Curated advice, guidance, learning and trends in cybersecurity and privacy, as chosen by our consultants.
How to take the pulse of your security efforts/health check
As any seasoned infosec professional knows, the security landscape shifts constantly. At times of elevated threat levels, it can be useful to take the pulse of important security controls, to make sure they’re working as they should. That’s why the National Cyber Security Centre has published a new short guide, the Cyber Vitals Checklist.
The four-page guide lists eight high-level actions for checking the health of key areas. For example, it recommends reviewing access controls, raising employee awareness, and having an incident response plan. Each of the actions has a subset of checks, breaking down what you need to do in more detail.
The guide is free to download at this link.
Five drivers put security in cruise control
So often in firefighting mode, security teams often struggle to decide which areas to prioritise. An independent, double-blind study of over 5,100 IT and security professionals has identified five drivers that make the difference. Those five drivers are: be proactive about refreshing technology; use well integrated technologies; respond quickly to incidents; have prompt disaster recovery; and detect threats early and accurately.
Focusing on these five areas would put an organisation ahead of 79 per cent of peers, claims Cisco, which supported the vendor-agnostic research. For example, it says threat detection and response improves by nearly 40 per cent when organisations have well-integrated functions for identifying assets and risks. The findings are detailed in the Security Outcomes Study, volume 2. There’s an interactive page covering key findings, together with a deeper dive into the full report.
Data transfer developments
There was some recent news of interest to organisations transferring personal data across borders. The volume of data circulating across EU Member States and affiliates will increase 15-fold by 2030. That’s a key finding from an EU study on data flows from around the bloc to cloud infrastructures. Measuring these flows is one of the actions undertaken for the European Strategy for Data. While we’re on the subject of data flows, the UK Information Commissioner’s Office has published the final form of its new International Data Transfer Agreement. Together with a separate addendum to the EU’s Standard Contractual Clauses, the agreement is expected to come into effect on March 21.
Separately, Belgium’s data protection regulator has fined the Interactive Advertising Bureau €250,000, finding that its transparency and consent framework (TCF) for behavioural advertising is in breach of the GDPR. As TechCrunch reported, IAB also has a deadline of six months to clean up its privacy processes.
News reaches us that the number of data breaches increased by a massive 68 per cent in 2021. That’s the highest total on record, CNET reported. The figures come from the Identity Theft Resource Center’s annual report. Though primarily US-focused, the data still paints a depressing picture of identity crime and the loss of confidential data. And after TikTok’s data protection lead Gordon Wade forecast a key year for court decisions on data protection claims, Facebook’s parent company Meta is threatening to withdraw from Europe if it can’t continue to transfer data to the United States.
Links we liked
This excellent Twitter tread outlines steps for anyone who’s new to infosec. MORE
Meanwhile, SANS Institute says anyone can start a career in cybersecurity. MORE
Phil Venables, CISO at Google, on the secrets of successful security programmes. MORE
A free five-hour course on open-source intelligence (OSINT). MORE
For privacy professionals, this roundup has 28 useful stats about business priorities. MORE
Guess what: electronic waste is also a cybersecurity problem. MORE
This paper analyses the current state of the cyber insurance market. MORE
How an engineer cracked a crypto wallet worth – wait for it – $2 million. MORE
Meanwhile Europol busts some myths around crypto and cybercrime. MORE
And while we’re debunking myths, here’s a fresh take on supply chain intrusions. MORE
Have you signed up to our monthly newsletter? Every month we send out the latest cybersecurity and data protection news, trends and advice from around the globe. Sign up here