Build or upgrade your ISMS on our platform

Cyber and Information Security News: Your Weekly Roundup

security subservience

Welcome back to the series of cyber and information security news weekly roundups. Let’s take a look at what’s been happening in the world of cybersecurity…

3 minute read

You’ve heard of GDPR. But what about NIS?

Industry leaders and suppliers got a little reminder this week from the Crown​ ​Commercial​ ​Service​ ​G-Cloud​ ​team, of the impending GDPR in May next year. They also took the opportunity to highlight another regulation due to go live around the same time: The Network Information Security directive (NIS).

This regulation is lead by the Department of Digital, Culture, Media and Sport, with the support of the National Cyber Security Centre (NCSC). Both GDPR and NIS will have some kind of impact on G-Cloud, and there are various security objectives that will be required, including governance, data security, resilient networks and systems, and identity and access control.

Deloitte hit by data breach

The international giant from the corporate finance world was hit by a security and data breach this week. A spokesperson from the organisation stated that ‘very few’ of their client’s data had been affected by the breach, which is said to have occurred in March this year, but only recently came to light.

Of the data that was exposed were private email addresses of their clients, accessed via an email platform.

Tony Pepper, the chief executive of Egress told the BBC that greater security is needed to protect personally_identifiable_information”>personally identifiable information.

‘…multi-factor access control such as two-factor authentication is important, especially for administrators.’

‘It makes it much harder to gain illicit access in the first place.’

Is the net ready for its cryptographic update?

Well according to the Internet Corporation for Assigning Names and Numbers (Icann), the answer is no.

The plan was to update cryptographic keys to ensure the reliability and authenticity of web domain names on the 11 October. However, during their preparations, they found that many large organisations and internet service providers had not updated their secure DNS software, DNS SEC.

If the Icann had gone ahead as planned, it would have resulted in tens of millions of people unable to access the internet.

A boot bug could take a bite out of Apple Macs

According to research conducted by Duo Security, 4.2% of Apple Macs that they tested were running outdated and insecure versions of the piece of software that boots up the system.

Despite the rest of the system being updated, this element of code, called the extensible firmware interface, had remained unchanged, exposing the rest of the system to potential attacks.

See you next week…

Use the software to satisfy the directive

Need a helping hand with your organisation’s GDPR preparation?

Take a look at our solutions

Want to learn more about NIS?

Use the software to satisfy the directive

Find out more