Welcome to ISMG's GDPR Resource Center!

The EU revamped its vaunted data protection and privacy laws with the 2016 passage of the General Data Protection Regulation. GDPR enforcement went into full effect on May 25, 2018, and any organization that stores Europeans’ personal data must comply.

Austrian privacy rights campaigner Max Schrems speaks at the European Data Protection Summit.

8 Takeaways: European Data Protection Summit

Mathew J. Schwartz • June 6, 2019

One year after the EU's General Data Protection Regulation went into full effect, data protection experts gathered at the European Data Protection Summit in London to review the state of privacy - not just in the U.K. and Europe but across the world. Here are eight takeaways.

General Data Protection Regulation (GDPR)

GDPR: Still Plenty of Lessons to Learn

Latest

Cybercrime

10 Highlights: Infosecurity Europe 2019 Keynotes

Mathew J. Schwartz • June 14, 2019

Data breaches, incident response and complying with the burgeoning number of regulations that have an information security impact were among the top themes at this year's Infosecurity Europe conference in London. Here are 10 of the top takeaways from the conference's keynote sessions.

Cybercrime

Analysis: The Cybersecurity Risks Major Corporations Face

Nick Holland • June 14, 2019

The latest edition of the ISMG Security Report features a deep dive into an analysis of the cybersecurity risks that publicly traded companies face. Plus: Was the band Radiohead hacked? And what's unusual about the proposed Premera Blue Cross breach lawsuit settlement?

Cybercrime

No Invitation Required: Hackers Can Phish Evite Users

Mathew J. Schwartz • June 11, 2019

Online invitation site Evite has been hacked and information on an unspecified number of users stolen. In a data minimization fail, the breach apparently dates from earlier this year, but it's been tied to "an inactive data storage file associated with Evite user accounts" from before 2014.

Anti-Phishing, DMARC

Verizon DBIR: C-Level Executives in the Crosshairs

Nick Holland • May 22, 2019

C-level executives are 12 times more likely to be the target of social incidents and nine times more likely to be the target of social breaches. This is among the key findings of the latest Verizon's Data Breach Investigations Report. Author John Grim shares insight.

Fraud Management & Cybercrime

Facebook Password, Email Contact Mishandling Worsens

Jeremy Kirk • April 19, 2019

Two security issues disclosed by Facebook over the past month are worse than first thought, adding to a harrowing series of data-handling mishaps by the social network. Millions of Instagram users had their plain-text passwords stored, and 1.5 million people had their email contact lists uploaded without consent.

Blockchain & Cryptocurrency

10 Highlights: Cryptographers' Panel at RSA Conference 2019

Mathew J. Schwartz • April 17, 2019

From blockchains and surveillance to backdoors and GDPR, a group of leading cryptographers rounded up the top cybersecurity and privacy matters of the day at the cryptographers' panel held at the recent RSA Conference 2019 in San Francisco.

Anti-Phishing, DMARC

Microsoft: Email Content Exposed in Customer Support Hack

Jeremy Kirk • April 16, 2019

Microsoft says intruders targeting its email services had access to email content for a single-digit percentage of the overall affected accounts, a more serious conclusion than first thought. But the company hasn't released many details, including the total number of accounts affected.

General Data Protection Regulation (GDPR)

Vendor Risk Management: More Than a Security Issue

Varun Haran • April 3, 2019

Vendor risk management must be a higher priority in all business sectors and must extend beyond security to include privacy, says Kabir Barday of OneTrust.

Global Compliance

The Far-Reaching Implications of PSD2

Nick Holland • March 27, 2019

PSD2 requirements for strong authentication and third-party bank account access go into effect this September. Angie White, product marketing manager at iovation, discusses the implications of the directive inside and outside the European Economic Area.

Next-Generation Technologies & Secure Development

Inside Netscout's Threat Report

Tom Field • March 25, 2019

Netscout is out with its latest threat report, and the research offers some startling new insights into DDoS, advanced threats and the commercialization of cybercrime. Hardik Modi offers analysis.

Application Security

API-Centric Automated Attacks on the Rise

Varun Haran • March 25, 2019

CloudEntity CEO Nathaniel Coffing shares insight on building foundational API security in a zero-trust world.

Fraud Management & Cybercrime

CrowdStrike's 2019 Global Threat Report

Tom Field • March 25, 2019

CrowdStrike is out with its 2019 Global Threat Report, which includes a ranking of the most dangerous nation-state adversaries. The company's CTO, Dmitri Alperovitch, discusses the report's key findings about threats and threat actors.