General Data Protection Regulation Archives - Cyber Secure Forum | Forum Events Ltd
Posts Tagged :

General Data Protection Regulation

UK Public and education sector face major DNS threats

960 640 Stuart O'Brien

New research has revealed DNS-based attacks cost global organisations an average of over £1.7 million in 2016 alone, with UK councils, Government offices and schools affected badly.

One in five (19%) of public sector sites and 11% of education bodies affected by DNS attacks say sensitive information was stolen, compared to 16% in the UK overall. A fifth (20%) of public sector and 12% of educational victims also think intellectual property data was lost compared to 15% for UK organisations overall, while 10% of schools and colleges affected say they needed to take more than one day to recover.

This is in the context of annual average costs of DNS security breaches to be now running at £1.7m ($2.2m) for organisations globally, with malware (35%), DDoS (32%), Cache Poisoning (23%), DNS Tunnelling (22%) and Zero-Day Exploits (19%) as the main threats.

The findings come from the 2017 Global DNS Threat Survey report, created by EfficientIP.

David Williamson, CEO of EfficientIP, pointed out that the imminent (May 2018) arrival of the General Data Protection Regulation (GDPR) should sound loud alarm bells for CIOs and CISOs working in the sectors. “In less than a year, GDPR will come into effect, so organisations really need to start rethinking their security in order to manage today’s threats and save their businesses,” he added.

Over a third (35%) of public sector organisations and a quarter (25%) of education organisations have been subjected to DNS-based Malware, DDoS (31% and 22%), Cache Poisoning (26% and 24%), DNS Tunnelling (20% and 19%) and Zero-Day attacks (19% and 13%) in the past year.

49% of education sector DNS victims also stated the size of the DDoS attack they faced was between 1Gbits/sec and 5Gbits/sec and almost a third (30%) between 5Gbits/sec and 10Gbits/sec.

Although 59% of public sector organisations and 57% of education organisations have a hosted/cloud DNS Appliance base, 36% and 35% respectively suffered cloud service downtime in the last 12 months.

“The results once again highlight that despite the evolving threat landscape and the increase in cyber-attacks, organisations across the globe and their IT departments still don’t fully appreciate the consequences of DNS-based attacks,” added Williamson.

To read the full report, click here

Employees are companies’ biggest data security risk

960 649 Stuart O'Brien

A consensus study commissioned by data security specialist HANDD Business Solutions (HANDD) has revealed that nearly a quarter of IT professionals believe that the behaviour of employees and their reactions to social engineering attacks – which can trick them into sharing user credentials and sensitive data – poses a big challenge to data security.

The survey of 304 IT professionals in the UK shows that 21 per cent of respondents say regulations, legislation and compliance will be one of the two greatest business challenges to impact data security. The General Data Protection Regulation (GDPR) is causing real concern among professionals in their bid to be compliant by the deadline, which is less than 12 months away. GDPR will not only raise the privacy bar for companies across the EU, but will also impose extra data protection burdens on them.

HANDD CEO and co-founder Ian Davin commented: “Companies must change their mindset and look at data, not as a fungible commodity, but as a valuable asset. Data is more valuable than a pot of gold, which puts companies in a challenging position as the stewards of that data. C-suite executives must understand the data protection challenges they face and implement a considered plan and methodical approach to protecting sensitive data.”

41 per cent of those surveyed assign the same level of security resources and spend for all company data, regardless of its importance. Analysing and documenting the characteristics of each data item is a vital part of its journey through an organisation. A robust data classification system will see all data tagged with markers defining useful attributes, such as sensitivity level or a retention requirement and ensuring that an organisation understands completely which data requires greater levels of protection.

“Employees are probably your biggest asset, yet they are also your weakest link, and so raising user awareness and improving security consciousness are hugely important for companies that want to drive a culture of security throughout their organisation,” commented Danny Maher, CTO at HANDD.