Contact Centre Summit | Forum Events Contact Centre Summit | Forum Events Contact Centre Summit | Forum Events Contact Centre Summit | Forum Events Contact Centre Summit | Forum Events

Posts Tagged :

Security

EU businesses fined over 830m euros for GDPR violations in 2022

960 641 Stuart O'Brien
As of December 2022 companies based in the EU paid a total of €2.83 billion in 1,401 cases for violating various data protection laws. Out of that, GDPR fines in 2022 total €832 million, which is 36% lower than the €1.3 billion paid in 2021.
However, according to the latest data analysed by Atlas VPN last year stands out not in the total sum fined, but in the severity of the charges imposed on a single entity — Meta.
The data for the analysis was extracted from Enforcementtracker, though not all cases are made public.
While the heftiest sum charged for violations was recorded in Q3 of 2021, the third quarter of 2022 was also significant, as businesses were penalized €430 million.
The Data Protection Commission (DPC), an authority for GDPR enforcement in Ireland, imposed a €405 million fine for Meta Platforms Ireland Limited (Instagram) on September 5th, 2022.
Two issues were found with the processing of personal data pertaining to child users of Instagram.

The children’s email addresses and phone numbers were publicly exposed when using the Instagram business account function, and Instagram profiles of kids were public-by-default.

Another hefty sum of €265 million was penalized to the same entity on November 25th, 2022, when the DPC declared that Meta had infringed two articles of the EU’s data protection laws after details of Facebook users from around the world were scraped from public profiles in 2018 and 2019.

Moreover, the DPC issued a “reprimand and an order” forcing Meta to “bring its processing into compliance by executing a range of specified remedial activities within a specific deadline”.
Meta complied and made the adjustments within the required timeframe. To date, Meta has paid around €1 billion for GDPR violations.

Cybersecurity trends to watch out for in 2023

960 640 Guest Post

Tyler Moffitt, Senior Security Analyst, OpenText Security Solutions, talks about the impact of geopolitical tensions and inflation on cybersecurity and 3 other key trends that will impact the cyber and tech landscape in the coming year…

  1. Small-Medium Sized Businesses (SMBs) will need to do more with less and cyber resiliency will be more important than ever.

“Cybercriminals will increase ransomware attacks on SMBs as prime targets in the wake of heightened geopolitical tensions, such as the War in Ukraine, and rising inflation in the UK and globally. This will force SMBs to do more with less, while already having smaller cybersecurity teams and budgets to defend against attacks, and it will make cyberresiliency more important than ever. Our recent SMB survey found that 46 percent of respondents felt more at risk of a ransomware attack due to heightened geopolitical tensions, and 53 percent were also concerned about their security budgets shrinking due to inflation.”

  1. Search engines will not only blur the lines between paid vs. organic search results, but also from what’s real and fake, increasing phishing attacks.

“Search engines like Google and Bing try to make it as easy as possible for consumers to find the information they request, but it will become increasingly difficult to distinguish between safe and malicious search results. As search engines work to provide a more streamlined experience, they unintentionally open consumers to a greater possibility of being phished. Scammers will purchase top ranking search result ads and use them to drive people to malicious and fraudulent websites to steal their personal and financial information.”

  1. As every home becomes a smart home and more personal data lives on the cloud, the attack surface will expand no matter how “secure” people feel.

“There’s a “Black Swan event” coming as consumers and businesses alike adopt new technologies to make their lives smarter and more convenient, in turn, sharing and storing more of their data in the cloud. Being connected to the internet 24/7 will make everyone who uses smart devices more vulnerable in the coming years. I believe a critical event this year, or merely increasing attacks, will signal a wake-up call to consumers and businesses to think more critically about how smart technology use hinders their security and privacy.”

  1. Cybercriminals will take advantage of consumers’ vulnerable footing to increase attacks as the economy suffers and inflation rises.

“No one is more opportunistic than cybercriminals. They are experts in understanding consumers’ greatest concerns and how to tap into these fears with phishing tactics to steal their money or personal information. Covid-19 was a prime example of leveraging fear into ROI and the more recent Ukraine war only adds fuel to the fire. I anticipate this attack approach will continue to rise as the UK experiences growing inflation, resulting stimulation checks, job losses and a potential recession for more fear tactics.”

UK businesses experience up to five security incidents each year

960 640 Stuart O'Brien

Attackers are seizing on vulnerabilities in hybrid working environments, creating more work – and also larger budgets – for security teams, despite organisations accelerating digital transformation projects.

The latest State of Security Report from Infblox, which surveyed 100 UK respondents in IT and cybersecurity roles in the UK as part of its global sample, discovered that the recent surge in remote work has changed the corporate landscape significantly.

In fact 64% of UK organisations have accelerated digital transformation projects in order to support remote workers since 2020. This is higher than the global (52%) average.  

  As part of this shift just under half (49%) of organisations have increased customer portal support for remote engagement and 43% have added resources to their networks and data basis. Given that over a third (34%) have close their physical offices for good, this investment may prove to be a strong strategic move.  

Cybersecurity still causing headaches   

An increased digital footprint inevitably brings increased digital risk and the reality of a hybrid workforce is causing headaches for IT teams and business leaders. The data reveals that the loss of direct security controls and network visibility has half (50%) of UK companies more concerned about data leakage than anything else. Almost as many (45%) are worried remote worker connections will come under attack.    

It appears that organisations have good reason to worry, given the report found that 61% experienced up to five security incidents in the last year. However, there is some good news: 66% report that these incidents did not result in a breach. This may be because 73% were able to detect and respond to a security incident within 24 hours.   

Of the 44% reporting a breach, insecure WiFi access (47%) was the biggest cause. The data also suggests that UK workers are continuing to fall for phishing scams. In fact 4 in 5 (82%) breaches reported in the last 12 months were caused by this attack method. Phishing usually signals the need for or failure of employee and customer security awareness training that require technological backstops  

Defense in depth   

Infoblox’s report discovered that the majority of organisations are investing heavily in security tools to protect their hybrid environments. In fact, 59% of respondents saw bigger budgets in 2021 and 64% anticipate an increase in 2022.   

Many are turning to defense-in-depth strategies, using everything from data encryption and network security to cloud access security brokers and threat intelligence services to defend their expanded attack surface. As part of this, almost half of organisations (47%) are relying on DNS (Domain Name System) to block back traffic.    

“The pandemic shutdowns over the past two years have reshaped how companies around the world operate,” said Anthony James, VP of Product Marketing at Infoblox. “Cloud-first networks and corresponding security controls went from nice-to-have features to business mainstays as organisations sent office workers to work from home. To address the spike in cyberattacks, security teams are turning to DNS security and zero trust models like SASE for a more proactive approach to protecting corporate data and remote devices.”  

The full report is available for download here.  

Consumers blame banks, retailers and social media for ‘scamdemic’

960 640 Stuart O'Brien

Consumers think banks, retailers and mobile operators need to do more to protect them and their personal information from fraudsters.

That’s according to research conducted by Callsign, which says trust in these organisations is eroding fast because consumers say they are drowning in scam messages from fraudsters spoofing brand names daily.

The problem has become so pervasive that consumers don’t trust the technology, processes designed to protect them from fraudsters, and confirm identities with many adamant that users must prove beyond doubt who they are when logging in to use a platform, and that there should be an online identity system to quell the surge of scams.

Stuart Dobbie, SVP, Innovation at Callsign, said: “Our data demonstrates that consumer trust in our digital world has vanished and – rightly or wrongly brands – are being blamed. Yet the sense is that little is being actually done to purposely re-establish digital trust through complete and accurate digital identities.”

The survey of global consumers revealed that over a third (35%) of UK consumers say their trust in businesses such as banks, retailers, mobile network operators and delivery companies, has decreased due to persistent scams spoofing brand names. With UK consumers (44%) asking mobile network operators to do more to stop scammers using their platforms, and over a third (37%) asking the same of banks.

People claim to have received scams through email (76%), SMS (66%), phone (58%), messaging apps (15%) and social media (12%) in the last year. But two fifths (40%) of UK consumers don’t know where or who to report a scam message to, or simply get too many to bother (36%). Almost two thirds (60%) of UK consumers don’t trust organisations to keep their data safe; 44% of UK scam victims react with suspicion wanting to know where fraudsters got their details.

Therefore, it’s no surprise that consumers are calling on businesses to do more to keep them safe and when it comes to stopping fraud and scammers, consumers know what action they want organisations to take. More than a third (38%) of UK consumers think users should have to prove who they are when logging into a platform.

Dobbie added: “With consumers feeling the brunt of perceived inaction by organisations, it’s no surprise that they are asking for more protection. If we continue to be unable to know and trust that the person is who they say they are online, large parts of our society will stop working. Digital Trust is about the confidence we have in the technology, processes and people to secure our digital world. Digital Trust is underpinned by digital identities, and the fact that scams are running wild proves that our digital identities are well and truly broken.”

80% of global organisations expect breaches of customer records

960 640 Stuart O'Brien

Trend Micro and the Ponemon Institute have revealed the findings of a study which discovered that 86% of global organisations expect to suffer a cyber attack in the next 12 months.

The findings come from Trend Micro’s biannual Cyber Risk Index (CRI) report, which measures the gap between respondents’ cybersecurity preparedness versus their likelihood of being attacked. In the first half of 2021 the CRI surveyed more than 3,600 businesses of all sizes and industries across North America, Europe, Asia-Pacific, and Latin America.

The CRI is based on a numerical scale of -10 to 10, with -10 representing the highest level of risk. The current global index stands at -0.42, a slight increase on last year which indicates an “elevated” risk.

Organizations ranked the top three negative consequences of an attack as customer churn, lost IP and critical infrastructure damage/disruption.

Key findings from the report include:

  • 86% said it was somewhat to very likely that they’d suffer serious cyber-attacks in the next 12 months, compared to 83% last time
  • 24% suffered 7+ cyber attacks that infiltrated networks/systems, versus 23% in the previous report.
  • 21% had 7+ breaches of information assets, versus 19% in the previous report.
  • 20% of respondents said they’d suffered 7+ breaches of customer data over the past year, up from 17% in the last report.

“Once again we’ve found plenty to keep CISOs awake at night, from operational and infrastructure risks to data protection, threat activity and human-shaped challenges,” said Jon Clay, vice president of threat intelligence for Trend Micro. “To lower cyber risk, organizations must be better prepared by going back to basics, identifying the critical data most at risk, focusing on the threats that matter most to their business, and delivering multi-layered protection from comprehensive, connected platforms.”

“Trend Micro’s CRI continues to be a helpful tool to help companies better understand their cyber risk,” said Dr. Larry Ponemon, CEO for the Ponemon Institute. “Businesses globally can use this resource to prioritize their security strategy and focus their resources to best manage their cyber risk. This type of resource is increasingly useful as harmful security incidents continue to be a challenge for businesses of all sizes and industries.”

Among the top two infrastructure risks was cloud computing. Global organizations gave it a 6.77, ranking it as an elevated risk on the index’s 10-point scale. Many respondents admitted they spend “considerable resources” managing third party risks like cloud providers.

The top cyber risks highlighted in the report were as follows:

  • Man-in-the-middle attacks
  • Ransomware
  • Phishing and social engineering
  • Fileless attack
  • Botnets

The top security risks to infrastructure remain the same as last year, and include organizational misalignment and complexity, as well as cloud computing infrastructure and providers. In addition, respondents identified customerturnover, lost intellectual property and disruption or damages to critical infrastructure as key operational risks for organizations globally.

The main challenges for cybersecurity preparedness include limitations for security leaders who lack the authority and resources to achieve a strong security posture, as well as organizations struggling to enable security technologies that are sufficient to protect their data assets and IT infrastructure.