Welcome back to the ISMS.online series of cyber and information security news weekly roundups. Let’s take a look at what’s been happening in the world of cybersecurity…
3 minute read
You’ve heard of GDPR. But what about NIS?
Industry leaders and suppliers got a little reminder this week from the Crown Commercial Service G-Cloud team, of the impending GDPR in May next year. They also took the opportunity to highlight another regulation due to go live around the same time: The Network Information Security directive (NIS).
This regulation is lead by the Department of Digital, Culture, Media and Sport, with the support of the National Cyber Security Centre (NCSC). Both GDPR and NIS will have some kind of impact on G-Cloud, and there are various security objectives that will be required, including governance, data security, resilient networks and systems, and identity and access control.
Deloitte hit by data breach
The international giant from the corporate finance world was hit by a security and data breach this week. A spokesperson from the organisation stated that ‘very few’ of their client’s data had been affected by the breach, which is said to have occurred in March this year, but only recently came to light.
Of the data that was exposed were private email addresses of their clients, accessed via an email platform.
Tony Pepper, the chief executive of Egress told the BBC that greater security is needed to protect personally identifiable information.
‘…multi-factor access control such as two-factor authentication is important, especially for administrators.’
‘It makes it much harder to gain illicit access in the first place.’
Is the net ready for its cryptographic update?
Well according to the Internet Corporation for Assigning Names and Numbers (Icann), the answer is no.
The plan was to update cryptographic keys to ensure the reliability and authenticity of web domain names on the 11 October. However, during their preparations, they found that many large organisations and internet service providers had not updated their secure DNS software, DNS SEC.
If the Icann had gone ahead as planned, it would have resulted in tens of millions of people unable to access the internet.
A boot bug could take a bite out of Apple Macs
According to research conducted by Duo Security, 4.2% of Apple Macs that they tested were running outdated and insecure versions of the piece of software that boots up the system.
Despite the rest of the system being updated, this element of code, called the extensible firmware interface, had remained unchanged, exposing the rest of the system to potential attacks.
See you next week…
Need a helping hand with your organisation's GDPR preparation?
Want to learn more about NIS?
Use the ISMS.online software to satisfy the directive