All posts by Tom Pritchard

The latest round up of legal and regulatory developments and other news on cybersecurity from the Datonomy blogging team at Olswang LLP.  EU policy and regulatory developments
  • General Data Protection Regulation (GDPR): The second trilogue negotiation is, according to this previously released (unofficial) timetable for completion, scheduled for today, 14 July.  The second meeting will focus on the issues of territorial scope (Article 3) and international transfers (Chapter V).  This 682 page document dated 8 July, but not yet uploaded to the Council’s website, has been leaked by Statewatch.  It is a line-by-line table comparing the Commission, EP and Council’s respective negotiating positions on the whole Regulation.  Regarding the issues of data security, data breach notifications and processor obligations contained in Chapter IV of the draft, according to the above unofficial timetable, these are due to be negotiated in September.  Although there are some differences of detail between the institutions’ … Continue Reading ››
PwC’s latest annual breaches survey was published this month.  Backed by an £860 million budget (from 2011 to 2016), the National Cyber Security Programme, now being propelled by Ed Vaizey, the Minister for Culture and the Digital Economy, has continued to commission PwC to conduct its annual survey of information security breaches.  The results provide a richly detailed picture of the UK’s cybersecurity scene. The report gathered responses from 664 companies, all based in the UK but varying greatly in size and focus.  Almost half of the respondents were companies with 500 or more employees that work within the professional services or technology sectors, however, small-to-medium sized businesses from almost all other sectors were included, lending credibility and wide applicability to the reported data. (N.B. large organisations > 250 employees, medium 50-249, small <50.) This year’s key survey findings read a lot like those of previous years: the number of … Continue Reading ››
For the tenth year running, the Ponemon Institute, a data protection and information security research centre based in Michigan, has published its “Cost of Data Breach” 23-page report.  This year’s report is packed full of quantative analysis that confirms the overarching cybersecurity trends that breaches are becoming increasingly expensive and an increasing number of customers switch their allegiance to a competitor after a breach.  It also highlights that certain anticipatory behaviours can help to reduce the cost – the most significant being having an incident response team in place. N.B. the Ponemon Institute’s research has greater applicability to small-to-medium sized businesses than to large businesses, given that the study excludes from the data set any organisation which suffers a breach in which more than 100,000 records are compromised. The key trends and statistics highlighted are as follows:
  • Breaches are becoming increasingly expensive:
Global
  • The International Chamber of Commerce published a “cyber security guide for businesses.”  The aim of the guide is to help management “frame cyber security discussions with information technology professionals – and vice versa – to put a collaborative and ongoing management approach in place.”  The guide provides five main areas of focus: gathering information, developing a resilient mind-set, being prepared to respond, demonstrating leadership and taking action.
UK
  • According to SC Magazine, the Bank of England approved its first commercial provider of CBEST threat intelligence and penetration testing (read more from Datonomy about the financial sector CBEST programme here). The company now approved to assess financial sector companies’ preparedness for a cyber attack is BAE Systems.
  • One of CERT-UK’s weekly updates featured a plug for the importance of public-private cyber threat information sharing as the US looks to follow the UK’s lead with the Cyber Intelligence Sharing and Protection Act … Continue Reading ››
A small selection of attacks reported in Q2.  Please see our weekly cyber alert on Datonomy for more.
  • The BBC reported that a coordinated effort between the EU Cybercrime Action Taskforce, the FBI and private security firms, Intel, Kapersky and Shadowserver was successful in taking down a very sophisticated piece of malware called “Beebone”. The malware reportedly controlled up to 100,000 computers a day and evaded detection for a long time by being able to change its own identity up to 19 times a day.  Now that the malware has been contained, Operation Beebone is focusing on identifying those behind the attacks.
  • Following the GitHub denial of service attacks (reportedly perpetrated by China), researchers at the University of Toronto, University of California, Berkeley, the International Computer Science Institute and Princeton University claimed that China designed a cyber offensive system called the “Great Cannon”. The Great Cannon can reportedly intercept foreign … Continue Reading ››
  • Blue Coat Systems, Inc., a cybersecurity firm that counts 80% of the Fortune 500 as customers and blocks over three million threats a day, agreed to be acquired by the investment firm, Bain Capital, for $2.4 billion. Blue Coat was previously bought by the private equity firm Thoma Bravo LLC for $1.3 billion in 2012.
  • PayPal paid $60 million for cybersecurity firm CyActive. As the finance sector faces continued pressure from investors to provide online security, PayPal is keen to bolster its cyber credentials.  CyActive specialise in “predictive cybersecurity”.
  • The latest Cybersecurity 500 (containing the cybersecurity companies to watch in 2015) has been released, and features only 11 UK companies, as reported by TechWorld.
  • The cybersecurity firm, Darktrace, announced that it will be investing $18 million in hiring new recruits. CEO, Nicole Eagan, is particularly keen to narrow the gender gap within the industry by looking for more female … Continue Reading ››
The latest round up of legal and regulatory developments and other news on cybersecurity from the Datonomy blogging team at Olswang LLP. EU policy and regulatory developments 
  • General Data Protection Regulation (GDPR): As Datonomy readers will by now be well aware, on 15 June the GDPR reached another key milestone with the EU Council (i.e. Member States) adopting their “general approach” to negotiating the whole proposal with the Parliament and the Commission. This means that all three EU institutions have declared their negotiating stance on the wide ranging proposal and that three way negotiations can now begin.  The first such trilogue is scheduled for 24 June, with a six month provisional timetable recently outlined by a group of MEPs here, aimed at adoption of the proposal by the end of 2015.  Given the complexity of the proposal and the fact that it has already taken three and a half years to … Continue Reading ››