Whaling: how it works, and what your organisation can do about it

A guide to ‘whaling’ – targeted phishing attacks aimed at senior executives.

Whaling is a highly targeted phishing attack – aimed at senior executives – masquerading as a legitimate email. Whaling is digitally enabled fraud through social engineering, designed to encourage victims to perform a secondary action, such as initiating a wire transfer of funds.

Full Story: https://www.ncsc.gov.uk/guidance/whaling-how-it-works-and-what-your-organisation-can-do-about-it

White Paper – 5 Steps You Must Take to Prepare for the CCPA

Effective Jan. 1, 2020, the California Consumer Privacy Act creates new protections for the personal data of California residents and new requirements for the businesses that process it. With CCPA’s 12-month look back from the effective date, enforcement beginning July 2020, and a private right of action tied to data breaches, some critical action is needed now.   Go to the IAPP Site for full story and white paper:

https://iapp.org/resources/article/white-paper-5-steps-you-must-take-to-prepare-for-the-ccpa/ 

Focusing on Privacy Won’t Solve Facebook’s Problems

At Facebook’s annual developer conference on April 30, founder and CEO Mark Zuckerberg laid out a major change for the social media platform: a shift to privacy. Facebook’s redesign, which was first announced in a blog post in March, aims to prioritize private, encrypted messaging (on Facebook Messenger as well as Facebook-acquired WhatsApp and Instagram’s Direct Messaging) and Facebook groups over the more public “town square”-style News Feed that has been the cornerstone of the platform since its founding. Private messaging, Zuckerberg argued, is the future of social media communications.

 

Full Post: https://www.lawfareblog.com/focusing-privacy-wont-solve-facebooks-problems

China’s New Cybersecurity Program: NO Place to Hide

The Chinese government has been working for several years on a comprehensive Internet security/surveillance program.  This program is based on the Cybersecurity Law adopted on 2016. The plan is vast and includes a number of subsidiary laws and regulations. On December 1, 2018, the Chinese Ministry of Public Security announced it will finally roll-out the full plan.

Full Story: https://www.chinalawblog.com/2019/09/chinas-new-cybersecurity-program-no-place-to-hide.html

Is Ireland breaching EU rules by underfunding data regulator?

Complaint filed with European Commission over decision not to give more to watchdog

For a Government obsessed with the optics it is surprising how often this current administration does things that leave it wide open to criticism.

FULL STORY: https://www-irishtimes-com.cdn.ampproject.org/c/s/www.irishtimes.com/business/technology/is-ireland-breaching-eu-rules-by-underfunding-data-regulator-1.4047897?mode=amp

Data on 92M Brazilians found for sale on underground forums

Several members-only dark web forums are reportedly auctioning what appears to be a stolen government database featuring the personal information of 92 million Brazilian citizens.

The 16GB SQL database contains such information as name, birth date, mother’s name, gender and tax details including taxpayer IDs, according to BleepingComputer, which credits the discovery to a researcher with the Twitter user name Breach Radar.

 

Check out this article at: https://www.scmagazine.com/home/security-news/data-breach/data-on-92m-brazilians-found-for-sale-on-underground-forums/

What is going on or not going on, The Need for Data Protection Preparedness

Woodcut by Tommaso Garzoni depicting a town crier with a trumpet

Data breaches that occurred over the last few months have quite literally impacted close to one-third of the US population. This staggering number supports the inevitable conclusion that something is very wrong, and that data vulnerabilities represent possibly one of the greatest threats facing not only corporate enterprise, but government agencies as well. Aetna, Equifax, and Time Warner Cable, companies that collectively manage the health information, credit ratings (including highly sensitive financial data), and the communications of a large percentage of the population, recently admitted to massive data breaches and notified those impacted customers that their personal information had been compromised. Reasons given vary from exploitation of a website vulnerability and an affiliate accidently leaking sensitive personal information. These companies will face not only potential litigation and regulatory enforcement action that could represent billions of dollars of loss. Equifax shares have dropped 21 percent since their breach was disclosed on Sept. 7, the biggest two-day drop since 1998. (https://www.bloomberg.com/news/articles/2017-09-11/equifax-backed-out-of-public-investor-presentation-after-breach). Even more sobering, had these breaches occurred after May 25, 2018, the official start data for enforcement of the new EU General Data Protection Regulation, which at least in the case of Equifax also resulted in significant data loss for UK personal information, these companies could have faced additional staggering penalties of up to 4% of their global annual revenue.

These companies have demonstrated weakness in compiling, control, management and appropriate protection of this sensitive data. Identification of the systems that are being utilized and ongoing cohesive management of data is crucial for a structured preparedness to secure sensitive customer personal information. If you are questioning your preparedness and well you should, BeyData has the solution.
While a reactionary approach seems to be the norm these day, it is not effective. BeyData has developed BeyData Librarian a Unified Automated Risk Management System, that empowers organizations to take the responsible and proactive to build and maintain a catalog of all their data flows.
BeyData Librarian provides a secure enterprise system that allows organizations to indentify, assess, prioritize, remediate, mitigate and monitor risk across the organization. Its scalable, hybrid infrastructure provides a framework that allows you to build a catalog of assets, records, data flows, processes and people inside and outside the organization, to map the flow of data within and between these assets and automates the process of risk management.
Further it allows you to utilize our risk frameworks to complete and conduct Privacy and Data Protection Impact Assessments, as well as Security and Risk Impact Assessments.
Companies and organizations must better identify risks in advance of a threat, so that they can mitigate those risks, instead of reacting to them once breached. Why suffer the damage to reputation and customer confidence and expose your company to liability and costs because of inaction?
Contact us if you would like to learn how Bey Data’s Automated Unified Risk Management System can address your Privacy and Data needs.
Resource:
Ponemon Institute, 2017 Cost of Data Breach Survey – Do not have to register to download