May 17, 2020

Healthcare sector the worst offender in race towards General Data Protection Regulation compliance

healthcare services
Technology
research
Big Data
Clearswift
3 min
GDPR
New research from leading information security company Clearswift has shown that the education sector is rivaling technology for the top spot when it co...

New research from leading information security company Clearswift has shown that the education sector is rivaling technology for the top spot when it comes to GDPR preparedness. 

The research surveyed 600 senior business decision makers and 1,200 employees across the UK, US, Germany and Australia. When asked whether firms currently have all of the necessary processes in place to be compliant the top five performing sectors included technology and telecommunications (32%), education (31%), IT (29%), business services (29%) and finance (29%).

The survey has also revealed, of all the sectors, healthcare is the least likely to be ready for the upcoming GDPR, with only 17% of private and public-sector bodies claiming to have the processes in place to comply with the legislation. Following closely behind is the retail sector with a mere 18% of the industry ready for GDPR, and marketing at 19% and legal at 21%.

Overall, the research has shown that only a quarter (26%) of businesses are currently ready for General Data Protection Regulation (GDPR). However, with the deadline fast approaching, a further 44% are putting processes in place and expect to be ready in time for May next year, when the legislation comes into force.

Dr Guy Bunker, SVP of Products at Clearswift, said: “With 64% of UK businesses currently making moves towards GDPR compliance, the outlook is not as bleak as previously thought.  

“It is clear that the regulation has grabbed the attention of businesses, but what is important is that their focus is in the right place. Those viewing GDPR as an opportunity will be in the best position to not only comply, but evolve their organisations, enhance their security posture and achieve business growth.

“Educating employees about how to safeguard critical information, introducing data protection guidelines and instilling a culture of data consciousness in the workplace will not only bring organisations closer to compliance but help reduce the chances of a data breach.”

Related stories

Although the majority of businesses may not currently be ready for GDPR, employers have begun to identifying the departments within their organisations where data protection is needed most.

The most common departments to have budget allocated for spend on GDPR are finance and IT (31%). This is particularly relevant as most businesses believe their critical data predominantly lies in the finance department (55%), suggesting that finance will be under the spotlight in the coming months as organisations look at how they can prepare for GDPR.

When looking at the size of an organisation, 46% of the businesses that reported they are ready for GDPR had between 500 – 999 employees. Compared with larger corporations of 5000 or more employees, only 19% reported they are ready, suggesting that bigger is not necessarily better.  Smaller enterprises are leading the way over their larger counterparts in putting processes and technology in place ahead of May 2018.

While many organisations are expecting to be ready for GDPR, our research has shown that a typical company-wide IT project takes around six months to roll-out, meaning those that aren’t ready now are running out of time to introduce new technology which could help them comply with the legislation.

Dr Bunker added: "The key focuses for GDPR compliance are educating employees and understanding where your data lies. However, organisations that are still looking at how they can prepare should focus on security solutions that can be integrated within existing infrastructures, such as Data Loss Prevention (DLP) tools and content inspection software, which are the biggest priorities in preventing data loss and can be used to demonstrate compliance with GDPR legislation. This can save time and costs by adding these to existing security investments instead of the removing old technology and replacing it with completely new solutions.”

Share article

May 19, 2021

Vaccine rollout spurring dark net activity, McAfee finds

covid-19vaccine
darknet
covid-19
Fraud
2 min
Research by McAfee has found illegal sales of fake COVID-19 vaccines and tests on the dark net

A report by security software company McAfee has found a huge rise in the availability and demand for illegal COVID-19 vaccines. 

The research by McAfee Advanced Threat Research found evidence that COVID-19 vaccines are currently available on at least a dozen dark net marketplaces. Vaccines allegedly made by Pfizer-BioNTech are being sold for $600 to $2,500 per dose, with vendors using channels such as Wickr, Telegram, WhatsApp and Gmail to advertise and communicate. 

Some of the supposed vaccines are imported from the US, while others are packed in the UK and shipped all over the world, according to the listings.

Moderna vaccines, potentially fraudulent antibody tests and fake vaccine cards are also being increasingly sold on the dark web, on at least 10 different underground markets. 

Anne An, senior security researcher at McAfee’s Advanced Programs Group, told us that with the increased global demand for COVID-19 vaccinations, the demand for illegal vaccines, fake test results and vaccination record cards has also grown. "Consumers who are buying these items pose a serious threat to public health and spur the underground economy" she said. 

"Opportunistic cybercriminals capitalise on public interest in obtaining a COVID-19 immunity passport. These bad actors can also benefit by reselling the names, dates of birth, home addresses, contact details and other personally indefinable information of their customers." 

As well as cyber security measures, An says education is necessary to stem the rise in these illegal sales. "Dark net selling of illegal COVID-19 vaccinations, fake test results and vaccination record cards is both a cybersecurity issue and an educational issue.

"On the one hand, channels being used as a means of business have the responsibility to monitor and mitigate cybercriminal activity on their platforms. On the other, the ongoing efforts of government and medical officials to provide factual information on COVID-19 and vaccinations is critical to discouraging the demand for fraudulent alternatives."  

Read McAfee's report Fool’s Gold”: Questionable Vaccines, Bogus Results, and Forged Cards

Share article