Cybersecurity trends and advice from around the web.

EU are under threat: it’s a CERT

The European Union’s computer emergency response team (CERT-EU) has released its first-ever summary threat landscape report. It gives an overview of direct threats to institutions, bodies and agencies across the EU Member States.

Targeted attacks were a steady trend during 2019, along with “intense activity” around Trojans and bots. The next most commonly found threat was data harvesting and leaks. This is where EU staff used professional email addresses for private web accounts which exposed them to leakage. Phishing remains another ongoing threat, taking the form of phone scams, along with invoice and payment fraud. CERT-EU has also published six new threat memos here.

Things that go dump in the night

Is your business planning to use smart devices or Internet of Things (IoT) technology? There are plenty of good reasons to do so, but in the scramble to launch, security can get trampled underfoot. Examples are everywhere: a bug in Philips’ smart light is a potential attack vector into a network. Ring’s smart doorbells play fast and loose with security and privacy by surveilling users. (The Sunday Business Post interviewed Brian Honan about these risks). And let’s not forget the Mirai botnet.

The number of smart, connected devices is growing all the time. Now the UK Government is proposing new rules that will force manufacturers to implement password protection and stop their devices from being so vulnerable. Brian commented on this development for Bank Info Security. ENISA has already published best-practice guidelines to help organisations implement IoT as securely as possible.

Data protection, post-Brexit

So it’s finally happened: Brexit got done. Now what? From a data protection perspective, nothing will apparently change in the short term. The UK is now in a transition period where GDPR will still apply, and this is due to last until the end of December 2020. The latest guidance from the Data Protection Commission is that “arrangements for transferring personal data to or from the UK remain unchanged. Controllers will be able to continue to transfer personal data to the UK as before, until such a point as the transition period ends and/or a new agreement regarding data protection is reached.”

The DPC’s UK counterpart, the ICO, has also published an update to its Brexit FAQs. But – and with Brexit, there’s almost always a but – Boris Johnson has said the UK intends to develop “sovereign controls” for a range of fields including data protection. What these “separate and independent policies” will look like remains to be seen.

Links we liked

This free tool checks if you’ve been infected with Emotet ransomware. MORE

“Critical concern” over Ireland’s cybersecurity – an Irish Times editorial. MORE

Stress and burnout: all in a day’s work for CISOs. MORE

The United Nations suffered a major hack, but told no-one about it. MORE

An entertaining profile of Cliff Stoll, one of the original ‘hacker hunters’ MORE

Average ransomware payments have reportedly doubled in three months. MORE

How password practice is changing worldwide: a major new report. MORE

The art of the steal: an email scam with a painterly flourish. MORE

The dark heart of one of the world’s hottest cybersecurity startups. MORE

Investing in privacy pays off many times over, a new survey from Cisco has found. MORE