Photo: Google

France Hits Google with $57 Million GDPR Fine

Jeremy Kirk • January 22, 2019

France has hit Google with a 50 million euro ($57 million) fine for violating the EU's General Data Protection Regulation. The country's data regulator says Google doesn't inform users in a clear way how their data is being collected and processed for targeted advertising.

Cybercrime

Data Breach Collection Contains 773 Million Unique Emails

Latest

Compliance

Mergers & Acquisitions: Privacy and Security Considerations

Marianne Kolbasuk McGee • January 22, 2019

How do data privacy and security matters affect organizations that are contemplating a merger or acquisition? Attorney Iliana Peters offers insights into cybersecurity, data breach and compliance issues that can potentially doom a deal.

Data Breach

Life Under GDPR: Sizing Up the Long-Term Costs

Mathew J. Schwartz • January 22, 2019

GDPR has been in effect since May 2018, but organizations are still waiting to see what impact it will have on the costs organizations might face from breach cleanup, investigations, sanctions and class action lawsuits, says Ian Thornton-Trump of the financial services firm AMTrust International.

Endpoint Security

Legacy Medical Devices: Tackling Cybersecurity Challenges

Marianne Kolbasuk McGee • January 18, 2019

How can healthcare organizations better address the many challenges they face involving the security of legacy medical devices? Device security specialist Ben Ransford offers insights on critical steps that can help reduce the risks.

Breach Preparedness

Ransomware: A Pervasive, Evolving Threat

Nick Holland • January 18, 2019

Leading the latest edition of the ISMG Security Report is an in-depth look at why ransomware remains a pervasive threat and how it's evolving. Also featured: updates on venture capital investments in cybersecurity and a study of vulnerabilities in industrial remotes.

Cybersecurity

Venture Capital Pours Into Cybersecurity

Nick Holland • January 18, 2019

Venture capitalists invested $5.3 billion in cybersecurity companies in 2018, about 20 percent more than in 2017 and twice as much as 2016, according to research from Strategic Cyber Ventures. What's ahead for 2019 and beyond?

Cybercrime

Insider Trading: SEC Describes $4.1 Million Hacking Scheme

Mathew J. Schwartz • January 16, 2019

The U.S. Securities and Exchange Commission has charged seven individuals and two organizations with being part of an international scheme that hacked the SEC's EDGAR document system, stole nonpublic corporate information and used it to illegally earn $4.1 million via insider trading.

Cybersecurity

Your Garage Opener Is More Secure Than Industrial Remotes

Jeremy Kirk • January 16, 2019

Radio controllers used in the construction, mining and shipping industries are vulnerable to hackers, Trend Micro says in a new report. To address the issue, researchers say, manufacturers need to move away from proprietary communication protocols and embrace secure standards, such as Bluetooth Low Energy.

Cybersecurity

Quantum Computing: Sizing Up the Risks to Security

Suparna Goswami • January 16, 2019

Within the next five to 10 years, quantum computing will get so powerful that it could be used to break encryption on the fly, predicts Steve Marshall, CISO at U.K.-based Bytes Software Services.

Governance

Avoiding Critical Security Risk Analysis Mistakes

Marianne Kolbasuk McGee • January 16, 2019

Privacy attorney Adam Greene provides tips for avoiding mistakes when conducting a HIPAA security risk analysis and spells out the essential steps to take.

Governance

Hard-Coded Credentials Found in ID, Access Control Software

Jeremy Kirk • January 15, 2019

Researchers from Tenable Security claim they have found what is essentially a skeleton key for an ID and access control system that could open the doors for anyone, plus other less severe but nonetheless zero-day vulnerabilities.

Application Security

Why Software Bugs Are So Common

Suparna Goswami • January 15, 2019

The recent exposure of customer data on the website of Singapore Airlines as a result of a software bug is further evidence of the persistent challenge of adequately addressing security during the development stage.

Breach Response

Staff Disciplined in Wake of SingHealth Breach

Marianne Kolbasuk McGee • January 14, 2019

The organization that manages IT for Singapore's public healthcare sector says it has terminated, demoted or financially penalized several employees for their roles in the handling of a 2017 cyberattack on SingHealth, the nation's largest healthcare group. What do U.S. security experts think of these measures?