CS Sep-Oct 2021

More documents

Recommendations

Info

information security PRIVACY PAYOFF: CHAMPIONING DATA VIGILANCE AS PEOPLE CONSIDER POST-PANDEMIC LIFE WHILE EDUCATING CONSUMERS IS IMPORTANT, INDIVIDUALS MUST ENGAGE BY REFLECTING ON THEIR ONLINE SECURITY AND ITS IMPACT, STATES DAVID EMM, PRINCIPAL SECURITY RESEARCHER AT KASPERSKY Much has been made of the 'new normal' that awaits us beyond COVID - or at least, this stage of COVID. As we learn to live either with or without the virus, we have already entered our post-lockdown lives. Those long-awaited holidays, that music festival, a three-time-postponed sporting event. Or, via a few clicks of a button, your online shopping network, your updated communications apps, your more dispersed and digitised social life. It's understandable that people have been eager to get back to normal now that restrictions have lifted. However, in the race to return to these events, there has been an increased security conundrum - but what is the privacy price people are willing to pay to ensure that they are at the front of the queue when getting back into events, going on holiday and more? What personal data are those in Europe willing to sacrifice for post-pandemic freedoms? At first glance, it's clear that we are willing to pay quite a hefty price. A new data privacy heatmap has explored the new consumer dynamic across Europe to gauge what people are, and are not, willing to share in the form of personal data, in order to access these new freedoms, solutions and online services. In the UK, for example, almost threequarters (72%) would be happy to share personal healthcare, location and contact data if it meant a quicker release of restrictions and back into events, festivals, social spaces or airports. And seven in 10 European respondents also stated they would be prepared to provide personal healthcare and movement data for more freedoms. Furthermore, 45% of European respondents said they would willingly provide healthcare and movement data to help their own country overcome COVID-19. On the domestic front, 84% of Brits would share personal data for free digital services, while lures of discounts, online convenience or 'free gifts' would also tempt many out of their private details. While the promise of gifts and details may seem appealing, many don't realise the privacy implications of giving such information away. These insights and attitudes bring fresh cybersecurity concerns to the fore. But is it a lack of awareness or a lack of care that is failing to halt the data deluge? It seems to be the latter. Almost all (95%) of Brits claim that data privacy is important to them, and they also seem to be aware of the pitfalls, with 83% voicing concern that their data could fall into the wrong hands over the next two years. And this sentiment is echoed throughout Europe, too. In fact, as revealed by the heatmap, 95% of Europeans feel data privacy is important but only 52% of the continent's population feel in control of their personal data. Eight in 10 Europeans also fear that their personal data will fall into hands of criminals, just as Brits do as well. While educating consumers is important, it is equally crucial that individuals themselves engage in considering their online security and its impact. A prime example would be social media and the ease through which people often share large amounts of private data without considering the wider implications as to whom can access that information, such as advertisers and marketers for example. It is a case of taking responsibility for their online safety as they would in person. This includes understanding the information they are giving and whether the benefits outweigh the risks. PRIORITISING CUSTOMER PRIVACY That being said, businesses hold the main responsibility for making people's privacy a priority. They must ask themselves not only from a legal standpoint, but from an ethical one: what is the purpose of the data that is being collected? And: what are the implications of having this data, should there be a security breach? After all, the more data that is held, the more at risk it becomes, meaning that only essential information should be collected. The most important question that businesses must ask themselves, however, is: what are we doing to protect consumers? Not only will asking this question mean businesses are protecting customer's data 24 computing security September 2021 @CSMagAndAwards www.computingsecurity.co.uk
information security more effectively, but they will also help protect themselves. After all, a GDPR violation can lead to fines of up to 20 million Euros, or up to four per cent of the company's global annual turnover - quite a hefty price to pay. And that's not including the reputational damage that comes with a data breach, if consumers understandably lose faith in a business's ability to manage their data. Ian Thornton-Trump, CISO at Cyjax, suggests that the way to tackle many of the issues faced is through endpoint detection and response (EDR). "Increasingly, EDR is finding favour over traditional anti-virus, but to be most effective, these solutions must be deployed into a managed, licensed and hardened IT environment." This, in essence, would enable businesses to become more vigilant, in terms of cyber threats, equipping them with the tools to spot and manage them. Though an EDR solution is not a silver bullet, it's a vital part of an organisation's cybersecurity arsenal - which, when combined with staff education and a professional and personal sense of data protection responsibility, will help keep people's personal assets safe. The majority of consumers are concerned about their data being stolen in the near future - and though the onus is on businesses to protect this information, individuals should also understand the implications of giving out their personal data - especially if it's for free gifts or discounts - and consider if it is really worth the return they receive. Overall, a careful balance must be struck between both the excitement of getting back to life as it once was and what data needs to be shared to unlock those freedoms. SIMPLE STEPS TO STAY SAFE The public has long looked forward to embarking on much-missed holidays and attending events; however, as they get more confident and life resumes as normal, we must also seek to support them in their cybersecurity hygiene, as well as increasing their knowledge about how to protect themselves and their personal data, allowing them to enjoy those well-earned post-pandemic experiences safely. Simple steps to limit the amount of personal data that is accessible that can be taken by consumers include: deleting profiles and accounts from websites or apps that are no longer used; investing in password managers, which create, save and store passwords automatically, meaning people don't have to use the same password for all of the online services they use; and utilising the Right to Erasure, better known as 'The Right to Be Forgotten', which empowers people to be able to request that their data is completely removed from business servers. With these steps taken, and the amount of personal data 'out there' drastically lessened, people can feel more assured that their information is safe, and controlled, offering them far greater protection from their data being used for criminal or unethical gains. www.computingsecurity.co.uk @CSMagAndAwards September 2021 computing security 25
Page 1 and 2: Computing Security Secure systems,
Page 3 and 4: comment 2021 COMPUTING SECURITY AWA
Page 5 and 6: There’s a difference between feel
Page 7 and 8: ADISA ICT Asset Recovery Standard 8
Page 9 and 10: UNIQUE EVENT FOR THE CYBER SECURITY
Page 11 and 12: ansomware BASIC SECURITY IS ESSENTI
Page 13 and 14: 50 % OFF RANSOMWARE PREVENTION & PR
Page 15 and 16: information security things, but, w
Page 17 and 18: health check This has enabled indiv
Page 19 and 20: global intelligence will have impli
Page 21 and 22: all at sea CRUISING FOR A BRUISING
Page 23: all at sea Secondly, adversaries' c
Page 27 and 28: new-world shakeup for every employe
Page 29 and 30: global intelligence Incident Notif
Page 31 and 32: CS Nominations 2021 NOMINATIONS OPE
Page 33 and 34: APTs malware to install backdoors t
Page 36: Pragmatic and experienced risk mana

CS Sep-Oct 2021

Create successful ePaper yourself

Delete template?

Save as template?