Welcome to ISMG's GDPR Resource Center!

The EU revamped its vaunted data protection and privacy laws with the 2016 passage of the General Data Protection Regulation. GDPR enforcement went into full effect on May 25, 2018, and any organization that stores Europeans’ personal data must comply.

Privacy Fines: Total GDPR Sanctions Reach $331 Million

Mathew J. Schwartz • January 19, 2021

Privacy watchdogs in Europe have imposed fines totaling more than $330 million since the EU's General Data Protection Regulation went into full effect in May 2018, according to law firm DLA Piper. Over the past year, regulators received 121,000 data breach notifications, up 19% from the year before.

Breach Notification

Probing Marriott's Mega-Breach: 9 Cybersecurity Takeaways

Latest

Endpoint Security

Millions of IoT Devices at Risk From TCP/IP Stack Flaws

Jeremy Kirk • December 8, 2020

A critical component within millions of consumer and enterprise IoT devices has dangerous software flaws. New research from Forescout Technologies into open-source TCP-IP stacks shows millions of devices from 150 vendors are likely vulnerable.

General Data Protection Regulation (GDPR)

Microsoft Backpedals Over 'Productivity Score' Monitoring

Mathew J. Schwartz • December 3, 2020

Microsoft is revamping its controversial "productivity score" in Microsoft 365 so that individual workers can no longer be tracked. The move follows warnings by privacy advocates that the feature was a step too far into the realm of workplace surveillance.

Cloud Security

Strong Crypto and Policing: EU Again Debates Encryption

Tony Morbin • November 19, 2020

European lawmakers are once again considering encryption policies and attempting to strike a balance between the privacy and security afforded by strong encryption and law enforcement's needs. But with encryption being a cornerstone of the internet, is there any new balance to be struck?

General Data Protection Regulation (GDPR)

Cybersecurity Essentials for SMEs

Anna Delaney • November 19, 2020

Small and midsize enterprises must avoid assuming they won't be targeted for cyberattacks and ensure they're taking adequate security precautions, says Emma Philpott of the consultancy IASME Consortium Ltd., who offers insights on essential steps.

COVID-19

Analysis: Are Marriott and BA's GDPR Fines Big Enough?

Anna Delaney • November 6, 2020

The latest edition of the ISMG Security Report features an analysis of the EU General Data Protection Regulation fines that have finally been imposed on Marriott and BA over serious data breaches each suffered. Also featured: Regional digital fraud trends, and a look at the CISO role and its responsibilities.

Cybercrime

Marriott Breach Takeaway: The M&A Cybersecurity Challenge

Mathew J. Schwartz • November 4, 2020

Takeaway from the U.K.'s GDPR privacy fine against hotel giant Marriott: During M&A, review an organization's cybersecurity posture before finalizing any acquisition. Because once a deal closes, you're fully responsible for data security - IT network warts and all.

Business Continuity Management / Disaster Recovery

NCSC Reports Record Number of Cyber Incidents Amid COVID-19

Prajeet Nair • November 3, 2020

The U.K. NCSC responded to over 700 cyber incidents over a 12-month period, 200 of which were related to the COVID-19 pandemic, according to the cyber agency's annual report. NCSC also notes that's it's preparing to step-up its response to cyber incidents involving the NHS and vaccine development.

Application Security

Behavioral Biometrics: The Next Generation

Tom Field • October 19, 2020

Behavioral biometrics have evolved, and Michael Yeardley of LexisNexis Risk Solutions says the new generation of controls can not only identify the bad guy - but also "the really clever bad guy." He explains how.

Cloud Security

Insights from the CyberEdge 2020 Cyberthreat Defense Report

Information Security Media Group • January 12, 2021

Hear the latest research from the CyberEdge 2020 Cyberthreat Defense Report and benchmark your organization's security posture, operating budget, and product investments in this webinar.

Fraud Management & Cybercrime

Beat the Bad Guys: Contact Center Security Solutions For Fraud Detection For 2021 and Beyond

Pindrop Security • January 6, 2021

Explore Evolving Challenges and Solutions in The Fight Against Fraud Investigate emerging anti-fraud technology developed for the increased complexity of fraud across channels in malicious attacks in a live analyst discussion with Pindrop, featuring Aite Group.

Next-Generation Technologies & Secure Development

Reducing Fraud Through Advanced IVR Technologies

Pindrop Security • January 6, 2021

This podcast explores the security risks materializing as a result of the pandemic the readiness of enterprises to handle fraud risks (particularly in the IVR) and recommended strategies to secure the IVR.

Fraud Management & Cybercrime

Reimagining Ransomware Defense

Tom Field • December 15, 2020

It's not just that ransomware attacks are up in 2020; it's that attackers have evolved their tactics and techniques. And Deepen Desai of Zscaler says this means it's time for organizations to completely reimagine their ransomware defenses.