GDPR: A Deadline You Can’t Afford to Ignore

Illustration: GDPR: A Deadline You Can’t Afford to Ignore - Authentic8 Blog

by Steve Durbin, Managing Director, Information Security Forum

If your U.S.-based business deals with customers, employees or contractors in the European Union, the clock is ticking for you. On May 25th, the EU’s General Data Protection Regulations (GDPR) goes into effect.

It will affect you no matter if you have an actual presence in Europe or not.

At the Information Security Forum (ISF), we consider GDPR to be the most extensive overhaul of global privacy law in decades. It fundamentally redefines the scope and application of EU data protection legislation.

GDPR compels organizations worldwide to comply with its requirements — or face stiff fines and penalties. The regulation affects any organization that handles the personal data of European Union (EU) residents, regardless of where the data is processed.

Many US-based organizations are obliged to comply with the new standards. Given the global nature of e-commerce, cloud services, and communications platforms, few organizations will be able to completely avoid the requirements.

Local Browser Wins Olympic Gold for Worst Security

Illustration: Local Browser Wins Olympic Gold for Worst Security - Authentic8 Blog

by Amir Khashayar Mohammadi

Nearly every web browser comes equipped with a built-in password manager. Combined with all its other inherent vulnerabilities, this makes the local browser an even more attractive target for automated attacks. The bad guys would love to gain access to the container that keeps track of the keys to your online bank. Given the browser’s weak security underpinnings, how hard could it be?

Not too hard. This was confirmed, once again, by news that broke earlier this week. A new piece of malware, dubbed "Olympic Destroyer" by security firm Talos, does just that. Its purpose was to target a network of non-critical systems at this year's Winter Olympics in PyeongChang, South Korea.

Cybersecurity researchers pointed out that Olympic Destroyer was designed to take computers offline by erasing critical system files. But that was not the whole story. Olympic Destroyer also features two critical methods of stealing credentials.

One technique targets those credentials stored in the

10 IT Weak Spots Hit Hardest by the Cybersecurity Talent Shortage

Illustration: 10 IT Weak Spots Hit Hardest by the Cybersecurity Talent Shortage - Authentic8 Blog

by Larry Loeb

About 350,000 IT positions that require cybersecurity knowledge and skills remain currently unfilled. What impact does the acute talent shortage have on critical day-to-day IT security tasks?

*

According to Bloomberg BNA, 2017 was the Year of the Data Breach. Major institutions and organizations suffered from damaging hack attacks and data leaks.

No wonder that in 2018, many CISOs are growing even more concerned about the acute talent and skills shortage in cybersecurity.

Critical areas and attack vectors go uncovered, due to a lack of personnel. Will more major trouble like last year’s Equifax hack be the result?

By 2022, industry observers expect a shortfall of 1.8 million infosec professionals. The effects of not having the right people in the right slots are varied, but one outcome seems certain: essential tasks will be left undone.

Which IT security to-dos are too easily missed?

A lack of awareness exacerbates the resulting risk for the organization’s overall cybersecurity

Adobe Flash: Updating the Problem is Not a Solution

Illustration: Adobe Flash: Updating the Problem is Not a Solution - Authentic8 Blog

by Amir Khashayar Mohammadi

Right in time for Groundhog Day, another serious Zero-Day vulnerability was added to the long list of Adobe Flash Player exploits. Early reports indicate that North Korean nation-state actors have taken advantage of this security flaw at least since mid-November 2017.

If you still run Flash in your local browser(s), get rid of it now. Read on below to learn how to protect yourself without necessarily having to give up on websites that put your local IT at risk by asking you to install Flash.

*

The critical Adobe Flash Player Zero-Day vulnerability was disclosed with no patch available at the time (CVE-2018-4878). Affected are all versions 28.0.0.137 and prior. This vulnerability also impacts all major operating systems (Windows/Linux/Macintosh/ChromeOS) and most major browsers, such as Microsoft Edge, Chrome and Internet Explorer 11.

Attackers who take advantage of this remote code execution flaw would gain full control over the victim’s entire environment:

GDPR-in-a-Box: New Online Tool Helps Small and Medium-Sized Enterprises

Illustration: GDPR-in-a-Box: New Online Tool Helps Small and Medium-Sized Enterprises - Authentic8 Blog

The European Commission has published a new GDPR online tool to facilitate the application of its new data protection rules.

The General Data Protection Regulation (GDPR) takes effect on May 25th, 2018. The same rules apply to all companies offering services in the European Union or handling the protected data of EU citizens or residents.

This includes U.S. companies, even if they don't have subsidiaries in the EU. The new online tool was developed to assist small and medium-sized enterprises.

Guidance for practical application of GDPR

Knowledge of the new rules is not evenly spread. By some estimates, more than 80 percent of U.S. companies who will be affected (and may face stiff penalties if found non-compliant) have not adjusted their IT and data protection to the new GDPR reality yet.

The new website aims to help individuals, businesses (in particular SMEs) and other organizations to comply and benefit from the new data protection rules.

It includes GDPR basics -