Search Results for: gdpr

Network management and security should go hand in hand. However, making these services work has become more complicated and riskier due to the growth of the public cloud, the use of software applications, and the need to integrate different solutions together.

This complex network security domain requires more skilled cybersecurity professionals. But as this need becomes obvious, so does the glaring skills gap. In the UK, half of all businesses face a fundamental shortfall in cybersecurity skills, and 30 percent grapple with more complex, advanced cybersecurity expertise deficiencies.

Continue reading →

With the rapid proliferation of Generative AI (GenAI), developers are increasingly integrating tools like ChatGPT, Copilot, Bard, and Claude into their workflows. According to OpenAI, over 80 percent of Fortune 500 companies are already using GenAI tools to some extent, whilst a separate report shows that 83 percent of developers are using AI-tools to speed up coding.

However, this enthusiasm for GenAI needs to be balanced with a note of caution as it also brings a wave of security challenges that are easily overlooked. For many organizations, the rapid adoption of these tools has outpaced the enterprise's understanding of their inherent security vulnerabilities. This would yield a set of blocking policies for example, Italy had at one point this year completely blocked usage of GPT, which is never the answer.

This misalignment could not only compromise an organization’s data integrity but also impact its overall cyber resilience. So, how should AppSec teams, developers, and business leaders respond to the security challenges that accompany the widespread use of GenAI?

Continue reading →

Whether browsing online for clothes or catching up on the latest news, we’ve all had that unwanted internet cookie pop-up appear. At face-value they may seem harmless, but cookies are a goldmine of private information, posing a serious risk to your data privacy. Today, consumers face a new predicament surrounding attitudes toward their valuable data. When personal data is stolen by a cybercriminal, that offense is the online equivalent of a physical robbery, but the severity of data theft is being overlooked.

From a regulatory standpoint, concerns over data privacy have prompted stricter actions from governments and organizations globally as they try to grapple with the challenge of striking a balance between data security and user privacy. Now, in response to increasingly sophisticated criminal tactics, there must be a shift from slow, reactive regulation towards adopting more proactive strategies that both anticipate and mitigate against potential risks. This will be key to shaping a secure, privacy-conscious future.

Continue reading →

The European Union first proposed introducing a regulatory framework for AI back in 2021, the wheels of politics inevitably grind slowly, however, and it's still working on legislation to bolster regulations on the development and use of artificial intelligence.

The proposed Artificial Intelligence Act has sparked a good deal of debate in the industry with many worried that it could harm business competitiveness.

Continue reading →

Lots of apps are potentially transmitting and saving user data without express permission and this has led some administrations to consider bans.

In May, Montana passed the first bill to ban TikTok statewide due to data concerns, and India has banned 60 apps, including TikTok, claiming they were transmitting user data back to China.

Continue reading →

Quite rightly, many businesses are excited about generative AI and the benefits it can bring. This year ChatGPT reported more than 100 million users, and the market value of generative AI is expected to grow year-on-year.

Currently, it makes sense that businesses want to get in on the act, but many are facing significant challenges navigating generative AI’s rapid emergence. There’s a risk of moving too quickly. It is difficult for businesses to confidently predict how beneficial generative AI will be. In some cases, it could even prove more of a hindrance than a help.

Continue reading →

Transatlantic data flows underpin more than $7 trillion in cross-border trade and investment per year, according to the U.S. Department of Commerce. The recently announced EU-US Data Privacy Framework (TADPF), in place as of July 10 2023, is expected to further promote opportunity and economic fruitfulness on both sides of the Atlantic.

However, many are rightfully questioning the staying power of this latest version of the TADPF. Will it be third-time lucky or Groundhog Day all over again? Against this backdrop of uncertainty, many companies must evaluate their short- and long-term regulatory resilience.

Continue reading →

Managing third-party cybersecurity risk across inter-connected supplier ecosystems is becoming increasingly more daunting. Software and systems that used to be managed in-house are now routinely delivered as hosted services by multiple vendors and contractors. Other third parties frequently get brought in at departmental level, often bypassing contracting procedures, and have access to applications that hold sensitive data and business critical information.

A single mistake anywhere in the supply chain could result in data breaches, compliance fines, as well as revenue losses, reputational damage, and a wide range of negative business consequences for months, or even years, down the line.

Continue reading →

Over the past few years, there has been an acceleration in the enterprise-level understanding of Privacy Enhancing Technologies (PETs), a category best known for its ability to enable and preserve the security and privacy of data when it is being used or processed. While some technologies within the category, including homomorphic encryption, trusted execution environments, and secure multiparty computation, had previously been academically pursued but not computationally practical, the tide has  changed.

Technological development, surging awareness, and increasing adoption of PETs in recent years have alerted regulators, analysts, and broader industry to their potential impact and opened up a wealth of exciting and transformative opportunities for businesses.

Continue reading →

It’s no secret that Americans are becoming increasingly concerned about their digital identities.

Take the recent case in Louisiana, where a whopping 6 million public records were exposed as part of a global attack on third-party file transfer app MOVEit. The attack made users more wary of trusting their data to often-obscure third parties. A recent survey, conducted across 1,000 U.S. consumers by Thales found that 44 percent are afraid their identity will be stolen in a cyberattack, and a quarter have no confidence in the protection of their personal data.

Continue reading →

Earlier this year, several prominent tech leaders came together to sign a letter advocating for pausing development of advanced AI models, citing their potentially "profound risk to society and humanity”. This was swiftly followed by British Prime Minister Rishi Sunak proposing the creation of a new UK-based watchdog dedicated to the AI sector.

Although the move garnered mixed responses, an essential aspect seems to have been overlooked amid this debate -- a legislation-led institutional may not be the most effective or comprehensive approach to regulating AI.

Continue reading →

New research reveals a high proportion of vulnerable public cloud, mobile and web applications exposing sensitive data, including unsecured APIs and personal identifiable information (PII).

The study from CyCognito, based on analysis of 3.5 million assets across its enterprise customer base, finds 74 percent of assets with PII are vulnerable to at least one known major exploit, and one in 10 have at least one easily exploitable issue.

Continue reading →

Around the world, data borders and regulations are being strengthened in a drive to protect customer privacy and fight cybercrime. As a result, multinational businesses are contending with a complex regulatory landscape. For business, data, and technology leaders, today’s challenge is to comply with local regulations while respecting customer expectations and managing complex global supply chains. To meet these macro and micro-economic challenges, organizations are looking for borderless data systems that enable global business operations but meet local demands.

The European Union’s General Data Protection Regulation (GDPR) has given rise to similar laws across the world, and the United Nations Conference on Trade and Development (UNCTAD) reports that 71 percent of countries have data protection regulations in place and 9 percent have legislation in development. Data governance professionals have increased their focus on data and cloud sovereignty in response, as some of these regulations restrict how data can be shared across physical national borders. In many cases, these regulations are positive and protect organizations and nations from criminals and aggressive states. However, today’s supply chains require data to be shared. A further complication is that cloud computing enables data sharing and business efficiency, yet the major cloud computing providers are firms from the USA. These businesses must comply with the US Cloud Act, which gives the US government access to data stored by these firms, even when hosting takes place outside of the USA.

Continue reading →

From high-profile data breaches (think Facebook’s Cambridge Analytica scandal that resulted in millions of people’s data being shared without their consent) to the introduction of legislation like the General Data Protection Regulation (GDPR), the data privacy landscape has evolved considerably in the last few years.

Though more organizations recognize the necessity of implementing a data privacy program, many modern privacy programs are missing foundational components required for full compliance, and attorneys and authorities have little sympathy for these privacy gaps.

Continue reading →

As growing businesses rush to upgrade their hardware, many are simply throwing old computers, routers, and other IT assets into the trash, leading to security and environmental concerns.

A new study from Capterra of 500 IT professionals at US small and midsize businesses (SMBs) reveals that nearly a third (29 percent) indulge in improper IT hardware disposal practices.

Continue reading →