Curated advice, guidance, learning and trends in cybersecurity and privacy, as chosen by our consultants.

Summer school scheme for security hopefuls tackles skills shortfall

Hiring people into security roles has always been a challenge. Internship offers – often a well-trodden path into the security industry – have dried up due to the restrictions stemming from Covid-19. There’s a real risk that some talented people could be lost to the industry. A new initiative is addressing this problem by pairing experienced infosec professionals with students and those changing careers. Called the Lost Summer Bootcamp, the community effort is run by security industry veteran Owen O’Connor, together with ISACA.

The structured programme will run over four weeks between July and August. The content will be a mix of talks, Q&A sessions and practical challenges that improve the participants’ technical skills. The course also covers non-technical areas like policy, awareness, standards, and risk assessments, as well as secure development and cloud. Already, 35 professionals have volunteered their support and dozens of participants are due to take the course. By the end, they’ll have a broader network in security, and will also have an artifact like a report or code on a GitHub repository that they can show to potential employers. For more details or to offer support and other project ideas, see https://securitytalent.ie/lostsummer

Counting the high cost of cybersecurity incidents and data breaches

Irish and German companies suffered the biggest median losses in Europe from security incidents. Between September 2019 and February 2020, the median loss from breaches and attacks was almost €92,000. The findings come from a major survey by cyber insurer Hiscox, which found security-related financial losses rose six-fold since 2019.

The Irish Independent led with the financial angle, reporting that Irish company, not named, suffered losses of €17.8 million. The most heavily targeted sectors in Ireland were financial services, manufacturing and technology, media and telecoms. RTE noted the finding that 6.5 per cent of Irish firms paid a ransom following a ransomware attack. Helpnet Security took a Europe-wide view of the research, noting the improvement in cyber readiness the research also highlights. There are many other valuable data points in the research, which surveyed 5,569 security professionals. 

GDPR: a lot done, more to do

The now-infamous Irish political phrase offers an apt summary of the European Commission’s report into the first two years of the EU General Data Protection Regulation. The 19-page review found that GDPR is meeting some objectives, but could improve in other areas. The EC believes the regulation is fulfilling its goals of strengthening the protection of the individual’s right to personal data protection, and guaranteeing the free flow of personal data within the EU23. 
 
But the review calls for more uniformity in how the rules apply, noting “a degree of fragmentation” between States. Not all Member States allocated sufficient human and financial resources to their regulators. “To meet the full potential of the GDPR, it is important to create a harmonised approach and a European common culture of data protection, and to foster a more efficient and harmonised handling of cross-border cases,” the authors say. The review is free to download here

Links we liked

Duo’s Wendy Nather has penned this op-ed on challenging old assumptions in security. MORE

DPCuria is a centralised database of EU case law about data protection and privacy. MORE

DDoS attacks reduced in frequency but grew in complexity during 2019. MORE

Three years after WannaCry, what have we learned? MORE

Richly detailed first-hand account of the Maersk NotPetya ransomware infection. MORE

Censys can scan your home Wi-Fi network for risks like leaky ports or exposed devices. MORE

EU grants nearly €49 million to boost innovation in cybersecurity and privacy systems. MORE

The ten most common vulnerabilities exploited by “sophisticated foreign cyber actors”. MORE

The Capital One court decision could have big implications for security and disclosure. MORE

Is digital transformation leading to more cyber risk? MORE

Have you signed up to our monthly newsletter? Every month we send out the latest cybersecurity and data protection news, trends and advice from around the globe. Sign up here