Data Protection

In light of Data Privacy Day, we've reached out to a number of experts for their thoughts on the evolving nature of data privacy, as well as advice for businesses and individuals alike on how they can best protect their data. Lecio De Paula, VP of Data Protection at KnowBe4: "Although the metaverse took all the attention in 2021, some seemingly innocuous privacy accomplishments have been overlooked. In just the past year alone, dozens of...

Did you know that over 80% of breaches involve brute force or lost and stolen credentials, and that over 70% of employees reuse passwords at work? Passwords are on your first line of defence against cyber-attacks and won’t be going away any time soon, getting this piece of the puzzle correct is foundational for cyber defence, the protection of your business and its data. Live Demo: Supercharge Your Active Directory Password Policy Join us for a 30-minute live demo...

Hackers are using weak and stolen credentials in a significant way to compromise business-critical environments. Stealing access to your environment using a known password for a user account is a much easier way to compromise systems than relying on other vulnerabilities. Therefore, using good password security and robust password policies is an excellent way for organizations to bolster their cybersecurity posture. What characteristics make up an effective password policy? Developing an effective reporting structure for...

Recent research from security and privacy comparison and advice website Comparitech.com, which has looked at children's apps available through Google Play  has found that 1 in 5 breach COPPA rules. Even more worrying is that half of the apps that violate the rules have received a "teacher-approved" badge. COPPA, imposed by the Federal Trade Commission (FTC), enforces a number of requirements on operators of websites or online services that are aimed at under 13 year...

An information leakage can result in grave consequences. Consider the recent SolarWinds supply chain attack which transpired from the exposure of a critical, and inanely simple, internal password (solarwinds123). In this way, making the recent findings by the Synopsys Cybersecurity Research Center (CyRC) especially troubling. The analysis of over 3,000 popular Android mobile apps showed information leakage to be commonplace. Passwords, user credentials, email addresses and tokens are among the information found. With this information,...

English Premier League football club, West Ham, has suffered an accidental data breach with personal information of supporters leaked via the clubs official website. Having first been reported by Forbes, error messages were being displayed on the West Ham's website before showcasing the profile information of supporters to other fans who were attempting to log into their accounts. The data leak resulted in key fan information being left exposed and included names, dates of birth,...

To lean on the cliché, these unprecedented times have brought about significant challenges for everyone. Practically every organisation, person and industry has been forced to make unexpected changes and significant sacrifices in a variety of different forms. The rush to equip organisations and employees with the tools needed to work from home has greatly exacerbated the already underlying condition of poor cybersecurity hygiene. While businesses and individuals were focused on staying safe and operational, cybercriminals...

Online gaming is on the increase, fuelled by the restrictive nature of our lives in 2020. Where once people could meet and play their favourite games or sports, this year they have been forced to do so virtually. This is not necessarily traditional eSports such as League of Legends or Dota 2 either, but it has applied to a much wider demographic within the population. Families have perhaps come together over Zoom to play online games, or...

The Cybersecurity and Infrastructure Security Agency (CISA) has released Emergency Directive (ED) 20-04 addressing a critical vulnerability— CVE-2020-1472—affecting Microsoft Windows Netlogon Remote Protocol. An unauthenticated attacker with network access to a domain controller could exploit this vulnerability to compromise all Active Directory identity services. Earlier this month, exploit code for this vulnerability was publicly released. Given the nature of the exploit and documented adversary behaviour, CISA assumes active exploitation of this vulnerability is occurring in the wild. ED...

A brand-new Insider Threat Report authored by Shareth Ben, director of insider threat and cyber threat analytics at Securonix has found that employees deemed “flight risks” are linked to around 60% of the insider threat incidents detected. Ben explained in the report that flight risks are those employees about to terminate employment with the company for various reasons and can be determined by Securonix’s advanced user behaviour analytics. The Securonix Threat Research Team analysed hundreds...