ISMS.online News Roundup – 6th February 2020

UK’s booming cyber security sector worth £8.3 billion

The Department for Digital, Culture, Media and Sport has recently published the UK Cyber Security Sector Analysis 2020. The report analyses the UK cybersecurity industry, including figures on size, employment and revenue, as well as reveals that the number of active cybersecurity firms in the UK has increased by 44 per cent since 2017, in this brilliant press release.

Read the full press release here, and view the report here.

How ISO 27701 could be a new framework for sustained GDPR compliance

The privacy domain has become increasingly regulated yet privacy governance remains a complex endeavour in view of regulatory attention, evolving legislation globally and societal maturity. Tony DeBos explores, in this fantastic article for EY, how ISO 27701 provides a framework for integrating privacy into organizational practices through the implementation of a Privacy Information Management System.

Read the full article here.

See more on how ISO 27701 can enhance your Information Security by incorporating a Privacy Information Management System here.

Huduma Namba: Kenya court halts biometric ID over data fears

Kenya’s High Court has halted the controversial system of biometric IDs until new data protection legislation has been imposed. This comes as a result of concerns that extensive private data would be available by simply clicking a button, causing Kenyans to be at risk of irreparable harm if the information was abused, in this interesting BBC News article.

Read the full article here.

Flying Blind: 70% of Airport Websites Contain Vulnerabilities

Following a new report, more than one in five airport websites contain widely known and exploitable flaws, whilst 97% still use some sort of obsolete software. Conor Reynolds explains how the study raises questions surrounding the potential risk that attackers will start targeting airports specifically to damage vital national infrastructure, in this fascinating report for CBR.

Read the full article here.

Will we just accept our loss of privacy, or has the techlash already begun?

In this thought-provoking article for the Guardian, Alan Rusbridger explores how despite the many landmarks that have been made in the last year, we are becoming increasingly aware of data privacy and how our data is being misused, yet we are ever more reliant on devices that constantly monitor us.

Read the full article here.

Proposal to Put Police Child Abuse Database on Cloud Sparks Fears

Dominique Adams reports on how privacy campaigners have expressed scepticism after the UK Government has indicated that it is planning to put a police database of child abuse evidence on Amazon’s cloud network in this fantastic Digit article.

Read the full article here.

A 2020 Vision Of Data Privacy

In this wonderful article for Forbes Technology Council, Göran Wågström gives his thoughts on how data privacy may evolve in the upcoming year. He draws on how the past decade has shown us how little privacy has been regarded by large organizations because our personal information has been freely disclosed and purchased without our knowledge.

Read the full article here.

Coronavirus – hackers exploit fear of infection to spread malware

In this fascinating blog post by Graham Cluely details how cybercriminals are exploiting the Coronavirus outbreak. This comes after IBM researchers have found infected emails being sent to Japan, urging the user to open up an attached Word document that downloads malware onto the recipient’s device.

Read the full article here.

Microsoft patches serious security flaws in Azure

In this excellent TechRadar post, Anthony Spadafora details how security researchers discovered two major security vulnerabilities in Microsoft Azure that could be abused by hackers to get access to private data stored on machines running Azure or to take command over a whole Azure server and potentially the business code of an organisation.

Read the full article here.

Protecting patient data through stringent access rights management

In this fantastic article for OpenAccessGovernment, Sascha Giese discusses the value of controlling access rights within healthcare organisations, outlining four measures to help exemplify how IT departments can better integrate this into their systems.

Read the full article here.

Implementing ISO 27001 for the first time? It’s easy to get overwhelmed, so get an extra helping hand with our Virtual Coach!
Virtual Coach has been put together to help you work at the pace you want, building your confidence and capability. It can make all the difference between success and failure.

 

NIST Seeks Comment on Two Draft Cybersecurity Practice Guides on Ransomware and Other Data Integrity Events

The HIPAA Journal released a brilliant article describing how the National Cyber Security Center of Excellence published the preliminary cybersecurity implementation guidelines SP 1800-25 and SP 1800-26. The proposals address ransomware and other destructive events, with the first highlighting issues related to the identification and protection of assets, and the second concerns the detection and response of cyberattacks that endanger data integrity.

Read the full article here.

How CISOs can justify cybersecurity purchases

In this interesting piece for HelpNetSecurity, Lenny Zeltser reflects on his background as a consultant and CISO to discuss how you can make a constructive business case to warrant the costs which advance your security programme, including what information to include, such as legal and privacy concerns.

Read the full article here.

What WON’T Happen in Cybersecurity in 2020

Pieter Danhieux flips the traditional prediction model on its head by discussing in this wonderful article for Dark Reading six patterns that probably won’t be happening in the foreseeable future, from a reduction of breached data, the development of less code, and less “Hooded Hackers” stock images.

Read the full article here.

Iowa Election Snafu: What Happens When IT And Cybersecurity Best Practices Are Ignored

After the wireless app that malfunctioned during the Caucus in Iowa this week, Jody Westby examines how this event is an example of the problems that can occur when information technology and cyber security best practises and policies are neglected by corporate leaders in this excellent article for Forbes.

Read the full article here.

What Cybersecurity Operations Can Learn From Self-Driving Trucks

In this intriguing piece for Forbes, Mike Armistead discusses the similarities between long-haul drivers and front-line technology analysts. In particular, it reflects on the benefits of autonomous trucking (AT) for drivers and how security operations can draw from research around AT.

Read the full article here.

Preventing Interceptions in the Cybersecurity Super Bowl

In this fantastic article published by Security Boulevard, Sam Flaster explores how, after cyberattacks on NFL teams social media accounts, prior to the Super Bowl on Sunday, has emphasised the importance of cybersecurity not only for sports teams but also for any organisation.

Read the full article here.

Hybrid IT proves challenge to Zero Trust cybersecurity

In this brilliant TechHQ post, Mark Jones explains how, according to a new survey, 50 percent of cybersecurity leaders don’t feel confident about adopting a Zero Trust security model. This is despite the fact that not trusting any website makes it easier to identify malware-infected networks as well as to reduce data breaches.

Read the full article here.

Critical Concerns Over Cybersecurity Soar in Ireland

CISOMAG has published a terrific article outlining how Ireland is among the leading EU Member States when it comes to the adoption and use of digital technologies, yet these same innovations have implemented built-in risk-setting and flaws that brought the nation’s capacity for cybersecurity under the microscope.

Read the full article here.

This Week in Tweets

Here are our top tweets of this week from the #infosec and #cybersecurity twitterverse.

Want To Receive Up-To-Date Articles, Help Materials And Infosec News?

Subscribe to our mailing list to stay informed about all of our latest updates and articles.