Tag Archives: Data Protection

70% of financial companies suffer cyber security incident in last 12 months

New research conducted by data security company Clearswift reveals that 70% of financial companies have experienced a cyber security incident in the past year, highlighting the serious threat that both data breaches and malicious attacks pose to the UK’s financial sector.

The research, which surveyed senior business decision-makers within enterprise financial organisations in the UK, found that almost half of the incidents reported over the past 12 months originated from employees failing to follow security protocol or data protection policies. This threat was biggest in mid-sized financial companies (with 3,000-4,999 employees) with 52% of respondents citing employee failure to follow corporate data protection policies as their biggest issue.

In addition to this, it was found that further causes of cyber security incidents within the financial sector included the introduction of malware and viruses via third party devices, including USBs and Bring Your Own Device (32%), file and image downloads (25%) and employees sharing data with unintended recipients (24%).

UKFinanceCyber

“The financial sector is the lynchpin of the UK’s economy and a vital part of our nation’s Critical National Infrastructure, so it’s alarming to see such high numbers of security incidents within financial organisations,” said Dr Guy Bunker, CTO at Clearswift. “Unfortunately, in this day and age it’s a case of ‘when’ not ‘if’ a firm is breached so the financial sector needs to shift gears and speed up the innovation and deployment of effective data protection and threat mitigation strategies.”

The numbers associated with security incidents are in stark contrast with further findings from the survey which revealed less than a quarter (23%) of respondents had an adequate level of budget allocated to cyber security within the firm. Unsurprisingly, 73% of respondents would like to see some – if not a significant – increase in their organisation’s cyber security spending.

Bunker added: “Whether it’s an inadvertent mistake, a malicious insider or an external threat actor that causes a security incident, the ramifications of data loss are extremely serious for any organisation. For those organisations who hold citizen data and their financial information, there’s a need for extra vigilance to protect that data no matter where it’s stored, how it’s processed or what digital collaboration channels it flows through. Understanding the latest threats and the potential consequences from next generation attacks will help drive the business case for investment in new technology to mitigate the risks.”

He continued: “Cyber security needs to rapidly evolve and the budgeting process should take this into account. The threat which can bring down a company may not have existed three months ago. Financial organisations need to be able to respond immediately in order to protect their reputation. While many areas of securing a company’s data can be improved by educating employees and developing clear policies and processes, technology plays a key role in mitigating today’s biggest threats through automating and enforcing security protocols. This requires investment. Great information security is a positive business differentiator and a driver of growth.”

Advertisements

Leave a comment

Filed under Risk Xtra

Barracuda Networks helps Leeds United FC to tighten up its cyber defence

Cloud-enabled security and data protection solutions specialist Barracuda Networks has been selected by Leeds United Football Club’s management team to help protect it from today’s advanced cyber threats.

Working with Leeds-based IT reseller and club sponsor Altinet, Barracuda Networks is providing Leeds United FC with its Message Archiver in order to make the storage and access of e-mails simpler, quicker and more secure. As well as being easy to set up and manage, the new e-mail archiving solution allows Leeds United FC to combine on-site hardware with cloud-based replication. This ensures that e-mail data is easy to recover in the event of an attack or data loss.

“As a multi-million pound business, we’re dealing with high volumes of important and confidential e-mails on a daily basis so we have to assume that we’re a high-value target for cyber attackers,” said Mark Broadley, head of IT and facilities at Leeds United FC. “Our legacy e-mail solution wasn’t providing a high enough level of protection, and had meant that staff within the HR and legal teams were spending a lot longer finding information than was needed. On the recommendation of Altinet, we were delighted to make Barracuda Networks the first signing of this very important project.”

LeedsUnitedFC

Barracuda Networks’ solution helps Leeds United FC to easily meet regulatory requirements and take complex discovery requests in its stride. This is particularly important given the club’s historical high turnover of personnel, and the need to find and read archived e-mails in minutes rather than hours or days.

Chris Ross, senior vice-president for international business at Barracuda Networks, said: “Being selected by Leeds United FC to improve and modernise the club’s data protection is an important accolade for us. With cyber attackers becoming ever-more sophisticated and data protection rising higher up the corporate agenda, it’s important that organisations replace legacy solutions and keep up-to-date with the latest threats.”

Ross added: “As it increasingly becomes about when you’re going to be attacked rather than if, data protection and recovery should form a key element of every organisation’s cyber security strategy. On top of keeping an eye on Leeds United FC’s cyber defences, we’ll be watching with interest and wishing the club the best of luck as it seeks promotion from the Championship back to the Premier League.”

Leave a comment

Filed under Risk Xtra

Egress Software Technologies CEO responds to ICO’s Data Security Incidents Report for Q2

On Friday 16 November, the Information Commissioner’s Office (ICO) published its Data Security Incidents Report for Q2 2018. Data security incidents, which are breaches of the seventh data protection principle or personal data breaches reported under the Privacy and Electronic Communications Regulations, are a major concern for those affected and a key area of action for the ICO.

On 18 July 2018, the Independent Inquiry into Child Sexual Abuse (IICSA) was fined £200,000 for revealing the identities of abuse victims in a mass e-mail. On 9 August, Lifecycle Marketing (Mother and Baby) Ltd, also known as Emma’s Diary, was fined £140,000 for illegally collecting and selling personal information belonging to more than one million people.

On 20 September, Equifax Ltd was fined £500,000 for failing to protect the personal information of up to 15 million UK citizens during a cyber attack in 2017 and, on 28 September, BUPA Insurance Services was fined £175,000 for failing to have effective security measures in place to protect customers’ personal information.

ICOLogoWeb

Tony Pepper, CEO of Egress Software Technologies, commented: “Looking at this report, it’s no surprise that the number of data security incidents filed to the ICO has continued to increase with no signs of plateauing. Overall, there has been a 29% increase in the number of reported data security incidents, from 3,146 between April and June 2018 to 4056 from July to September 2018. This demonstrates a 490% increase compared to the same quarter in 2017.”

Pepper continued: “Similar to the statistics we observed in the ICO’s previous report, this doesn’t necessarily mean that organisations are experiencing more incidents, but it definitely does mean that more are now being reported. The increased awareness for organisations to tread carefully has been fuelled by the General Data Protection Regulation, as well as the significant data breach incidents that recognisable brands have suffered in recent times.”

In terms of the monetary penalties, fewer fines were issued between July and September compared to those issued between April and June, with £875,000 issued under the Data Protection Act in the most recent complete three-month period.

Significant growth in data incidents

Although the report doesn’t summarise the type of incidents reported, it does detail the sectors that have experienced significant growth in these incidents. These include general business, which has experienced an increase of 87%, finance with 49%, insurance and legal with 63%, media with 633% and transport and leisure with 57%, while Government, at both the central and local level, experienced a 14% increase.

“We have also seen an organisation fined for unlawfully selling personal data, while Equifax was fined the highest amount under the Data Protection Act (£500,000) for a cyber attack that exposed the personal information of up to 15 million UK citizens.”

ElizabethDenhamICO

Information Commissioner Elizabeth Denham

Pepper added: “Clearly, there’s not only an issue with external attackers illegally obtaining and hacking an organisation’s systems to obtain data, but also with internal employees – and companies as a whole – misleading the population on why their personal data is being collected and how it will be used. As a result, organisations should be vigilant when it comes to ensuring data security protection is in place, and especially so to combat internal threats.”

Pepper feels that organisations should take a user-centric approach to data security, ensuring that every employee – from C-Suite executives to the average worker – is as security savvy as they need to be. This philosophy has been highlighted in recent Egress research, which revealed that 20% of an organisation’s employees don’t know what kinds of personal information should be protected when sharing data via e-mail.

“By taking a user-centric approach and equipping staff to protect personal data through technology that supports and secures the work they do,” urged Pepper, “as well as more training and awareness of what constitutes the mishandling of personal data, organisations will be able better placed to mitigate the chances of external and internal data security incidents.”

Leave a comment

Filed under Risk Xtra

dormakaba issues brochure and video on cyber security and data protection

Security and access solutions specialist dormakaba has launched its latest brochure promoting products that protect the physical security of Data Centres, server rooms and server racks. Created with building services professionals in mind, the brochure includes products suitable for high security applications where the protection of data is paramount. Accompanying the brochure, dormakaba has also created a video to highlight the importance of physical access for secure Data Centres. 

The physical security of data plays a key role in ensuring that information is kept secure and safe from misuse. Whether private to an organisation or an individual, organisations have a responsibility to ensure that all data is kept secure throughout its lifecycle (ie from the time it’s created right through to the time that it’s used and, finally, through to the time it’s archived).

The first section of the brochure introduces the main challenges faced when securing data, including where sensitive data resides and how it’s stored. With site access restricted to a select group of individuals, Data Centres and server rooms are environments that require secure and compliant access solutions.

dormakabaCyberBrochure

The brochure also includes product categories that recommend fit for purpose solutions depending on the desired application. These range from cylinder and key systems to electronic access control and safe locks.

“With the European Union’s General Data Protection Regulation due to come into force on Friday 25 May, organisations now have a heightened awareness of their responsibilities when it comes to protecting personal data,” said Clive Baker, director of security locking at dormakaba. “While many have brought in new policies to guarantee the protection of information, the physical aspect of data security is often overlooked. This brochure has been created to educate those responsible for ensuring compliance with ever more stringent legislation.”

*To view the video accompanying the brochure visit: https://www.youtube.com/watch?v=2_G_OXK-dSw&t=1s

**Free copies of dormakaba’s new brochure may be downloaded at: www.dormakaba.co.uk or contact marketing.gb@dormakaba.com

Leave a comment

Filed under Risk Xtra

GDPR Readiness Checklist Tool launched by NW Security Group to help businesses comply with upcoming EU legislation

NW Security Group, the provider of IP video solutions and security consultancy, has launched a free European Union (EU) General Data Protection Regulation (GDPR) Readiness Checklist Tool to help businesses quickly and easily determine if they’re adequately preparing for the new legislation. Due to come into effect on 25 May, the EU GDPR aims to ensure the protection of personally identifiable information. According to recent figures, over 50% of companies across the UK will not be ready for the GDPR by the stated deadline.

While awareness of the new legislation has risen in recent months, the consensus is that UK firms are under-prepared for the EU GDPR, and therefore at risk of fines as high as €20 million or 4% of a company’s annual turnover (whichever is greater).

As an expert in providing security consultancy and training, NW Security has been giving businesses across the UK guidance on how to ensure compliance by the May deadline in a series of awareness seminars. The GDPR Readiness Checklist Tool has formed a vital part of each seminar, helping attendees determine how effective their data protection processes are on their respective journeys towards GDPR compliance.

NigelPeersGDPRChecklistTool

Nigel Peers, senior consultant at NW Security, offers his thoughts on the EU’s General Data Protection Regulation and how companies must prepare for its introduction

“As a provider of IP-based security systems, we’ve always taken cyber security very seriously indeed to ensure the solutions we recommend to our customers protect the data that’s generated,” stated Nigel Peers, senior consultant at NW Security. “In recent months, we’ve been raising awareness with companies and helping them to assess their levels of preparedness for the GDPR using our quick Checklist Tool. As the timeframes become more urgent and levels of readiness are left wanting, we felt it would be helpful to make this free Checklist Tool available to more companies across the UK. It prompts them to think about how best to prepare themselves and their supply chains for the GDPR and provides an insight of just how comprehensive a full GDPR Organisational Readiness Assessment needs to be.”

One of the seminars was held at the Wirral Chamber of Commerce in Birkenhead, welcoming attendees from a range of businesses in the region to heighten understanding of the new GDPR and identify how it could impact their organisation. Laura Cross, director at Concentric HR, said of the seminar: “It was extremely informative and practical. We don’t feel fully prepared for the GDPR as yet, but events such as this have definitely increased our knowledge on the topic and given us great learnings to take back and implement within our firm.”

Cross continued: “The GDPR Readiness Checklist Tool was one of the most useful aspects of the seminar. It really helped me to understand where our business is currently on the journey towards GDPR compliance. Knowing that there are external experts out there that can support us along the way is extremely reassuring for our business.”

*To use the free EU GDPR Readiness Checklist Tooll visit: www.nwsecuritygroup.com/gdpr-readiness-quick-checklist

Leave a comment

Filed under Risk UK News

New date announced for free-to-attend BSIA/FIA-supported cyber security seminar

A free-to-attend, half-day seminar which aims to help security buyers and installers alike to navigate the complex world of cyber security is being held in Solihull on Thursday 2 November.

Organised by the British Security Industry Association (BSIA) and supported by the Fire Industry Association (FIA), the event will include presentations from a wide range of cyber security experts, with a particular focus on the potential vulnerabilities of ‘connected products’ – meaning any security product that can be accessed or operated remotely via the Internet (eg intruder alarms, video surveillance systems and access control solutions) – and how these vulnerabilities can be combated.

Delegates will be informed about the potential cyber risks facing their business, with presentations from the West Midlands Police’s digital cyber crime team and the Scottish Business Resilience Centre’s team of ‘ethical hackers’.

BSIACyberSecurity

Attendees will also find out how the BSIA’s ongoing work in the field of cyber security is helping the security industry to protect itself and its customers.

Finally, delegates will benefit from a summary of the European Union’s new General Data Protection Regulation, which is set to come into force in May 2018.

The seminar is open to security and fire solutions buyers and installers, or indeed anybody from either industry with an interest in improving their business’ cyber security and data protection policies.

Registration for the event will be open from 9.00 am, with presentations starting at 9.45 am and the event expected to finish at around 1.30 pm.

*A full programme and online booking forms for both delegates and exhibitors are available from the BSIA’s website

Leave a comment

Filed under Risk UK News

Organisations “need to do more” to ensure EU GDPR compliance

Organisations need to do more work to ensure compliance with the European Union’s General Data Protection Regulation (GDPR) which is due to come into force in May 2018. While organisations are largely aware of their upcoming obligations, levels of maturity to meet the new standards are low.

Overall, organisations are only complaint with less than 40% of the principles laid out in the GDPR. DLA Piper’s Global Data Privacy Snapshot 2017 notes that some industries are progressing towards compliance better than others. The hospitality and banking sectors are ahead of the rest with 48% and 43% compliance respectively, compared to the average of around 37%. Healthcare and manufacturing are at the bottom end of the scale with 34% and 35% compliance.

Data breaches are already the second greatest concern for business continuity professionals. That’s according to the latest Horizon Scan Report published by the Business Continuity Institute. Unless organisations become compliant by the time the GDPR comes into force then a breach could become even more disruptive.

Patrick Van Eecke, partner and global co-chair of DLA Piper’s Data Protection practice, said: “The responses show that many organisations still have work to do on their data protection procedures. Any organisations operating in Europe will need to see major improvements in their score by May 2018 if they’re to avoid potentially heavy financial penalties under the GDPR, not to mention serious reputational damage as people become more and more aware of their rights in this area.”

eugdprweb

Van Eecke added: “With more and more organisations placing data centre stage, data protection will become an increasingly prominent issue. It’s vital that organisations invest now in the strategy and processes needed to help them to meet their obligations.”

Jim Halpert, the US co-chair of DLA Piper’s Global Data Protection practice, added: “As privacy requirements such as privacy by design, data portability and extensively documenting a privacy program become more complex, compliance demands significant operational work that takes time. In this sense, the results are not surprising. The time to step up compliance efforts is this year, not next.”

The GDPR will apply to processing carried out by organisations operating within the EU and to organisations outside the EU that offer goods or services to individuals in the EU.

The UK Government has confirmed that the UK’s decision to leave the EU will not affect the commencement of the GDPR. Organisations failing to comply with the GDPR after its implementation in 2018 could face fines as high as 4% of global annual turnover.

Leave a comment

Filed under Risk UK News, Uncategorized