Cyber-Crime : Attackers Have 7 Days To Exploit a Vulnerability

The analysis by Tenable Research shows that cybercriminals have an average of seven days to exploit a vulnerability. During this time, they can attack their victims, potentially search sensitive data, launch ransom attacks, and inflict significant financial damage.

Only after an average of seven days do companies investigate their networks for vulnerabilities and assess whether they are at risk.

 

The Tenable Research team found that cybercriminals need an average of 7 days to exploit a vulnerability as soon as a matching exploit is available. However, security teams on average only evaluate new vulnerabilities in the enterprise IT network every 13 days.

The evaluation is the first, decisive step to determine the entire cyber exposure in today’s modern computing environments. The term cyber exposure describes the entire IT attack surface of a company and focuses on how those responsible can identify and reduce vulnerabilities. The timing gap means that cybercriminals can attack their victims as they like, while security teams are in the dark about the real threat situation.

 

The Digital Transformation has significantly increased the number and type of new technologies and computing platforms – from cloud to IoT to operational technology – and has increased the IT attack surface. This changed IT attack surface almost inevitably and leads to a real flood of weak points. However, many companies do not adapt their cyber exposure to the new realities and continue to run their programs in fixed cycles, for example every six weeks. However, today’s dynamic computing platforms require a new cybersecurity approach. Delays are a cybersecurity issue right from the beginning, also because security and IT teams are working in organizational silos. The attackers benefit from this because many CISOs struggle to gain an overview of a constantly changing threat landscape and transparency. Additionally, they have trouble managing cyber risks based on prioritized business risks.

 

The study results showed:

–       That in 76% of the analyzed vulnerabilities the attacker had the advantage. If the defender had the advantage, it’s not because of their own activities, but because the attackers could not access the exploit directly.

–       Attackers had seven days to exploit a vulnerability before the company even identified it.

–       For 34 % of the vulnerabilities analyzed, an exploit was available on the same day the vulnerability was discovered. This means that attackers set the pace right from the start.

–       24 % of the analysed vulnerabilities are targeted by malware, ransomware or available exploit kits.

 

Digital transformation has dramatically increased the number and types of new technologies and computing platforms – from the cloud to the IoT to operational technologies. This in turn has led to dramatic growth in the attack surface. The growing attack surface has fueled a never-ending flood of vulnerabilities. Many organizations run their operational programs on a fixed cycle basis (eg every six weeks), which is not enough given the dynamics of today’s IT environment. Attacks and threats are developing at a rapid pace and can hit any business. Effective cyber exposure management with a new approach to vulnerability management helps to adapt security to new IT environments: it is based on continuous integration and deployment and is consistent with modern computing.

 

The cyber exposure gap cannot be reduced by security teams alone but requires better coordination with the operational business units. This means that security and IT teams gain a shared view of the company’s systems and resources, continuously looking for vulnerabilities, prioritizing and remediating them based on business risk.

 

The study shows how important it is to actively and holistically analyze and measure cyber exposure across the entire modern attack surface. Real-time insights are not only a fundamental element of cyber-hygiene, but also the only way for companies to gain a head start on most vulnerabilities.

Major Consequences Of Having Poor Data Quality For Your Business

how data powers business opportunities

 

Organizations are collecting and generating more information than ever before but simply having a lot of data does not make a business data driven. Issues related to data quality maintenance is infecting numerous businesses. IT department which aren’t taking any steps in order to improve accuracy of their data, can lead companies to pay a big price. Generating trusted information isn’t always easy, though.  Nearly half of organizations are already in error due to poor data quality.

 

Poor data quality can impact organizations in a very negative way by have serious financial consequences. Regulatory fines, monetary losses from bad business decisions, and legal fees resulting from errors can add up to millions of dollars. IBM estimates the total cost, to U.S. organizations only, to be $3.1 trillion dollars annually. Moreover, when it comes to patient or consumer safety, bad data can cost lives.

 

A qualitative database with complete market information is very useful for the effective generation of new leads and the restructuring of existing one. Results of a campaign must be reflected in the database and information must always be accurate, complete, correct and unique. Yet this is not always the case. During customer contact, organizations too often receive answers such as: “I do not have permission to leak confidential information”, “Cloud applications? No, we do not use ‘and’ I’m not the right person for this conversation ‘. 46% of the organizations sometimes go wrong due to poor data quality, according to research by the New York Times. What price do organizations actually pay for this? I have listed the three most important consequences.

 

  1. Target-less costs are incurred

A definite price tag is not linked to bad data quality, but that organizations make costs and miss out on profit is beyond doubt. U.S. organizations think approximately 32% of their data is inaccurate and believe this negatively affects their revenue in terms of weak resources, lost productivity, or wasted marketing and communications spend. Moving companies, changing e-mail addresses and reorganizing organizations. This means that mail is sent to incorrect addresses, e-mails do not arrive, and departments can no longer be reached. The mail is packed, the e-mail is typed, and the phone picked up, but these actions do not yield any results. Wasted time. And time is money.

 

  1. Sales and marketing without result

If companies work with outdated data, chances are that they do not have insight into who they should approach at which company. People change jobs, retire or come to the streets after a merger or takeover. If the database is not continuously updated and cleaned up with this information, effective customer approach becomes difficult. The right DMU is not available and companies do not get the right person. They do not go any further and even go two steps backwards. The target group is not reached and at the same time they strike a flatter with the potential customer. All this because companies do not have their data up to date.

 

  1. Reputation damage

As an organization, you want to avoid blunders and with a large arc for possible errors. You do not want to write to companies that are just bankrupt or are seeking contact with people who have already left the company. These missteps make sure that people talks negatively about your organization and that is the last thing you want. In short, get your facts straight. Make sure you do not run towards a wrong direction and avoid the above missteps. Provide a database containing all customer data and refresh them regularly. Only then can companies effectively carry out marketing and sales activities.

How Companies Can Leverage Their Existing Data Assets To Unlock New Business Opportunities?

Have you already heard about the latest update about Facebook who wants to play Cupid? At their F8 developer conference, the social network announced its entry into the online dating service. Why not? As Facebook users were able to reveal their relationship status since February 2004, with the existing user data form the ideal source it’s possible to find the perfect partner with the help of a suitable algorithm. However, this operation requires valid and high-quality data. At the same time, this announcement is a very good example of how companies can leverage their existing data assets to unlock new business opportunities.

 

Business can generally succeed in improving their own data quality by improving their data governance processes and the developing suitable strategies for complete data management. First of all, it is important to define the criteria for good data, which may vary depending on the company’s activity. These include aspects such as relevance, accuracy and consistency – in this case, data from different sources should not contradict each other. It’s also helpful to investigate where errors in master data are particularly likely to creep. Because here too the well-known programming wisdom applies: garbage in, garbage out. Poor data sources lead to poor results.

 

In practice, sources of error can be found throughout the value chain of data management. These can be human input errors during data acquisition, defective sensor data or incomplete data imports in automated processes. But also, different formats of data can lead to errors, in the simplest case when one has to input the data in US, in case of uncertainty about whether the metric or imperial (Anglo-American measurement system) is used. In addition, organizational deficiencies lead to data errors, for example, if it is not clearly defined who is responsible for which data sets.

 

In order to achieve more quality data, five points can be identified that help to increase the value of your own data.

 

Clarify goals:

 

Everyone involved in the project should agree on the business goals to be achieved with an initiative for better data quality. From sales to marketing to management, each organizational unit has different expectations. While decision-makers need more in-depth analysis with relevant and up-to-date information, it may be critical for a sales representative that address data is accurate and complete.

 

Find and catalog data:

 

In many organizations, data is available in a variety of formats, from paper files and spreadsheets to address databases to enterprise-class business applications. An important task is to localize these databases and to catalog the information available there. Only when the company knows what data can be found in which database and in what format, a process for improving the data quality can be planned.

Harmonization of data:

 

Based on the initial inventory, a comparison is now made with the target to be achieved. This can result in a variety of tasks, such as a standardization of spellings, data formats and data structures. It uses tools for data preparation and deduplication to provide a harmonized set of data, while data profiling solutions help analyze and evaluate data quality.

 

Analysis, evaluation and processing:

 

If you consolidate your data and process it in a cloud, data lake or data warehouse, you can flexibly perform a wide variety of data preparation tasks there by using data integration and data management software solutions. Anyone who has to process streaming data, originated from sensors or Internet of Things, has the option of using cloud resources to check the incoming data in a very flexible way and to sort out fake data packets.

 

Establish continuous processes:

 

Ensuring data quality is a continuous process. After all, new data is always collected and integrated into our own systems. Even if external data sources already provide high-quality data for further processing, it is still necessary to constantly check and validate your own data stocks via a data monitoring system. There are very different solutions, such as, self-service data cleansing solutions, rule-based data transformation applications, self-learning software solutions that independently monitor data formats and detect and correct statistical anomalies. Already today, algorithms for deep learning or artificial intelligence are able to handle many tasks around data management in big data scenarios. However, it is important that responsibilities for data management are named and that quality assurance processes are confidently secured in the company’s processes.

 

Conclusion:

 

Managing quality data is a team work that spans in all functional areas of a company. Therefore, it makes sense to provide the employees in the departments with tools to secure the data quality in self-service. In particular, cloud-based tools that can be rolled out quickly and easily in the departments are ideal for this. Thus, equipped companies can succeed gradually in improving their data quality and increasing the value of their data. This leads to satisfied employees and happy customers.

How To Better Secure Multi-cloud Environments?

The rise of cloud-based services and a variety of choice regarding the cloud has filled the market with more competition than ever before.Increasingly, organizations are now choosing to mix and match cloud solutions. Butare they ready for the security challenges of multi cloud architectures? Applications that are spread across different cloud providers are extremely difficult to see; visibility is often limited. How businesses can better manage their multi-cloud infrastructure explains Jeff Harris, VP, Product Portfolio Marketing from Keysight Technologies.

cloud Workloads

The year 2017 was marked by a strong increase in enterprise cloud computing. According to Gartner, 90% of global companies currently use at least one cloud service. But today, no one is limited with just one cloud service, and even companies working with only a single cloud service provider doesn’t exists anymore. Multi-cloud, the use of multiple public clouds, is quickly becoming the next step in building truly dynamic infrastructures. By dynamically executing workloads across multiple cloud providers, organizations can ensure that workloads are truly optimized. The above-mentioned Gartner study reports that 70% of businesses plan multi-cloud implementations by 2019, up from 10% of today.

 

Up mentioned study also shows that 93% are concerned about security in cloud. But are companies ready for the security challenges of multi-cloud architectures? Each cloud provider has its own technological details as well as unique cloud services and management interfaces. It can be difficult to build an integrated view of the action. As a result, organizations may not really know if their security policies are constantly applied to workloads that are spread across multiple cloud providers – and may dynamically switch between them.

 

Businesses could easily trust cloud providers to protect their data, but that would not be a good idea. Security breaches and data theft are quickly becoming public. Ignorance is simply not an acceptable defence. In addition, a lack of insight into the individual processes or lack of evidence of compliance is enough to make most audits fail.

 

Ultimately, the operators of those applications are always responsible for data security in multi-cloud environments, but most do not have enough visibility and therefore no real control – they cannot really ensure that their data is 100% secure. However, there are approaches to make sure that their data is safe. Here are four steps companies can take to better manage their multi-cloud infrastructure:

 

  • Monitoring of data at the package level

    To monitor their traffic, organizations need to have data access at the packet level. The data provided by the cloud providers is not yet what IT managers in their own data center are used to. For example, metrics can be obtained through Cloud instances, but typically not the actual packages themselves. In addition, the metrics may not be as complete or available for a limited time. There may not be an easy way to build the custom dashboards needed to detect network and application performance issues. These limitations make it harder and more time-consuming to identify and resolve security and performance issues.


 

  • Treat all data equally

    Once available, organizations need to integrate cloud packet data into existing IT service management (ITSM) solutions, where they can be centrally monitored along with other system management data. This allows organizations to perfectly monitor the performance, availability, and security of workloads, regardless of the underlying infrastructure, while providing a foundation for policy enforcement. This central monitoring and policy enforcement ensures that the company has control over the security of its own data and that policies are consistently applied to all workloads, whether they are in the data center, on the infrastructure of a single cloud provider, or across multiple cloud sites architectures.

 

  • Understand context and apply intelligent policies

    Like all monitoring data, cloud package data must be placed in the right context for analysis. To determine if a package is good or bad, it must be fed into the appropriate monitoring, compliance, analysis and security appliances where it can be converted into actionable information. CRM data is treated differently in the data center than HR documentation. So why should a company handle it differently when they come from the cloud? Insight at the network packet level, it’s easier to identify and route data according to existing policies. The result can be seen in more robust security, improved network performance, and better resource allocation.

 

  • Apply your own test procedures

    You should trust your own tests more than anyone else. Cloud providers do their best, but they need to serve the masses of customers, not individual needs. It’s important that organizations constantly test the performance, availability and, most importantly, the security of their workloads in multi-cloud environments. One-time testing provides a degree of security, but continuous testing adds confidence in cloud security – especially as cloud applications are generally subject to constant change.

 

Businesses will increasingly use multi-cloud architectures, as users always demand optimized experiences. The ability to move workloads across clouds allows for this optimization; however, security remains an important concern in multi-cloud agreement. Businesses can do this by implementing the same packet-level network transparency they use on their private networks. Seamless access to cloud package data provides the ability to route information to any security, monitoring, and testing tools, where it can be analyzed and evaluate. Even in a multi-cloud environment, you can implement strong security solutions. It only requires planning and consistent execution.

 

Data Privacy Policy: Consumers Trust In Organizations Diminished

The results of Veritas Technologies’ global research have revealed that consumers around the globe are less and less confident about data privacy policies held by companies and have issues with trusting the organizations to protect their personal information. With each new data leak and successful hacker attack their uncertainty grows, at a point where 38% of worldwide consumers are persuaded that most businesses don’t know how to protect their customer’s data.

 

Results also highlight that consumers want to penalize companies that are bad at protecting their data. On the other hand, companies that place a high value on data protection should be rewarded.

Consumers Trust iIn Organizations Diminished

 

In today’s competitive world, most worldwide companies need data to effectively target consumers with the right goods and services to deliver a better experience. But with the introduction of New strict compliance rules such as the EU GDPR, consumers will have more power over their data in the future. Many consumers will impose companies to better protect their personal data as they need reassurance when it comes to what personal data are companies holding, how it is used and how it is shared.

 

The new norm

 

data privacy gdpr

 

The study, commissioned by Veritas and conducted by 3GEM, surveyed 12,500 people in 14 countries including UAE. Results show that 92% of respondents are concerned about exposing personal data, 40% of respondents have no visibility into how their data is used and 83% are not satisfied with companies not knowing how to protect their data.

 

With the GDPR regulations, 65% of respondents says that they’ll request an access on their personal data that companies are holding and 71% will even ask them to delete their data.

 

Almost three quarters, 71%, of respondents say they will stop buying from a company that does not adequately protect their data. And nearly every second, 43%, would abandon its loyalty to a particular brand and switch towards a direct competitor. It can even be a worse scenario for companies because 79% say they would recommend their surroundings to boycott the organization in case of data breach and 87% claim they would report the business to regulators. 69% of respondents say they would post negative comments online about the business.

 

However, the survey also shows that good data protection pays off. So, consumers want to reward companies that protect well their data. Four in five respondents, 80%, say they would spend more money on companies they trust to guard their data. More than a quarter, 30%, of consumers are willing to spend up to 25% more on companies that take privacy seriously.

 

“Trust in consumers has been eroded by many data breaches and global scandals as companies have revealed a lack of understanding of data privacy protection,” said Tamzin Evershed, Senior Director and Global Data Protection Officer at Veritas. Consumers demand more transparency from companies and demand accountability from them. Under this new norm, consumers will reward those organizations that carefully manage data while punishing those who do not. Businesses need to prove themselves as reliable data managers in order to retain the trust of their customers.

 

Growing concerns about the collection of personal data

 

As consumer interest is rapidly growing in how personal data is used and shared by companies, the study shows that consumers are no longer prepared to share the following types of personal information:

 

  • Details about personal finance including income, mortgage (49%)
  • Details on health and medical records (24 percent)
  • Age and gender (29%)
  • Location (36%)
  • Online habits (35%)
  • Religious preferences (38 percent)

In addition, consumer doubts about how their data is shared with companies and third parties. Nine out of ten respondents (89%) said they were worried about protecting their personal information. Almost half of the respondents (44%) say they have no idea how companies use or share their data. After all, 30 % fear that their personal information will be stolen.

 

“In light of recent events and changes in the law, consumers need much more reassurance when it comes to what personal data companies hold on them, and how it is shared and used,” said Tamzin Evershed, Senior Director and Global Data Protection Officer at Veritas.

 

“This could have significant implications for businesses that rely on collecting consumer data to provide intelligent and targeted services, such as location-based apps. The most successful companies will be those that are able to demonstrate that they are managing and protecting personal data in a compliant way across the board.”

 

Big Day for your Data – What did GDPR changed from 25 Mai 2018?

As from 25/05/2018, the new European data protection rules (GDPR) from companies and governments require that they use your data more carefully. Otherwise, companies and governments can be expose to the risk of huge penalties.
After a start-up period, companies operating in the European Union must henceforth be in line with new data protection rules. Thanks to the rise of online services, such as social media and e-commerce, more and more companies have access to your data. GDPR have to make sure that they take your privacy seriously this time.

 

GDPR compliance report from Crowd Research Partners and Cybersecurity Insiders in partnership with the 400,000+ member of Information Security Community on LinkedIn reveled thatGDPR is a priority for the vast majority of respondents (80%); for a third of respondents (34%) it is one of the top three priorities. 20% say GDPR isn’t a priority – but that won’t relieve them from having to comply with the law.

 

GDPR COMPLIANCE PRIORITY

 

What is it about?

 

As already explained in detail in our previous blog posts, the idea behind the General Data Protection Regulation (GDPR) is that you retain control over who uses your data and for what purposes. Companies that want to send you a newsletter or promotional e-mail must have your explicit permission. The request for permission must also be specific, clear and not ambiguous.
But the requirement to ask for your permission does not always apply. Sometimes a company needs your data to be able to deliver a product or service. If you want a parcel to be delivered through a webshop, it needs your address. You are then in a contractual relationship. Governments can also process data without permission as they have legal obligations to fulfill.

 

What can you expect?

 

You’ve probably received a rain of mails during the last few days and weeks. These are meant to ask for your permission to keep contacting you. But companies, if properly prepared, also present new privacy tools in the same mail. This is mostly a dashboard where you as a customer can change your privacy preferences at any time.
After all, it is not because you once gave your permission to process your data, that this always has to be the case. The new rules stipulate that you can view, modify or remove your data at any time. At least: you can submit a request for it. Companies still have a lot of work to do that.

The new rules must also allow you as a customer to ‘take’ data with you. If you changed telecom operator in the past, you had little say on what happened to your old data provider with your data. Now you have the right to have the data removed and your data, ‘in a readable format’, with you. That can feed competition.

 

What if you did not respond to any e-mails?

 

We all saw emails coming in with the question from companies if they could still contact you. Companies that do not have your explicit permission and still contact you from today onwards, in theory, is illegal.

 

What are the concerns for companies?

 

The first question that every company must ask itself is whether it processes personal data. This includes the disclaimer that there are few companies that do not collect or process data. Personal data are not only limited to the data of customers, but also those of employees.
For that reason, personal data is often distributed throughout the entire company, from customer service to HR. A good first step is setting up a data register, which maps out which department processes which type of data. The company can then make a privacy statement, which lists which data are kept and for which reason. A number of specific companies that collect sensitive data on a large scale must also appoint a data protection officer from now on.

 

Are companies ready?

 

It won’t sound so shocking if I say that most of companies aren’t ready. GDPR compliance report from Crowd Research Partners and Cybersecurity Insiders in partnership with the 400,000+ member of Information Security Community on LinkedIn reveled that 60% of organizations are at risk of missing the GDPR deadline. Only 7% of surveyed organizations say they are in full compliance with GDPR requirements today, and 33% state they are well on their way to compliance deadline.

GDPR PREPAREDNESS

 

What are the challenges in GDPR adoption?

 

Up-mentioned study shows that the biggest challenge in GDPR adoption is related with lack of expert staff (43%), followed by lack of budget (40%), and a limited understanding of GDPR regulations (31%). A majority of 56% expect their organization’s data governance budget to increase to deal with GDPR challenges.

COMPLIANCE CHALLENGES

Who checks and what are the fines?

 

The majority of the GDPR regulation is a repetition of previously existing principles. The big difference is that European companies that are too lax with your data can now be hit in their wallets. With a maximum of 20 million euros or 4% of the annual turnover.

BMC 12th Annual Mainframe Research Results- 5 Myths Busted by the 2017 Mainframe Survey

The mainframe is the oldest yet effective way to process data on a large scale, that’s what the 12th annual mainframe researched from BCM have enlightened. Large companies in industry, trade, and services, as well as public administration, will continue to rely on mainframe technologies in the future showed the survey results.

 

A mainframe is especially good at processing transactions. Banks and insurers often opt for such a system because they have to process large amounts of transactions. The big advantage of a mainframe is that it has hardware developed specifically for this task. This makes transaction processing much faster than if it were done in the cloud on traditional servers. Because a mainframe is good at processing transactions, it is also very suitable for blockchain technology, for example.

 

In the 12th mainframe study, BMC has enlightened the prejudices and myths about the mainframes. More than 1000 executives’ managers and technical professionals from large companies participated to shear their experience.

 

The first key finding of the survey is that 91% of respondents believe that the use of mainframes will continue towards an expansion and support of digital business demands. In addition, they predict this technology as a long-term important platform. This has an increase of 89% compared to 2016 results. The reason for this growth is, first of all, digital business, and second is the need of innovation of operations and technologies used within organizations.

BMC Mainframe Survey

 

The results also show that mainframes and data centers retain their role as a relevant and growing data center in many companies. Participants reported that the mainframe continues to be their platform of choice due to its excellent availability, security, centralized data serving and performance capabilities. Even with the modernization of their work processes and technologies, many organizations continue to rely on mainframes.

 

But they also cited some challenges associated with mainframe growth, including struggles to reduce IT costs, data privacy and security, speed recovery and simplify the increasingly complex mainframe and hybrid data center environment. But they remain positive about technology. They believe that mainframes remain an IT main platform despite cloud technologies and continue to be the backbone of digital transformation.

 

The mainframe will attract new workloads

 

The study results underscore the strategic importance of this secure technology to large enterprises and government agencies and contradict many prejudices against mainframes. 51% respondents affirm that over half of their data resides on the mainframe, with an increase of transaction volume of 52%.

 

Mainframe ACTIVITY

 

66% of respondents say their current mainframe requirements are causing them to reduce their maintenance windows. After all, the main applications are transactional systems, large volumes of data, and analytics. The organizations want to further increase their availability in the future. The survey shows that the mainframes are not already fully optimized, as is widely believed.

 

47% expect increasing workloads through new applications. The survey shows that leaders’ attitudes toward mainframe are changing. In the long term, they see a strategic advantage in mainframes that help them better meet the demands of their digital business processes.

 

These results show the clear trend that executives continue to focus on mainframes and the rumor that they wanted to move everything to the cloud simply does not apply to every business and organization.

 

Even young IT professionals expect the future of mainframes. Contrary to the often-heard prejudice that young IT professionals are critical of mainframes, the BMC survey shows the opposite is the case. 53% of all participants were younger than 50 years. There is great enthusiasm for the future of mainframes among the under-30s too. In the 30 to 49 years, 69% predict mainframe growth. 54 In addition, the survey shows that not only older employees are working on mainframes.

 

Click here to download the study “Mainframe Survey 2017”.

NTT Security Global Threat Intelligence Report 2018 – Focus on EMEA Industry

 

NTT Security has released its Global Threat Intelligence Report (GTIR) for 2018. The study revealed that financial sector became highest point of interest for cyber-attackers with an increase of 16% in attacks since 2016. On the second place, we’ve attacks against the technology sector, which increased about 25% in comparison of 2016. The retail, manufacturing, and finance sectors are in the list of top five attacked industry sectors in 4 of the 5 regions.

 

 

Global Industry Attack Rankings

 

In the globally used malware types, spyware/keyloggers are at the first position with 26%, followed by trojans/droppers on second place with 25% and virus/worms are on the third spot with 23%. The most common form of malware type named ransomware had a peak as well. From 75% of detected ransomware, there was 30% of Wannacry and 45% of Locky.

 

RANSOMWARE INCREASES AND TURNS DESTRUCTIVE

 

The study also examined the sources of the attacks, that is, from which regions or countries most attacks took place. Globally, the attacks came mainly from the US, followed by China, Nederland, Germany, France in EMEA region.

ATTACKERS CONTINUE TO USE REGIONAL SOURCES TO ATTACK

 

The report shows that in EMEA 20% of all cyber-attacks are directed against the business and professional service, in the ranking follow with 20% of attacks against the finance sector. Next, we have manufacturing with 18%; technology with 14 and government with 9%. In the picture below, you can see EMEA industry by attack source country and attack type.

 

As seen in the chart below, 20% of attacks only targeted business and professional services within EMEA. Attacks against financial services and manufacturing stayed almost similar to our 2017 results. Technology and government are top 5 most attacked sectors.
When we talk about business and professional services attacks, web application and application-specific attacks gained the highest score in EMEA, often appearing as the most common attack types regardless of the source country.

 

Since NTT Security identified the business and professional services industry sector was highly targeted in this region, companies must understand that their cyber protection methods must keep pace with the changing environment of cyber attacks. With the emergence of worldwide attacks and persistent advanced threats, it’s clear that a new approach is needed for security. Traditional techniques are simply no longer appropriate for securing data against todays cyberattacks.

 

Persistent advanced threats and targeted attacks have shown their ability to infiltrate traditional security defenses and avoid detection for days while stealing valuable data or carrying out destructive actions. In addition, the companies you rely on most are among the most likely targets: financial institutions, health organizations, large private labels and others.

 

EMEA INDUSTRY ATTACKS

As the below graph shows, in the malware used in EMEA, Ransomware dominate with 29%, following by botnet clients activity with a percentage of 11 and on the third position we’ve spyware and keyloggers with 3%.

EMEA Top Malware

 

The Global Threat Intelligence Report 2018 includes data from all NTT Group companies, including NTT Security, NTT Communications, NTT DATA and Dimension Data, as well as the Global Threat Intelligence Center. Also included are research findings from NTT Security, including honeypots and sandboxes in more than 100 countries. For the GTIR 2018, the company has evaluated data from more than 6.1 trillion logs and 150 million attacks. The analysis of global threat trends is based on information about logs, events, attacks, incidents and vulnerabilities, and examines the latest trends in ransomware, phishing and DDoS attacks.

 

You can download this report from here.

 

Mobile Apps – A THREAT TO YOUR PERSONAL DATA

mobile apps data threat

For businesses, mobile apps are key points of contact for collecting personal data of their users. We certainly don’t remember anymore that how many times we have clicked “I agree” on the never-ending ‘Terms and conditions’ list for various applications downloads, signups, and registrations without even scrolling down to the end. Even if you and I have survived doing that, we must be more careful about mobile applications.

Apps know your exact location at any given point, your house number, restaurants, your frequently visited places, and your email account details. Think this is not what you signed up for? Well, actually you did when you selected ‘Accept’ on the pop-up before you installed the apps.

 

“Permissions by themselves are harmless and even useful to provide users a good mobile experience,” says Paul Oliveria, a researcher at cybersecurity firm Trend Micro. But since the list of permissions required is long and doesn’t explain its effect, an immediate reaction is to treat it is accepting ‘Terms and conditions’ agreement without reading it in order to move to the next step.

 

Mobile apps and data threat

 

According to a study published by Kaspersky Lab, some popular dating apps are transmitting unencrypted user data over insecure HTTP protocol and risking user data exposure. In order to avoid such accidents, it’s important that these mobile applications comply with the privacy and data protection regulations for collected data.

 

The General Regulation n°2016/679 of 27 April 2016, applicable from May 2018, on the Protection of Personal Data, provides key clarifications on how the data of users will be managed by the controller and companies. This article will explore some ways to bring current and future mobile applications into compliance with the new GDPR regulations for obtaining the consent of those involved in the collection and processing of personal data.

 

The place of prior consent in the compliance of mobile applications

 

Article 6 of the RPGD classifies various legal bases for collecting and processing personal data. Among these, mobile applications likely, except in special cases, rely on two bases of fairness, the prior consent of the user and the necessary treatment for the performance of a contract to which the person concerned is part:
Processing shall be lawful only if, and to the extent that, at least one of the following conditions is fulfilled:
(a) the data subject has consented to the processing of his / her personal data for one or more specific purposes;
(b) the processing is necessary for a contract you have with the individual, or because they have asked you to take specific steps before entering into a contract.

 

Collection of consent

 

With regard to the collection of consent, the GDPR is already making a big difference. This is how we read in article 32:

 

Consent should be given by a clear positive act by which the data subject expresses in a free, specific, informed and unequivocal way his agreement to the processing of his personal data, for example by means of a written declaration, including by the electronic way, or an oral statement. This could be done in particular by ticking a box when consulting a website, opting for certain technical parameters for information society services or by means of another declaration or other behavior indicating clearly in this context that the data subject accepts the proposed processing of his / her personal data.

 

The consent given should be valid for all processing activities with the same purpose (s). Where the processing has several purposes, consent should be given for all of them. If the consent of the data subject is given following an electronic application, the request must be clear and concise and must not unnecessarily disrupt the use of the service for which it is granted.

 

Withdrawing Consent

 

Article 7.3. of the GDPR of Personal Data No. 2016/679 of 27 April 2016 states that:

 

The data subject has the right to withdraw consent at any time. Withdrawal of consent does not compromise the lawfulness of consent-based data processing prior to withdrawal. The person concerned is informed before giving his consent. It is as easy to withdraw as to give consent.
This principle requires that the same means used to obtain the consent of a mobile application user be used so that he can express his withdrawal. It was previously mentioned that obtaining the prior consent of the user should, in most cases, go through a tickbox, a toggle button or similar. By following the requirements of withdrawal, the expression of the desire to withdraw the consent of the user should be based on identical or similar procedures. Activating a toggle button or ticking a tickbox is instantaneous and spontaneous while writing an email and waiting for the request to be processed.

Data Management Revolution in Corporations – GDPR, Ransomware and Multi-Cloud Requires New Actions

GDPR and Data Management

Enterprises have more and more options for data storage, but at the same time they are faced with strict regulation and new challenges. For example, the EU General Data Protection Regulation (GDPR) will enter shortly into practice. Ransomware attacks and the trend towards multi-cloud doesn’t make it easier for companies.

 

Data has become the lifeblood of companies in this digital world. It’s critical to the future of any business – and its volume continues to grow. IDC predicts that 163 zettabytes of data will be generated worldwide by 2025 per year. Not surprisingly, this data growth is associated with an increasing demand for storage, more than 50% annually in recent years. However, refilling storage resources is just one thing, but how do companies manage ever-changing data? Here below is an insight of how businesses today can efficiently manage their data.

 

THE TRADITIONAL “STORAGE” APPROACH IN THE CLOUD AGE

 

Data management experts believes that despite the growing volume of data, there has been no innovation in the way data is backed up, stored and managed for many years. With the rapid spread of virtualization and the growth of big data scenarios, it has become increasingly apparent that there was a need for action and new strategies. Organizations using legacy systems are finding it increasingly difficult to access, retrieve, and recover their data. Traditional storage solutions no longer meet the needs of today’s businesses.

 

The cloud has also opened up many new opportunities over the limited memory capabilities of an old design data storage system. Most recently, Cloud Data Management has made annoying IT tasks such as backup, storage, and recovery more efficient and transformed it into value-adding business functions. Today, 63% of worldwide companies are using private and public clouds to securely manage their data. Backup, archive, compliance, search, analysis and copy data management are all available in a single, scalable and widely deployable platform. Companies can derive more value from data assets by making faster and more. Informed business decisions.

 

RANSOMWARE THREAT

 

As data volume grows at a remarkable rate in worldwide organizations, cybercriminals are adapting new methods to hack valuable data for profit. Their technical sophistication varies from small scale cyber-enabled fraud to persistent, advanced and professional organizations. They may directly steal money or monetise their capabilities indirectly through intellectual property theft or through malware.  At any point in time, data access can be affected by cyberattacks.

 

As far as cyberattacks are concerned, the threat of ransomware is hard to avoid. Companies in all industries as well as public institutions are affected by a veritable ransomware attack. Having a look on the 2017 WannaCry cyberattack taught us a good lesson that no-one is safe from the criminals behind ransomware. Everyone is a potential target – and it’s just the question of when something will happen.

The threat of ransomware attack means that business should consider further mitigation and preventative solutions to combat it. These include maintaining appropriate backups and defensive systems that automatically scans any potential harm.

 

The GDPR IS HAPPENING NOW!

 

Either a company is based in the EU or trade with EU Member States, they all are concerned by GDPR. The new regulation will somehow force companies to adapt stricter data protection and data protection rules and will oblige companies to redesign their entire data management process if necessary. When the regulation enters into practice in May 2018, a fundamental change of mindset will be needed in many places.

Data management systems are no longer just used to store data but must help companies meet key GDPR requirements. To ensure compliance, companies should adopt a centralized data management solution that provides simplicity, security, and policy-driven management.

 

INCREASED INTEREST IN MULTI-CLOUD ENVIRONMENTS

 

Multi-cloud strategies will become common for 70% of organizations by 2019, according to Gartner. More and more companies are increasingly turning to a multi-cloud approach. They use different clouds for different purposes, whether public, private or a mixture of both. By combining public and private clouds within their business strategy, organizations gain flexibility and scalability. If you use more than one cloud provider, you can reduce deployment time and increase cost-effectiveness. However, to take full advantage of such hybrid environments, companies need a cloud data management solution. It supports and automates the transfer of data across all cloud ecosystems, optimally meeting current needs.

Cheap Tents On Trucks Bird Watching Wildlife Photography Outdoor Hunting Camouflage 2 to 3 Person Hide Pop UP Tent Pop Up Play Dinosaur Tent for Kids Realistic Design Kids Tent Indoor Games House Toys House For Children