Security News

Reader Survey Results Back in September, we asked readers of The Register about data sovereignty. The figure that we initially thought surprising was that 48.1 percent of respondents still have their systems and data in private, on-prem data centres.

Compliance standards are designed to give organizations a foundational approach to designing their security program while also reassuring third parties that you have met at least a minimal set of security controls. In this Help Net Security video, Christopher Fielder, Field CTO at Arctic Wolf, discusses the common mistakes organizations make in their compliance journeys.

This lack of in-house compliance experience and expertise often prompts companies to turn to third-party solutions to streamline the compliance process and act as a liaison with their auditors. Some of the most common compliance myths stem from misnomers and confusing or conflated terminology.

In this Help Net Security video, Rebecca Herold, IEEE member and CEO of Privacy & Security Brainiacs, discusses data, privacy, surveillance, and compliance challenges facing businesses in the wake of the US Supreme Court's repeal of the Roe v. Wade decision, which stated that a clause of the Fourteenth Amendment to the US Constitution provides a "Right to privacy" and, through it, a pregnant woman's right to an abortion. In this day and age, when information about individuals is widely collected and/or inferred via online tracking and ubiquitous real-world surveillance technology, what should businesses do when asked to hand over data about their users and employees.

As a result of the increasing concern over consumer data privacy and protection, many government regulations and compliance mandates now focus solely on consumer data protection. Since the inception of these various consumer data privacy compliance acts, global organizations across diverse industries have faced a common challenge in protecting consumer data to remain compliant.

While compliance with the PCI Data Security Standard has improved significantly in 2020, it is still well off its 2016 highs, according to the 10th 2022 Verizon Payment Security Report. In response to ever escalating cyberthreats in the payments industry, the PCI Security Standards Council instituted its most ambitious rewrite of the PCI DSS since 2004, the report said.

If you're considering a third-party audit like SOC 2 or ISO 27001, you should be prepared to answer some tough questions about endpoint security. If you're not sure how you'll answer those questions, then you need Kolide.

As of June 30, 2022, 91% of companies across all verticals, states, and business size that must comply with CCPA are still unprepared to meet CCPA requirements, according to CYTRIO. Further, 94% of companies that must comply with GDPR are ill prepared to meet the GDPR compliance requirements. "The majority of companies that must meet CCPA, CPRA, and GDPR compliance have a long way to go, and with enforcements looming, many are exposed to compliance enforcement fines and private-right of-action," said Vijay Basani, CEO, CYTRIO. "Through our ongoing research, we aim to educate the market on the importance of data privacy rights compliance, the need to enable consumers to easily exercise their data privacy rights, and how companies can build trust with their customers leveraging automated Data Subject Access Request submission and response solutions."

Such traditional solutions cannot support large-scale cloud transformation initiatives requiring a modern PAM approach with automated and context-aware access controls. "You invest in modern infrastructure and application development tools. Shouldn't you invest in a modern PAM solution designed for the cloud or hybrid environment to protect it?".

India's Ministry of Electronics and Information Technology and the local Computer Emergency Response Team have extended the deadline for compliance with the Cyber Security Directions introduced on April 28, which were due to take effect yesterday. The Directions were purported to improve the security of local organisations, and to give CERT-In information it could use to assess threats to India.