What happens if organizations that must comply with GDPR have yet to achieve compliance, despite having had two years to do so before enforcement began? Don't panic, says cybersecurity expert Brian Honan, but do be pursuing a data privacy transparency and accountability action plan.
Leading the latest edition of the ISMG Security Report: Reports on the impact enforcement of the EU's General Data Protection Regulation, which began Friday, will have on the healthcare and banking sectors. Plus an assessment of GDPR compliance issues in Australia, which offer lessons to others worldwide.
To judge by the flood of GDPR-themed email hitting inboxes, Europe's privacy law has been designed to ensure that you say "yes" to companies that monetize the buying and selling of your personal details, regardless of whether you remember ever having done business with them before.
Researchers have discovered two new Spectre/Meltdown variants: variant 3a, a rogue system register read, and variant 4, a speculative store bypass. Some AMD, ARM, Intel and IBM Power chips have the flaws, which attackers could exploit to steal sensitive data. Some fixes have already been shipped.
The EU's General Data Protection Regulation, which will be enforced beginning May 25, has significant implications for how financial institutions worldwide handle customer data, says Brett King, CEO of Moven, an all-digital bank, who sizes up the challenges.
If you're paying attention, you've probably already seen a handful of GDPR-related headlines just today, let alone in the last week or month. But there are two good reasons for the deluge of GDPR discussion right now: It's incredibly important and the time to act is now.
Leading the latest edition of the ISMG Security Report: Years of massive data breaches have fueled an increase in synthetic identity fraud, in which fraudsters combine real and bogus details to create more effective fake identities. Plus, has "The Dark Overlord" hacking group finally met its match?
A security breach is always a sensitive topic - but especially so during a merger or acquisition. Ofer Israeli, CEO of Illusive Networks, discusses how deception technology can help prevent disruption by a cyberattack during M&A activity.
The noose appears to be tightening around the Dark Overlord, a group of international hackers who have stolen and held for ransom sensitive information from dozens of companies, healthcare organizations and U.S. public schools. Serbian police say they've arrested a suspect in cooperation with the FBI and U.K....
A former CIA software engineer who is facing child pornography charges is a possible suspect in the largest-ever leak of classified information from the spy agency. While Joshua A. Schulte has not been charged with the leak, prosecutors have indicated they will soon indict him.
Mexican officials are investigating a series of technical glitches that may have been a prelude to a large cyberattack affecting at least five banks, according to news reports. While the full scope of the incidents remains unclear, up to $20 million may have been stolen.
Speech recognition software vendor Nuance Communications says an unauthorized third party accessed one of its medical transcription platforms, exposing records for 45,000 people. The company has blamed the breach on a former employee, who accessed personal data from several of Nuance's clients.
Chili's Grill & Bar is warning customers that an unknown number of payment cards were compromised at an unknown number of corporate-owned locations earlier this year for a period of time it suspects lasted two months. Should Chili's have waited to alert customers until it had more information?
Equifax says it continues to field queries from U.S. lawmakers about the full extent of its massive 2017 data breach, which occurred after an attacker exploited its unpatched Apache Struts web application. Research finds that many more organizations are using unpatched Struts applications.