Despite the awareness that in six months Microsoft will officially end its support for its nearly 10-year-old operating system, Windows 7, 18% of large enterprises have not yet migrated to Windows 10, according to new research from Kollective.
At the start of 2019, researchers found that 43% of companies were still running Windows 7. Of those, 17% didn’t even know about the end of support. In its most recent analysis of 200 US and UK IT decision makers, the report revealed that organizations have a long way to go to prepare for the much anticipated end of Windows 7 support.
Six months later, 96% of IT departments have started their migration, and 77% have completed the move. However, given that the migration from Windows XP to Windows 7 reportedly took some firms more than three years to complete, companies that have not started migration are at risk of missing the final deadline.
In addition, the survey found that 15% of participants would delete files or change passwords upon exiting.
While a number of organizations have invested in technologies to help detect and defend against external attackers, many companies are starting to better understand the risks from insider threats, which a recently published whitepaper said may actually be a larger issue.
According to the report insider attacks are more difficult to detect and prevent than external ones, with 91% of respondents in a similar survey of IT and security professionals reporting they feel vulnerable to both malicious and accidental insider threats.
Released over the Easter weekend (April 21, 2019), the report also found that the most-used password from global cyber breaches was “123456,” with “ashley” the most-used name as a password. The global password-risk list was published to disclose passwords already known to hackers.
The polling was independently carried out on behalf of NCSC, a part of GCHQ and the Department for Digital, Culture, Media and Sport (DCMS). The findings, as well as 100,000 passwords already known to have been breached by hackers, were released ahead of NCSC’s CYBERUK 2019 conference, which will be taking place in Glasgow this week.
These will inform government policy and guidance offered to the public.
Discovered by a user of Reddit, as these things often are, it’s emerged the Epic Games Launcher scans for your Steam install during each start-up and then grabs a snapshot of user files in the Steam Cloud, including data on game saves, play history, Steam friends lists, name history, and groups you’re part of.
In accordance with GDPR, you can request Epic removes all of your personal data, or they could face legal ramifications.
Steam Cloud data is stored locally in Steam>userdate>[account ID]. Epic feeds into this, pulls the data and then creates an encrypted copy which is placed into C:ProgramDataEpicSocialBackupRANDOM HEX CODE_STEAM ACCOUNT ID.bak
The purpose of this appears to be to provide friend suggestions in the Epic Launcher, effectively linking the two systems up. This is done with the user’s express permission according to Epic. It’s tucked away into the lengthy agreement when installing the Epic Launcher and signing up for an account.
The EU General Data Protection Regulation (GDPR) is the most important change in data privacy regulation in 20 years – we’re here to make sure you’re prepared.
We are now offering the Certified Data Protection Officer training and certification! This course enables you to develop the necessary knowledge, skills and competence to effectively implement and manage a compliance framework for the protection of personal data. Find out how GDPR will impact your business.
Noise around the threat the European General Data Protection Regulation poses to publishers, ad tech companies and marketers is getting louder as the 2018 deadline for enforcement approaches.
Naturally, a flurry of “GDPR experts” — some of them helpful, others compounding the confusion — have surfaced over the last year to help businesses navigate the challenges.
There’s a lot of misinformation circulating
Robert Streeter, News UK’s data protection and privacy officer, emphasized the importance of separating fact from fiction regarding the regulations at Rubicon Project’s Automation event in London on Sept. 6. “When you read about ‘expert’ comment on GDPR, I’d advise taking that with caution and examining your own approach to it,” he said. “There’s a lot of misinformation circulating.”
Here are some of the myths, debunked:
Myth: GDPR is a Europe-only issue
Far from being some typically bureaucratic issue that applies to the 28 members of the EU (including the U.K., as Brexit won’t affect its compliance), GDPR will affect any American company that offers goods or services to consumers in the EU or monitors the behavior of people located in Europe, regardless of where their offices or ad servers are based.
Myth: GDPR is limited to personally identifiable information
GDPR won’t be restricted to collecting sensitive data relating to individuals. Personal data under GDPR applies to IP addresses and cookie tracking, too. “Traditionally, the digital ad sector treated cookies and IP addresses as anonymous, but now, that’s no longer the case,” said Stringer. “People are using language they’re used to, like PII and non-PII, which is confusing things. It’s important people treat non-PII as personal data, too.”
Is your organization GDPR compliant?
We now offer the Certified Data Protection Officer training and certification. Develop the knowledge, skills and competence to effectively implement and manage a compliance framework for the protection of personal data. Find out more!
Myth: ‘Consent’ is the only way to process data
The GDPR’s more stringent rules around companies obtaining explicit consent for collecting and processing customer data have caused a fair amount of hand-wringing across the ad market. The new array of adjectives used to describe different forms of consumer consent — “explicit,” “unambiguous,” “informed” — are enough to make hearts race. But as with most things, there are more ways to skin a cat. “Consent is the most viable and perhaps only option when it comes to some aspects of collecting and using personal data for digital advertising purposes.
In the last years, cyber attacks have caused a wide range of damage to organisations across the globe. While companies continue to invest heavily in cybersecurity, the attackers have now diverted their attention to target individuals, to extract information that can be used to extort their financial gain.
For instance, we can take an example of the WannaCry attack that was launched in the world. This was, by far, one of the largest ransom virus (it attacked more than 300,000 computers in the world). The attackers wanted the owners of the computers to pay a certain amount of money to be granted access to their data and information. While many companies had backup information, the implication cost of this attack was immense for the operation of these companies.
When you ask yourself whypersonal cyber security is important, you could take an example of what companies do. Companies spend a tremendous amount of money protecting their information from external attacks. This amount of money in their budget implies that information is a necessity. The number of cyber security attacks is on the rise as time progresses forward.
More than $6 trillion is lost every year in the world as a result of these attacks. This includes everything from destruction and damage of data, lost productivity, stolen money, theft of financial and personal data, theft of intellectual property, post-attack business disruption, fraud, embezzlement, and forensic investigations. The list is endless!
ABOUT THE AUTHOR – Rubica is a digital rights company that was founded to protect individual’s rights. It works to reduce cyber-crime ultimately. Rubica is a solution that has enough power and technology to protect an international organization from external attacks. Therefore, why not let the companies protect your best interests at heart? Rubica was designed to provide enough privacy and security for their clients, business networks and family.
Everyone will be given sweeping new powers to see what tech companies know about them and have it deleted, under a new bill.
UK’s Data Protection Bill will make it far more easy for people to find out how companies are using their personal details, including their browsing history and even their DNA. And once they’ve seen it, it will also greatly increase the “right to be forgotten” – allowing people to make those companies delete that most personal of information.
The bill is intended partly to allow people to escape from their internet history when they become an adult, since companies like Facebook and Google will have to scrub everything that they posted when they were a child.
Companies that won’t comply could be fined millions of pounds.
As well as giving people far more power in how their information is handled, it will also make companies be more up front about how it is collected. Companies won’t be able to trick their customers by using pre-selected tick boxes that opt into tracking, for instance, and people will instead have to give their explicit consent.
The legislation will:
Allow people to ask for their personal data held by companies to be erased
Enable parents and guardians to give consent for their child’s data to be used
Expand the definition of personal data to include IP addresses, internet cookies and DNA
Make it easier and free for individuals to require an organisation reveal the personal data it holds on them
Create new criminal offences to deter organisations from intentionally or recklessly creating situations where someone could be identified from anonymised data
The legislation will bring the European Union’s General Data Protection Regulation (GDPR) into domestic law, helping Britain prepare for Brexit because it will mean the systems are aligned when the UK leaves the bloc.
A Wisconsin company called “Three Square Market” will have employees (voluntary) receive RFID (microchip) implants that will allow them to access doors, vending machines and other facilities around the workplace. This may sound good on paper, but could have very dangerous consequences in the future if RFID implants become accepted and mandatory worldwide.
The rice grain-sized $300 (£230) chip will allow them to open doors, log in to computers and even purchase food. And so far, 50 employees have signed up for the chance to become half-human, half-walking credit card.
But far from being some sort of dystopian nightmare, Three Square Market’s Patrick McMullan believes everyone will soon be wanting their own microchip.
“The international market place is wide open and we believe that the future trajectory of total market share is going to be driven by whoever captures this arena first,” Mr McMullan said.
Three Square Market are even working with a Swedish company, BioHax, to deliver the new technology, which they see as one day being simply another payment and identification method – only instead of a credit card or phone, there would be a microchip between your thumb and finger.
But how did employees react?
While a large proportion of the world might think twice before putting a tiny chip in their hand, it seems those at Three Square Market had no such worries.
Out of 85 employees at the company’s head office, 50 have come forward, vice-president of international development Tony Danna told the BBC.
How does it go in – and how do you get it out?
The entire point of the chip is convenience, Mr Danna explained. But the convenience also stretches to installing and removing the chip.
“It takes about two seconds to put it in and to take it out,” he told the BBC. Putting it in is “like getting a shot” using a syringe, while taking it out it like removing a splinter.
Businesses everywhere, beware—what happened at Verizon can happen to you, too.
The names, addresses, phone numbers and in some cases, security PINs of 6 million Verizon customers stored on large cloud-computing servers were made available to the public, the telecommunications carrier said this week after a cybersecurity company notified it of the exposed data.
Verizon chalked the leak up to human error, saying it was because an employee of NICE Systems, one of its contractors that it uses to analyze its customer service response, made a mistake. No customer information was stolen, Verizon said, and it apologized to its customers.
The leak comes a month after the discovery that the names, birthdays, addresses and other personal details of 200 million registered voters were exposed by a contractor for the Republican National Committee. In a similar scenario, the RNC contractor had failed to ensure that the voter files stored on an Amazon cloud account were not available to public access.
More such exposures are likely until businesses, which are increasingly using the cloud to store and analyze customer data and their own content — for instance, images that populate their websites — get a firm grip on the security protections they need to place around such data.
“When you have these complex systems and you force humans to solve the problem manually, we make mistakes,” Nathaniel Gleicher, former director of cybersecurity policy in the Obama administration. “Complexity is the enemy of security.” His take: data leaks are going to keep happening until cloud storage systems become more automated and enterprises have more help dealing with systems.
Amazon Web Services, where the Verizon data was stored, operates under a “shared responsibility” model with the customer — the Amazon cloud unit controls the physical security and operating system, and gives customers encryption tools, best practices, and other advice to help them maintain security of their data. The customers are responsible for making sure their applications are secure.
It’s roughly similar to a Google Docs user setting the “sharing” setting to private, a small group, or anyone.
After uploading files into an Amazon Web Services server, a business makes adjustments to who can access the files in a certain “bucket”, and the permissions (say to edit or just view). By default, the data is set to private so that only the person uploading the files can see them. The user can widen access to various groups, including authenticated users, that is, anyone with an AWS account that has permission to access the files; and everyone.
“Use this group to grant anonymous access,” says the AWS website.The NICE Systems employee might have clicked the “everyone” category while meaning to give access to another group.
A new study by OneLogin has revealed that a large proportion of businesses fail to adequately protect their networks from the potential threat posed by ex-employees.
The firm surveyed more than 600 IT decision-makers in the UK and found respondents were aware that over half (58%) of former employees are still able to access corporate networks even after they’ve left a company. This is particularly concerning when you consider that OneLogin also discovered that almost a quarter (24%) of UK companies have suffered data breaches by former members of staff.
The study highlighted flaws in the security processes implemented by organizations when an employee leaves too. Almost all (92%) of those polled admitted to spending up to an hour on manually deprovisioning past workers from every corporate application. Whilst 50% were not using automated deprovisioning technology to ensure an employee’s access to corporate applications stops the moment they leave the business – this could explain why over a quarter of ex-employee’s corporate accounts remain active for a month or more.
“Our study suggests that many businesses are burying their heads in the sand when it comes to this basic, but significant, threat to valuable data, revenue and brand image,” said Alvaro Hoyos, chief information security officer at OneLogin. “With this in mind, businesses should proactively seek to close any open doors that could provide rogue ex-employees with opportunities to access and exploit corporate data.”
Speaking to Infosecurity, Steve Durbin, managing director, Information Security Forum Limited, explained that companies are becoming increasingly more aware of the issue but face challenges when it comes to handling it, as it requires an approach that combines both process and people skills with technology as a back up to effectively manage.
“Content management, identity and access management systems all have a role to play in monitoring activity but cultivating a culture of trust is likely to be the single most valuable management step in safeguarding an organization’s information assets,” he added. “How you treat your employees while they are with you will determine their mind set and approach once they have decided to leave.”