GDPR – EvaluateSolutions38 https://evaluatesolutions38.com Latest B2B Whitepapers | Technology Trends | Latest News & Insights Wed, 15 Mar 2023 19:30:21 +0000 en-US hourly 1 https://wordpress.org/?v=5.8.6 https://dsffc7vzr3ff8.cloudfront.net/wp-content/uploads/2021/11/10234456/fevicon.png GDPR – EvaluateSolutions38 https://evaluatesolutions38.com 32 32 Capital One Ventures and Citi Ventures Invest in Unified Data Control Startup, Securiti https://evaluatesolutions38.com/news/security-news/capital-one-ventures-and-citi-ventures-invest-in-unified-data-control-startup-securiti/ https://evaluatesolutions38.com/news/security-news/capital-one-ventures-and-citi-ventures-invest-in-unified-data-control-startup-securiti/#respond Wed, 15 Mar 2023 19:30:21 +0000 https://evaluatesolutions38.com/?p=51522 Highlights:

  • Securiti will increase the capabilities of its DataControls Cloud, a service that aids businesses in integrating intelligence and controls around data for security, privacy, governance, and Compliance.
  • The additional funding is focused on boosting the company’s DataControls Cloud solution.

Securiti Inc., a startup in unified data control, recently announced investments from Capital One Ventures and Citi Ventures. The extra funding will be used to advance the company’s DataControls Cloud product.

Although the sum spent by the banks was not made public, it was in addition to the USD 75 million that Securiti raised in October. For today’s cutting-edge, hyper-scale cloud environments, the October round was raised to speed the deployment of a centralized data command center.

Securiti, a 2019 startup, provides unified data controls via its DataControls Cloud, which aims to integrate data intelligence and controls across security, privacy, governance, and compliance. By enabling businesses to retire various legacy solutions that increase cost and complexity, the company asserts that its solution is “revolutionizing an entire category.”

The platform is meant to address the issue of businesses using different software tools to secure their data and guarantee that they process it following privacy laws like the General Data Protection Regulation of the European Union. Because the DataControls Cloud offers security and privacy capabilities in a single platform, businesses can use it in place of the several software solutions they would typically need to use.

Managing partner at Capital One Ventures, Jaidev Shergill, explained, “Unified intelligence and controls around data are table stakes for modern enterprises. We invested in Securiti for its potential to bring simplicity, automation and control to an important and arduous task.”

Securiti reported strong growth through its fiscal year 2022, achieving over a four-fold increase in total contract value and an over a three-fold increase in annual recurring revenue. However, it didn’t provide more details. Prominent customers include Dropbox Inc., Hertz Corp., Southwest Airlines Co., Dell Technologies Inc., Cisco Systems Inc., Instacart Inc., and Alaska Airlines Inc.

Global head of AI/ML/data investing at Citi Ventures, Vibhor Rastogi, said, “Securiti is providing a critical solution to the challenges created by handling tremendous amounts of data. As cloud adoption continues to grow, companies must keep data secure from external threats, adhere to regulations, and ensure responsible data usage. By delivering a modern, unified architecture, Securiti is easing the burden on security, privacy, and governance leaders across industries.”

Even though Citi and Capital One’s investment amount was not made public, according to a leading media house, Securiti had previously raised USD 156 million. General Catalyst Group VII LP, Workday Ventures LLC, Mayfield Fund LP, Owl Rock Capital LP, and Cisco Investments LLC have all made prior investments.

]]>
https://evaluatesolutions38.com/news/security-news/capital-one-ventures-and-citi-ventures-invest-in-unified-data-control-startup-securiti/feed/ 0
Ransomware – The Rising Global Threat! https://evaluatesolutions38.com/insights/security/ransomware-the-rising-global-threat/ https://evaluatesolutions38.com/insights/security/ransomware-the-rising-global-threat/#respond Mon, 05 Dec 2022 16:49:42 +0000 https://evaluatesolutions38.com/?p=50356 Highlights:

  • Attackers can find files to exploit, such as those containing private information that can be utilized in a later double- or triple-extortion attempt, by scanning the infected system. This allows them to learn more about the affected system, network and device.
  • Ransomware commonly warns the victim of the infection by leaving an a.txt file on the desktop or displaying a pop-up message once files are encrypted and the device is disabled.

Shopping sprees are great. Drinking sprees are even better. Something that is NOT great is the frequency of cybercrime attacks making headlines and going on a spree!

Over the last few months, news portals have been pouring stories of state-sponsored ransomware attacks targeting critical infrastructure and encrypting victims’ data. Attacks using ransomware are taking a toll on businesses worldwide.

These attacks cause significant operational interruptions, and cybercriminals’ ransoms to decrypt the files and computers that have been compromised – keep growing.

The most enormous known ransom paid to date was USD 40 million, paid by CNA Financial, one of the biggest insurance companies in the United States, to regain access to its data and restart its operations.

Forty MILLION dollars is a lot of money!!

It’s even more money than most organizations spend on cybersecurity and for some…. it’s more than their whole organization’s IT budget.

The White House is just one of many government agencies that have called on businesses to strengthen their security in response to the rising tide of state-sponsored ransomware assaults in the United States and the Europe continent.

With attacks up 80% year-over-year, and hackers easily avoiding law enforcement action by using Ransomware as a Service or just rebranding, 2022 is shaping up to be the worst year on record for ransomware attacks.

In this blog, we’ll be covering the following topics: what are ransomware attacks, the history of ransomware, what are the causes of a ransomware attack, steps to take after a ransomware attack and more.

Why is ransomware a topic of debate and such a big problem worldwide?

Ransom malware, also known as ransomware, is malicious software that encrypts a user’s data or computer system and then requests a ransom payment to decrypt them. While “a virus locked my computer” may immediately come to mind for some, ransomware is typically categorized as a distinct sort of “malware”.

 Let Us Begin with the History of Ransomware

The first ransomware appeared in the late 1980s. PC Cyborg was another name for it, as was the AIDS moniker! The files in the C: directory would be encrypted after 90 restarts, and the user would be asked to renew their license by sending USD 189 to PC Cyborg Corp.

At that time, there was little danger of being compromised because the encryptions used were so simple to crack.

Things changed back in 2004. GpCode was different. The ransomware used shaky RSA encryption to lock users out of their files and demand a ransom, and then ransomware became a severe problem.

As time passed, cybercriminals got innovative, they got creative. Egregor, a new form of ransomware, surfaced in the year 2020. The attackers used a “double extortion” strategy, encrypting the victim’s files, and stole sensitive information before threatening to publish the data online if the ransom was not paid.

 What Are the Causes of a Ransomware Attack?

“Life is about choices.”

– Graham Brown

Guess cybercriminals chose the other path giving way to all the chaos and insecurity in business environments.

Multiple entry points, or “vectors,” are now available to ransomware attackers to compromise a system or network. Here are a few examples of the common entry points for ransomware:

Invasion using phishing emails and other forms of social engineering: Users are infected with ransomware when they fall for phishing emails and click on links or open attachments from those emails (which contain the malware disguised as an innocent-looking.pdf, Microsoft Word document or another such file).

According to a report from 2021, phishing and other types of social engineering are the most common ransomware attack vectors. It accounts for 45% of all ransomware assaults, as reported by the survey participants.

Software vulnerabilities and operating system: Cybercriminals regularly use previously discovered vulnerabilities to breach systems and circulate malware. Zero-day vulnerabilities, which haven’t been detected or patched by the security teams, are especially dangerous. Some ransomware groups are willing to pay other hackers for information on zero-day vulnerabilities to better prepare for attacks.

Credential theft: Users’ credentials can be hacked in several ways, including theft, sale on the dark web and brute force. These credentials might then be used to gain access to a machine or network and deploy the ransomware. The Remote Desktop Protocol (RDP), a Microsoft-created protocol for remote access to a computer, is frequently exploited by ransomware to steal credentials.

Other malware: Ransomware is often delivered to a device by hackers using malware already created in other assaults. In 2021, for instance, the Trickbot malware, designed to steal banking credentials, was used to propagate a form of Conti ransomware.

Drive-by downloads: Without the users’ knowledge, ransomware can be spread from device to device via infected websites. Exploit kits scan visitors’ browsers for online application vulnerabilities that can be exploited to introduce malware onto the device. Malvertising, or legal digital adverts that hackers have hacked, can infect computers with ransomware even if the user does not interact with the ad in any way.

To use these entry points, cybercriminals need not create malware. Some ransomware developers offer their virus code to other cybercriminals using “ransomware as a service” (RaaS) models.

Affiliate cybercriminals use the code to launch attacks and share the ransom proceeds with the original creator. Affiliates can make money off extortion without creating their own software and developers can boost their earnings by automatically initiating cyberattacks.

Ransomware distributors can sell their wares through online marketplaces or find affiliates through internet forums and other mediums. The largest ransomware organizations have spent a lot of money on affiliate programs.

Now that we know what causes a ransomware attack, let’s dig a little more into the varied stages of a ransomware assault.

What Are the Stages of A Ransomware Attack?

The following steps are commonly taken during a ransomware attack after hackers have gained access to a device:

Step 1: Reconnaissance. By scanning the infected system, attackers learn more about the device and network and locate files to exploit, such as those containing sensitive information that can be used in a subsequent double- or triple-extortion attempt. Most also try to get other credentials that let them travel laterally via the network and infect more devices with ransomware.

Step 2: Activation. Files are being targeted for identification and encryption by crypto-ransomware. The vast majority of encrypting ransomware makes use of asymmetric encryption, which encrypts the malware with a public key and stores the private key securely. The inability to decrypt the encrypted data without the hackers’ assistance is due to the lack of a private key, which the victims do not have. To further raise the pressure on the victim to pay for the decryption key, some crypto ransomware also disables system restore functionality or deletes or encrypts backups on the victim’s machine or network.

Ransomware that doesn’t encrypt data locks the user out of their device, bombards it with ads or does something else to make it useless to function.

Step 3: The ransom note. After the data is encrypted, and the device is deactivated, ransomware typically notifies the victim of the infection, usually by leaving an a.txt file on the desktop or displaying a pop-up message. The ransom note will detail the payment process—typically in bitcoin or some other untraceable method—in exchange for the decryption key or normal functioning being restored.

But like the old saying goes, “prevention is better than cure”. In the case of a ransomware attack, what can you do?

Fighting Back – Steps to Take After a Ransomware Attack

When security analysts track ransomware gangs, they see an ever-increasing gap between the attackers’ ability and motivation and the defenders’ experience and resources. Thus, IT and security operations outsourcing alone are not a viable solution.

Here are three steps that you can take:

  • International cooperation is required between law enforcement authorities targeting ransomware groups, tracking payments and ultimately altering the operational risk for these groups to make it more expensive for them to undertake unlawful business.
  • Organizational silos must be broken down so that cybersecurity, IT operations and risk management teams can all work together with a common language and set of goals. Who is responsible for the data storage and IT restoration? Where does security stand in terms of disaster recovery? When an emergency occurs, who is responsible for handling the Enterprise Risk Management and Business Continuity Planning?
  • The introduction of further rules and regulations concerning the issue. The General Data Protection Regulation (GDPR) has dramatically raised collective awareness about reporting security breaches in infrastructures. On the other hand, tremendous efforts are required. While the (GDPR) is effective for private information, ransomware attacks that interrupt essential services may fall outside of its scope. More information is shared, more attention is paid, and maybe fines being levied on companies that fail to prevent or secure their infrastructure sufficiently will cause boardrooms to take the problem seriously.

To sum up

Ransomware is malicious software that encrypts data on a user’s computer using various encryption methods and then demands payment in exchange for decrypting or restoring the computer.

There is a growing need for security teams to be aware of the dangers posed by ransomware as it spreads to new industries, including the corporate world and the medicine-related fields.

Taking the appropriate measures to avoid, detect and recover from a ransomware attack without serious harm to the system can drastically lessen the attack’s potential impact!

]]>
https://evaluatesolutions38.com/insights/security/ransomware-the-rising-global-threat/feed/ 0
Vanta Raises USD 40M to Automate Compliance and Combat Regulatory Sprawl https://evaluatesolutions38.com/news/security-news/vanta-raises-usd-40m-to-automate-compliance-and-combat-regulatory-sprawl/ https://evaluatesolutions38.com/news/security-news/vanta-raises-usd-40m-to-automate-compliance-and-combat-regulatory-sprawl/#respond Fri, 14 Oct 2022 14:34:51 +0000 https://evaluatesolutions38.com/?p=49783 Highlights –

  • Vanta’s solution allows businesses to comply with regulations like SOC 2, HIPAA, and GDPR.
  • Vanta offers users auditor-vetted controls and the ability to audit their environments for compliance gaps for regulatory frameworks like SOC 2, ISO 27001, HIPAA, PCI DSS, GDPR, and CCPA.

The game of compliance is all or nothing. Organizations either have to comply with data protection laws or be ready to pay severe fines. However, the complexity of the regulatory environment and lack of cybersecurity experts make it challenging to reduce the risk.

Security and compliance automation platform Vanta announced a raise of USD 40 million as an extension of the series B fundraising round that closed in June. With this, the company’s total valuation stands at USD 1.6 billion.

Vanta’s solution allows businesses to comply with regulations like SOC 2, HIPAA, and GDPR.

This round of funding confirms that automation is essential to remain compliant in an era of complex data protection laws, such as the GDPR and the California Consumer Protection Act (CCPA)Manual compliance is not a viable option

The announcement comes soon after Sephora and Meta were hit with significant fines for breaking the CCPA and the GDPR, respectively.

Despite the rarity of these events, most businesses are aware of the necessity of adhering to data protection laws. Still, they lack the internal resources and knowledge necessary to secure their surroundings.

It’s often impractical for organizations to avoid security incidents and establish data controls manually, leaving them vulnerable to cyberattacks and legal repercussions.

The solution to this problem is not to bolt compliance as an afterthought. Instead, develop automated procedures from the bottom up so that security teams can scale to secure their environments at a high level while adhering to the relevant legal frameworks.

Christina Cacioppo, CEO of Vanta, says, “Today, businesses have to think about security and compliance from Day 1.”

“Most can’t afford to hire somebody full-time, but the cost of getting it wrong is huge. Vanta levels the playing field for software companies in a downturn, helping them win business and prove their compliance with less spending overall. We’re honored to have industry leaders like CrowdStrike support Vanta as a next-generation security company”, Cacioppo stated.

Vanta offers users auditor-vetted controls and the ability to audit their environments for compliance gaps for regulatory frameworks like SOC 2, ISO 27001, HIPAA, PCI DSS, GDPR, and CCPA. These features expedite the certification process and lower the risk of non-compliance.

Insights of the compliance automation market

As more firms seek to control compliance sprawl, Polaris Market Research projects that the enterprise governance, risk, and compliance software market will be valued at USD 97 billion by 2028.

Drata, a compliance platform that enables businesses to automatically monitor data protection measures, finding gaps in compliance with regulatory frameworks like SOC 2, ISO 27001, and HIPAA, is one of Vanta’s primary rivals in the market. Drata recently revealed a Series B investment round of USD 100 million.

HyperProof, another rival that raised USD 16.5 million in a series A fundraising round earlier this year for an automated compliance platform for managing internal controls, automating audit procedures and workflows, and evaluating compliance posture.

Vanta’s current goal is to set itself apart from other service providers by assisting corporations in improving their compliance position using knowledge gained from the compliance experiences of other businesses.

]]>
https://evaluatesolutions38.com/news/security-news/vanta-raises-usd-40m-to-automate-compliance-and-combat-regulatory-sprawl/feed/ 0
EU Fines Meta $402 Million Over Instagram’s Child Privacy Settings https://evaluatesolutions38.com/news/tech-news/eu-fines-meta-402-million-over-instagrams-child-privacy-settings/ https://evaluatesolutions38.com/news/tech-news/eu-fines-meta-402-million-over-instagrams-child-privacy-settings/#respond Tue, 06 Sep 2022 18:16:29 +0000 https://evaluatesolutions38.com/?p=49141 Highlights:
  • A DPC representative acknowledged the fine and stated that further information regarding the judgment would be available next week.
  • According to Politico, this is the second-largest fine imposed by Europe’s GDPR legislation and the third-largest sanction imposed on Meta by the regulator.

Ireland’s data protection authority has fined Meta Platforms Inc. 405 million euros – USD 402 million – after deciding that Instagram did not comply with the General Data Protection Regulation (GDPR) privacy rules. The Irish Data Protection Commission levied the penalty for Instagram’s handling of children’s privacy settings that violated GDPR.

According to Politico, this is the second-largest fine imposed by Europe’s GDPR legislation and the third-largest fine imposed on Meta by the regulator.

A DPC representative acknowledged the fine and stated that further information regarding the judgment would be available next week. The penalty results from the picture-sharing app’s privacy settings on accounts run by children. The DPC was looking into children’s usage of business profiles on Instagram, which made personal information like email addresses and phone numbers available publicly. The probe also looked at Instagram’s policy of making all new accounts publicly visible by default, including those of minors.

According to Reuters, Meta permitted youngsters aged 13 to 17 to create business profiles on Instagram. The settings of such business accounts allegedly allowed the release of individuals’ phone numbers and email addresses.

The DPC began investigating the probe in 2020 and published a draft judgment before announcing the USD 402 million fine. According to reports, other European Union data protection officials did not accept the proposed ruling instantly. As a result, the DPC initiated a so-called dispute-resolution procedure in which it solicited feedback on the probe from several other EU regulatory authorities.

Meta spokesperson told Politico, “This inquiry focused on old settings that we updated over a year ago, and we’ve since released many new features to help keep teens safe and their information private. Anyone under 18 automatically has their account set to private when they join Instagram, so only people they know can see what they post, and adults can’t message teens who don’t follow them. We engaged fully with the DPC throughout their inquiry and carefully reviewed their final decision.”

Since Meta’s EU headquarters are based in Ireland, DPC is responsible for conducting GDPR inquiries related to Meta. The fine disclosed this time is the third levied by the DPC to Meta since the implementation of GDPR.

Previously, in March, the regulator penalized Facebook USD 18.7 million for GDPR violations relating to its cybersecurity measures. Meta was fined USD 267 million by the DPC after the latter discovered that the WhatsApp unit’s privacy policies fell short of legal criteria. According to DPC investigators, WhatsApp failed to offer consumers adequate information about how it gathers and analyses personal data.

Meta’s privacy practices have also come under criticism in the United States. Last month, the business proposed to pay USD 37.5 million to settle a lawsuit that accused it of illegally gathering users’ location data. In February, Meta paid USD 90 million to resolve another complaint over data harvesting tactics.

]]>
https://evaluatesolutions38.com/news/tech-news/eu-fines-meta-402-million-over-instagrams-child-privacy-settings/feed/ 0
Why Your Business Needs Data Remediation https://evaluatesolutions38.com/insights/data/why-your-business-needs-data-remediation/ https://evaluatesolutions38.com/insights/data/why-your-business-needs-data-remediation/#respond Wed, 23 Feb 2022 18:41:08 +0000 https://evaluatesolutions38.com/?p=45012 Data is the lifeline of every organization. In connection with this, managing and securing it is critical and challenging for organizations. This task will become even more challenging with time as the sheer volume of daily data keeps increasing. And when data accuracy, quality, storage, and security are affected, it results in poor decision making, data breaching, and non-compliance issues. The higher the amount of unstructured data an organization collects, more are the chances of risk.

Data with errors leads to workplace inefficiencies, hampers the decision-making process, yields unnecessary costs and may also land organizations in legal compliance risk. This is why businesses need to be vigilant about the type of data they are collecting. Storing data without consent or legitimate business purposes can even land an organization in GDPR compliance issues.

This is where data remediation comes in. The data remediation process helps businesses clean up, organize, and migrate their data to a secure and clean environment. It also helps businesses improve compliance by eliminating duplicate data or unnecessary and unused data. Data remediation can, thus, be defined as a critical tool to sanitize data management and ensure data network security within an organization.

What is data remediation?

The data remediation process is all about correcting errors and mistakes in data to eliminate data quality issues. This is done via a process involving cleaning, organizing, and migrating data to a secured and safe environment to achieve business goals. Data remediation helps organizations decide whether they should keep, delete, migrate, or archive information.

When the need for data remediation?

Preferably, data remediation must become an ongoing business process to ensure organizations get quality data while protecting it against risks, too. Data remediation must be considered in the following situations –

  • Business changes – Any logistical changes within the business processes, digital or physical, can land your data at risk. Digital changes to software or systems and physical location changes can leave data in a vulnerable state. Also, any changes to an organization’s leadership will warrant a discussion on data remediation.
  • Mergers and acquisitions – It is essential to check and track any new data coming in from other or unknown sources in the event of merger and acquisition.
  • Iterations in laws and regulationsData privacy and protection laws change continuiously. Organizations must remain alert about any changes to the legal environment and remediate data to ensure compliance.
  • Human error – Human errors in data management and governance are very much discoverable. Data remediation becomes essential to ensure data quality and security in such situations.

How does data remediation benefits business?

Performing the data remediation method includes lots of efforts, but is beneficial for businesses across sectors. The following are some of the top benefits most organizations experience after implementing data remediation.

  • Data storage cost decreases – Although data remediation is not just about data deletion, it is a typical remediation action, and less data implies less storage. Moreover, many organizations realize that they have bundled trivial information in the same high-security storage platform for sensitive information rather than merely paying for the storage capacity that is truly required.
  • Protecting unstructured sensitive data— After identifying and classifying sensitive data, remediation is performed where one can determine and execute the actions that mitigate risk. This may look like one is finding a secure storage space for sensitive data or deleting what is necessary from a compliance point of view.
  • Reduced sensitive data footprint – By eliminating sensitive data that falls beyond its recommended retention period and one that’s is essential for compliance, organizations can reduce sensitive data footprint and decrease the risk of potential data breaches or leaks of highly sensitive data.
  • Stick to compliance laws and regulations – Keeping data that’s beyond its recommended retention period can land organizations at greater risk. Organizations can reduce data exposure by supporting compliance initiative that cleans up data.
  • Increase in staff productivity— Data used by teams should be readily available, usable, and trustworthy. Streamlining your organization’s network with data remediation makes it easier to find and use the information for its intended purpose.
  • Reduces cyberattacks risks – Continuously engaging in data remediation processes helps organizations proactively minimize data loss risks and potential financial or reputational damage of successful cyberattacks.
  • Improves overall data security – Data remediation and data governance work closely. It is essential to formulate data governance policies if an organization wants to remediate data properly. This is essential for the overall management and protection of an organization’s data.

Role of data remediation in data privacy and security

Maintaining the quality of data is one of the biggest challenges faced by businesses today. Various data management challenges encountered by organizations include the constantly changing face of data and iterative data models, inaccurate or corrupt data, and new and emerging data protection regulations. Poor data quality lowers the business’s operational efficiency and impacts effective decision-making.

Data remediation plays an important role in data security and compliance with privacy policies – poor data quality results from the lack of appropriate data sanitization processes. In the absence of necessary data management and data security protocols, the chances are high that data within an organization will fall prey to common data health issues such as corruption and inaccuracies.

Suffering from unregulated data, businesses suffer and have to face data breaches, too. Also, poor data management lowers the business or organization’s ability to ensure compliance with data privacy protection laws, thus leading to penalties.

Hence, organizations need to take severe steps to ensure their data is clean, secure, enriched, and adhere to privacy policies. Migrating data to a safe and clean environment is also an essential step to secure an organization’s data. Data remediation meets each of these purposes.

With time, unregularized data can overburden the data network of a business or the organization. Unregularized data also adds to the risk of data breaches. All these factors impact every aspect of data management. Increased risk of unregulated or dirty data can increase the risk of non-compliance hampering data privacy regulations. Businesses that collect and store large amounts of data are more prone to risks.

It is vital for organizations not to ignore data remediation for all these reasons.

After the introduction of data remediation,  businesses benefit in the form of improved data insight and they will be able to build a more accurate, and transparent data ecosystem. Clean, organized, and securely stored data can enhance data security and ensure that the organization’s data comply with privacy standards and other mandatory legal responsibilities.

]]>
https://evaluatesolutions38.com/insights/data/why-your-business-needs-data-remediation/feed/ 0