Aside from ransomware attacks, which remain a recurring theme in today's IT / OT landscape and are expected to grow in popularity even further, the last month's security news was once again dotted with high-profile examples of companies losing control of their customer's data - Alibaba, McDonald's, Volkswagen, the list goes on. In this issue, we take a look at what companies should do to prevent such breaches in the first place, how to respond to them, and what you as a customer can do to minimize your exposure online.
Given how ubiquitous the use of cloud computing has become over last couple of years – be it for data processing or cold storage – it is shocking how many organizations still fail to address the basics of cloud security. The reason for this is certainly not the lack of available guidance. Organizations such as the Cloud Security Alliance (CSA) or the Center for Internet Security (CIS) do valuable work to empower organizations to perform a secure transition into the cloud and keep their systems protected. In an article for Cybersecurity Magazine, Tom Madsen examines the recently updated CIS Controls® v8, highlighting what has changed compared to previous versions.
Being able to quickly identify an attack and respond to it can make all the difference between a minor incident and a major data breach. In order to do so, companies must lay the foundation for effective threat detection and incident response processes early on. In Cybersecurity Magazine, Mark Harrison shares his recommendations on where to start and what capabilities to prioritize.
Even the most elaborate security framework does not guarantee immunity against a compromise. When things go south and customer data gets breached, it is important to respond appropriately. Crucially, incident response should not stop at containing the breach and eliminating the imminent threat, but must also include communicating the impact of the breach to affected customer in a timely and factual manner.
As private individuals using the internet for a variety of tasks in our day-to-day life, it may seem futile to worry about the security controls of each and every service provider. At the end of the day, it is a matter of trust, since there is no way of controlling or even verifying how your data is protected outside of your premises. What you can control, however, is who you trust your data with in the first place, especially as more and more companies manage to establish themselves in a small but growing niche offering privacy-first services.
Search is just one of the many services that may be tracking your every step online, mostly to serve targeted ads. In a recent report, the Norwegian Consumer Council is looking at surveillance-based advertising and its harmful consequences on individuals and on society, which include discrimination, misinformation, security and privacy risks. Importantly, there are viable alternatives to these practices that allow ads to be shown in relevant places without pervasive tracking.
Cybersecurity Magazine Editorial Team
Secure and Private Compute Summit
July 6-7, 2021
To accelerate your adoption of cloud services, improve your AI development, and share your sensitive data across multiple parties, all whilst maintaining compliance in regulated environments, it is critical to ensure that your sensitive data, whilst it is being processed, is kept private and secure.
The Secure and Private Compute Summit, taking place virtually on July 6-7, is is a free conference giving organizations the know-how they need to keep data secure throughout the data lifecycle.
Register today for free and discover how the likes of Mastercard, Novartis, BT, Mayo Clinic, Citi and others are now able to collaborate, monetize and process their most sensitive data on the cloud.
For our latest video discussion on the security and production systems please see the River Publishers YouTube.
The latest journal articles from River Publishers in all areas of cyber security can be found on the River Publishers website.