Safely move on from COVID-19

ISMS.online News Roundup – 5th December 2019

Welcome

In the news; Google has a new CEO, retailers need to improve their holiday cybersecurity and a bug-finder has a bug!  All in this weeks edition of ISMS.online’s Information and Cybersecurity News Roundup.

Although December is often a quieter trading period in the B2B sector, with clients focusing their attention on their office parties and secret Santa’s, it’s a great opportunity to tackle that information security project you’ve been putting off or start your journey to ISO certification!  Check out how ISMS.online can help you achieve your goals.

The ISO 27001:2013 Statement of Applicability (SoA): The Complete Guide

The Statement of Applicability (SoA) forms a fundamental part of your information security management system (ISMS) and, together with the Scope, as described in 4.3 of ISO 27001:2013, will offer assurance to your auditors and other interested parties, of the depth and breadth of your ISMS. 

Read the full article here.

Amigo passed surveillance audit with flying colours

After their recent ISO 27001 surveillance audit, Amigo passed with zero faults due to their use of the ISMS.online platform! From ISO 27001 implementation to follow up audits, ISMS.online’s all in one software helps every step of the way to not only impress your auditors but make certification easy. See how we can help you on your journey to certification here!

Read their story here.

Who is Sundar Pichai and what does Alphabet do?

Following this week’s news that Google’s co-founders Larry Page and Sergey Brin are stepping down, google announced that its chief executive, Sundar Pichai, will become CEO for its parent company Alphabet. This excellent BBC News article details who the new CEO is and what other companies are subsidiaries of Alphabet.

Read the full article here.

Top seven IT predictions for 2020

It’s that time of year again! ITProPortal published this brilliant article by Ilia Sotnikov, in which they share their top seven predictions for the coming year, as well as advice on what organisations should be prepared for.

Read the full article here.

The Data Protection Fee: does your company need to pay?

Paul Arnold, Deputy Chief Executive Officer / Executive Officer of the ICO, has published this fascinating blog post detailing how organisations processing personal data are required to pay a data protection fee under the Data Protection Act 2018 unless they are exempt and how you can see if your organisation needs to pay.

Read the full article here.

Palo Alto Networks Employee Data Breach Highlights Risks Posed by Third Party Vendors

Palo Alto Networks revealed that in February a third-party contractor posted the personal details of seven current and former employees online. Graham Cluley discusses the consequences of such information and what this means for the company in this wonderful article for Bitdefender.

Read the full article here.

Sweaty Betty admits eCommerce data breach

Caroline Baldwin explains how Sweaty Betty revealed that cybercriminals managed to insert malicious code into their eCommerce site in an effort to capture customer card details during the checkout process, in this wonderful article for EssentialRetail. This further demonstrates how it is important not to postpone the essential task of managing your security practises.

Read the full article here.

Why encryption is failing us

Cybercrime is thriving in 2019 partly because of the illusion that encryption is foolproof. However, in this brilliant article for TechRadar, Tom Kellermann explores how encryption alone is not enough to adequately protect data.

Read the full article here.

Ad Industry Unveils Wish List For Privacy Legislation

A few days after lawmakers on the Senate Commerce Committee announced new privacy legislation for the ad industry, the Privacy for America coalition has released its wish list of suggestions it would like to see taken into consideration in the law. Wendy Davis explores what this implies in this fascinating article for MediaPost after the industry has advocated in favour of self-regulation.

Read the full article here.

This Welsh password generator might keep you safe from hackers, but definitely from dragons

Thom Dunn details how a programmer has developed an open-source algorithm to randomly generate secure passphrases in Welsh in this wonderful article for BoingBoing. Dunn goes on to suggest how this is a really handy tool to generate secure passwords that might not stop a genius hacker, but it will undoubtedly stop a mythical Welsh dragon!

Read the full article here.

Cut-and-paste goof reveals HackerOne session cookie, and earns bug hunter $20,000

This brilliant article by Graham Cluley explores how HackerOne, a vulnerability coordination and bug bounty platform, paid out a $20,000 bounty after a researcher uncovered that an employee accidentally disclosed one of their valid session cookies, and so was able to access bug reports from other users on the website.

Read the full article here.

The hidden reason why companies are struggling to secure cloud infrastructure

Everyone is well aware of the numerous big data breaches that have occurred over the last couple of years, yet less know about the security issues that cause them. Gus Evangelakos, in this interesting article for ITProPortal, explores how public cloud software is misunderstood and the massive risks attached to it.

Read the full article here.

The BYOD juggling act: balancing security, privacy and mobility

In this interesting article for SecurityBrief, Anurag Kahol analyses the delicate nature of bringing your own device, the security and privacy threats it raises, and how to reconcile its costs and benefits.

Read the full article here.

2020 predictions: Rising complexity of managing digital risk

Help Net Security has released its own collection of forecasts on how they anticipate change in the field of cybersecurity for the upcoming year, from breaches of accountability to increasing cyber-attacks in the crypto-sphere.

Read the full article here.

How AI Will Improve Cybersecurity in 2020

In this fascinating article for Edgy, Sumbo Bello explores how with the rise in legislation, companies are predicted to turn more towards AI to improve their cybersecurity, as well as providing predictions to how this may happen.

Read the full article here.

72% Of Cybersecurity Suspicions Turn Out To Be Actual Threats: Study

Republic’s Tech Desk has published this fascinating article reviewing a recent Kaspersky study that found In most situations where security researchers ask for additional information of a suspicious entity, they actually turn out to be harmful and place corporate security at risk.

Read the full article here.

Cybersecurity In Real Life (Part 1): The Importance Of Security In Mergers And Acquisitions

Brian Contos details in the first instalment of Forbes ‘ new series “Cybersecurity In Real Life” how the cybersecurity technology of businesses needs to be applied in the right way so that things work as promised, making the benefits go far beyond a more secure business especially in relation to mergers and acquisitions.

Read the full article here.

No stars for Australia’s missing IoT cyber stars

In this thought-provoking article for ZDNet, Stilgherrian discusses how Australia needs a comprehensive cybersecurity rating system for the Internet of Things after a number of responses to the analysis of the nation’s Cyber Security Strategy 2020, as voluntary codes of conduct are not sufficient enough.

Read the full article here.

Retailers Must Improve Cybersecurity This Holiday Season

With the holiday sales season upon us, it is not only consumers and retailers that benefit. Matthew Delman explains in this terrific Security Boulevard article that cyberattacks cost retailers more than $30 billion a year, and losses often increase during the highly profitable holiday season, as well as how retailers might avoid this.

Read the full article here.

Private sector has a big role in the cybersecurity wars

Cyberspace has proved to be a strong accelerator of freedom of expression and trade but it has also proved to be an uncontrolled environment, vulnerable to exploitation from criminals. In this interesting Washington Times article, Daniel N. Hoffman explores how private enterprises can protect themselves and reduce their chances of being exploited.

Read the full article here.

Cybersecurity in the Age of AI

Azeem Azhar is joined by Nicole Eagan, CEO of Darktrace, in this week’s edition of Harvard Business Review’s Podcast to explore how AI is reshaping the cyber defence environment and the growing information war in this evolving cybersecurity setting and more!

Listen to the full podcast here.

GET IN TOUCH

Phone:   +44 (0)1273 041140
Email:    enquiries@isms.online