps to achieve full SOC 2 compliance.

Compliance in healthcare is a critical component to preserving the sanctity of modern society. Compliance in any industry ensures adherence to a minimum set of requirements to ensure quality of service; while undoubtedly important everywhere, it’s more so in healthcare due to its direct impact on human lives. For example, while financial compliance secures the safety of our funds, healthcare compliance ensures the safety of our personal selves.

Recent high-profile data breaches attributed to SolarWinds, Log4j, MOVEit, and more have demonstrated that the world still lacks a standard framework to measure cyber risk. Cybercriminals continue to exploit the trusted relationships between companies and their third-party suppliers and vendors, resulting in damaging attacks.

A vendor risk assessment is a critical element of performing due diligence, helping you vet potential vendors effectively and efficiently during the procurement process and throughout the vendor lifecycle. A thorough risk assessment should help you identify, mitigate, and manage the risks associated with your vendors to ensure you remain compliant, maintain a strong security posture, and avoid a costly third-party data breach.

You may have heard people talking about SOC recently, especially now with the increase in the use of digital assets and remote applications. In these cases, SOC enables organisations to bolster their security posture and be more proactive in detecting and preventing threats. But what is SOC in cyber security?

Australia has seen several high profile cyber incidents in 2023 and has seen significant loss of customer data (Canva’s 139 million customers, Latitude’s 7.9 million customers HWL Ebsworth’s 65 government agencies, 2.5 million documents). According to the OAIC Notifiable Data Breaches Report: January to June 2023, the top 3 sectors in that period to report data breaches are Health Service Providers (65 notifications), Finance incl.