Digital marketing and publishing expert talking all things #Infosec #Cyber #GRC and #Tech.
Served as Publishing Director for Infosecurity Magazine 2011-2022, helped deliver the Women In Cybersecurity initiative with the incredible Eleanor Dallaway and now loving the world of SaaS in the governance, risk and compliance space with ISMS.online.
Currently a board member of the White Hat Ball, an annual event run by information and risk professionals to raise money for NSPCC ChildLine.
All opinions are my own.
Deepfakes the second most common #CyberSecurity incident #DeepFake
https://betanews.com/2024/05/20/deepfakes-are-now-the-second-most-common-security-incident/
Concern around deepfakes has been growing for some time and new research released by ISMS.online shows deepfakes now rank as the second most common information security incident for UK businesses and have been experienced by over a third of organizations.
Check out this blog from Phil Muncaster, which explores the unique challenges healthcare organisations (HCOs) face regarding cyber security and privacy and argues getting healthcare security right starts with the basics
https://www.isms.online/cyber-security/getting-healthcare-security-right-starts-with-the-basics/
No organisation wants to suffer a major security breach. But when it happens to healthcare organisations (HCOs) like NHS trusts, there can be an outsized impact on the local community. The WannaCry attacks of 2017 and Conti ransomware raid on Ireland's Health Service Executive (HSE) laid bare failings on both sides of the Irish Sea. While improvements have been made, many underlying challenges continue to expose the sector to severe cyber risk. With the stakes so high, a comprehensive joined-up approach to managing these risks is long overdue. Setting the Scene Why are HCOs so exposed to cyber risk? As
Meta's regulatory battles are shaking up the tech industry. From antitrust cases to data privacy violations,
Danny Bradbury's latest blog looks at the challenges faced by Meta, the wider ramifications for big tech & the impact on data transfers > and more:
https://www.isms.online/data-protection/metas-regulatory-battles-sound-the-alarm-for-big-tech/
Meta has been fighting legal battles on several fronts in the past year, with some victories and some setbacks. One of these cases could have wider ramifications for the tech industry. In the U.S., the social media giant first won an antitrust case against the FTC in February, winning the right to buy virtual reality startup Within Unlimited. Then, it beat back another antitrust suit bought by 48 states over its acquisitions of WhatsApp and Instagram. That doesn't bode well for the FTC, which is currently pursuing a landmark case over the same issue. Meta's recent fortunes in Europe have been less positive. The
🤖 Should you use AI to write your organisation's privacy policy?
If you do use AI to create or process critical business content, are you putting your organisation at risk?
In this wide-ranging piece, Danny covers everything from:
💭 AI and the confidence Vs truth conundrum
❌ Breaks down real-life uses of AI and the results - good or bad
📖 Examines the emerging glut of AI guidelines and if they actually tackle the core issues organisations must consider
If you're considering the application of AI within your business, this blog is a must-read!
What do you think about AI in business?
#AI #InformationSecurity #DataPrivacy #BusinessSecurity #PrivayPolicy #DannyBradbury
It's 2023, and AI seems to be everywhere. ChatGPT, the AI produced by Elon Musk-founded institute OpenAI, is writing student essays, churning out books, and even challenging parking fines. In one incident that proves we're living in an episode of Black Mirror, a particularly soulless university employee even used it to console students after a mass shooting. How ChatGPT works Privacy and security experts might be wondering how AI could help them too. Could it, for example, write your privacy policy? The answer is yes - sort of. To unpack the question more thoroughly, it's worth understanding how ChatGPT's newer
🔒 Is GDPR Losing Its Bite? Has It Failed to Live Up to the Hype? 🚫
With the threat of hefty fines, 4% of annual turnover or 20 million euros, whichever was more considerable, GDPR came out of the gate swinging, but with very few penalties hitting these headline-grabbing figures, has GDPR done what it set out to do?
Does GDPR need significant fines to be effective? The recent ISMS.online State of Information Security report highlighted that the average penalty for non-compliance is £250,000. For most businesses, that's a significant sum.
As GDPR turns five, Dan Raywood explores the hype surrounding the data privacy regulation and asks, are CEOs still taking it seriously?
👉https://www.isms.online/data-protection/are-businesses-still-taking-gdpr-seriously/
#GDPR #DataProtection #ComplianceEnforcement #PrivacyRegulation
As we mark five years since the GDPR came into force, has a lack of significant fines caused some CEOs not to take it so seriously? Dan Raywood looks at whether GDPR failed to live up to the hype. In the run-up to May 2018, the expectation of GDPR was that this would be a significant game changer in compliance enforcement. From the first conversations around data protection reform, it was clear that the level of enforcement was going to be more significant than the £500,000 maximum monetary penalty the Information Commissioner's Office (ICO) had begun to issue in 2011.
Who pays for a #ZeroDay flaw in your enterprise software?
Danny Bradbury delves into the divisive topic of software vendor liability & looks at how standards & regulatory guidance are changing the tide on security by design expectations
👉 https://eu1.hubs.ly/H04440n0
Interested in everyone's thoughts on this topic. It seems to polarise!
A zero-day flaw in your go-to enterprise software application allowed attackers into your network and compromised sensitive data. It's going to cost a lot to fix before you even get to regulatory fines and customer lawsuits - and the application isn't even yours. Who should pay? It probably won't be the company that sold you the software. Their end-user license agreements (EULAs) typically limit their liability. Most of us don't read these because they're too long and too complex. Over the last few months, demands to change this situation have been growing louder, reaching the top levels of government. In
What the Capita Breach Tells Us About Managing Supply Chain Risk
A really interesting piece from journalist @philmuncaster breaking down the recent Capita Breach and the more recent MOVEit compromise to understand;
✔️Why organisations continue to struggle with supply chain security management
✔️What organisations can do to manage their supply chain security better
✔️How ISO 27001 can enable better management of suppliers and data management in the long term
As supply chains continue to grow in size and complexity, so does cyber risk. Working out how best to manage this now will certainly pay dividends in the long term! https://lnkd.in/ea2sQ5kN
With comments from Jamie Akhtar- CyberSmart and Simon Newman- Cyber Resilience Centre for London
When IT outsourcing giant Capita suffered a ransomware breach in March, it tried its best to control the media narrative. But supply chain incidents like this have a habit of running away from even the best-drilled PR teams. After a few weeks of drip-drip news from Capita, the firm's worst nightmare came: a flood of breach notification reports from corporate clients. Across this and a second incident involving cloud misconfiguration, the victim count has now risen to at least 90. There are plenty of takeaways for security and compliance teams. But they can be boiled down to one idea. You
It's that time of year again!!! 🛒#BlackFriday #PasswordSecurity
https://www.linkedin.com/feed/update/urn:li:activity:7000745977120710656
Ian Barker
Dan Conn