Avoiding Costly Mistakes in Mergers and Acquisitions
While technology merger and acquisition (M&A) activity slowed significantly in 2020 due to the pandemic—market uncertainty resulted in deal values falling to decade-low quarterly performances of $35B USD, as compared to $127B and $165B in 2019 and 2018, respectively—things picked back up in Q3. Each month included at least ten billion-dollar deals as pent-up demand drove nearly record-breaking activity.
CPRA Passed on the California Ballot: What to Add to Your CCPA Compliance Checklist
The world at large is facing a privacy paradox. With personal data used more and more for everything from unlocking a phone to downloading an app, the public is increasingly aware of the risks of sharing data online. Unfortunately, individuals continue to share personal data. Largely because we have to: Individuals are required to give up certain personal data simply in order to interact in the modern world.
How Data Classification Eliminates the "Honest Mistake"
It’s happened to everyone: you type the first few letters of your recipient’s name in Outlook and hit Tab—and you don’t realize that your customer credit card lists just went to Melvin, the annoying vendor who keeps spamming you, instead of Melissa in accounting. Human error may not get as much attention as ransomware, spearphishing, and other cyber threats, but the reality is that careless insiders, not malicious outsiders, pose the biggest risk to data security.
Monthly Breach Report: December 2020 Edition
Data breaches did not go easy on November in 2020. Of the most significant 103 breaches reported, there were at least 586 data records compromised, creating vulnerabilities for millions of individuals’ personal data. The breaches were fairly evenly spread between cyberattacks and ransomware, with internal errors causing the next most common breach type.
Online Shopping and Companies' Data Protection Responsibilities on the Rise This Holiday Season
The holiday shopping season is predicted to look much different this year. Many began shopping as early as the beginning of November. Less than half plan to spend the same amount as they did in 2019—with a third planning to spend less or nothing at all. But a definite trend this year is the overwhelming preference for online shopping, curbside pickup, and contactless payment. It is already a heavy lift for companies to prepare products and services to sell during the biggest revenue days and weeks—it’s equally vital to prepare each company’s processes and technologies to protect consumers’ personal data.
Quantum Computing, Encryption, and the Cryptopocalypse
For several years, tech media has been telling the world that our encrypted data will no longer be secure after quantum computers come onto the scene. Reporters often call this the "cryptopocalypse." Panicked stories like these attract clicks, and clicks attract ad revenue. But the truth, as usual, is not so simple. Asymmetric encryption (using public/private key pairs) is vulnerable to quantum-based attacks, but strong symmetric encryption (using the same strong key to both encrypt and decrypt) will remain safe from quantum attacks. For cryptographers and other technically-minded cybersecurity people, this may seem obvious, but the message hasn’t reached the masses—even to many people who work in the industry.
Ransomware Plus Exfiltration: Encrypt Your Data Before Someone Else Does
As if ransomware attacks weren't already a big enough problem—infecting millions of computers and draining billions of dollars every year—a new development has made the threat an even greater concern. Starting in late 2019, a hybrid variety of cyber attack has emerged, in which traditional ransomware tactics are combined with data exfiltration. Attackers notify their victims that if they fail to pay the ransom demand, not only will data on the infected systems remain encrypted, but the attackers will expose highly sensitive data to the public as well.
Refresh Your PCI Compliance Strategy and Get Ready for 4.0
2020 will be an eventful year in the world of payment card security. PCI DSS compliance declined for the fourth consecutive year in 2019, while data breaches continued to make headlines. With an updated set of requirements on the horizon, organizations with PCI obligations should be taking a close look at their compliance strategies and technology. A new impact brief from Aite Group provides key insights into the current state of PCI DSS compliance, and takes a look at how automated data redaction can help organizations prepare for PCI 4.0, which is expected to be released in late 2020.
Takeaways from RSA Conference 2020
It was another exciting RSA Conference! We always look forward to attending RSA, and as in previous years, we gained valuable insights during our conversations with information security professionals from around the world. Here’s a summary of the top trends and developments we heard from our customers, industry analysts, and other professionals in the security world.
The Case for Automated Data Classification in Today’s Workplace
Data classification in businesses and enterprises is everywhere. Many enterprises plan to take action on data classification in 2020, whether it’s implementing a new system or modifying the one they have. The reason? Sensitive information is everywhere.
The Cloud Hopper Lesson: Cloud Security Is Not Enough
Moving to the cloud is supposed to make everything better. Costs go down, efficiency goes up, and collaboration gets easier. Security is supposed to be easier, too. Cloud providers and managed service providers offer streamlined architecture, up-to-date systems, and economies of scale that let them devote more resources to security than their customers could afford on their own. However, as the massive Cloud Hopper breach has shown, cloud-based security is not a complete answer.
Transparent Encryption vs Persistent Encryption
Every year, more organizations adopt encryption to protect their sensitive data. According to the 2019 Ponemon Institute Global Encryption Trends Study, the percentage of companies with enterprise-wide encryption strategies has tripled in the last 15 years. With regulations like GDPR and the California Consumer Privacy Act providing incentives for companies to encrypt customer data, that trend will likely accelerate in 2020 and beyond. Organizations considering encryption have many options to choose from, ranging from solutions that protect single hard drives to those that facilitate company-wide protection. One of the most important distinctions to consider is between transparent encryption and persistent encryption.
Zero-Trust Networks and Data-Centric Security
It’s been nearly ten years since Forrester Research first published a paper recommending the "zero trust" model of information security. The time had come, the paper argued, to abandon the idea of an unbreakable network perimeter, and to deal with the reality that intruders will inevitably find their way into protected networks. In the years since, the zero trust model has changed the way many organizations design and operate their networks. However, in order to live up to its full potential, zero trust architecture must be paired with a corresponding strategy for protecting the thing hackers are really after: sensitive data itself.