Magecart Strikes Again
Ticketmaster, British Airways, and Newegg have all been compromised. Who’s next? Read our research to see how we discovered the breaches.
IDG Connect: 2017 State of Enterprise Digital Defense Report
Findings quantify the security management gap and business impact of external web, social, and mobile threats.
Get the Research Report
RiskIQ Digital Threat Management Platform Datasheet
Learn about our platform and products.
Read the Datasheet
Frost & Sullivan: The Digital Threat Management Platform Advantage
The material benefits of a platform-based approach to security outside the firewall.
Read the Report
Rackspace Accelerates External Digital Threat Investigation with RiskIQ PassiveTotal
Download Case Study
EMA Radar™ Q4 2017 Report
RiskIQ ranked a technology and value leader in digital threat intelligence management.
Get the Analyst Report
June 1, 2017, Jay Huff
With EU GDPR one year away, there is still a lot of ground to cover for organizations that will be most affected, and the data shows it.
Over the past year, the EU General Data Protection Regulation (GDPR) and the online collection of personally identifiable information (PII) have been top-of-mind for RiskIQ, and we’ve recently posted two blogs on the topic, which you can read here and here.
With the go-live date now less than a year away, we at RiskIQ were curious to see the progress organizations were making toward compliance, specifically in the area of secure data capture. As a representative sample of UK plc, we set up a research project to look at the public-facing websites of the top-30 UK companies (FTSE 30 or FT 30 as it is also known). Given that GDPR applies to all EU organizations as well as those that directly engage with EU citizens, the findings are likely to be representative of what we would find if we increased our scope beyond the UK.
Overall, our research identified 100,000 live websites belonging to FTSE 30 organizations, 13,000 pages of which are collecting PII—an average of 400 pages per organization. What’s worse, a third of these pages are still collecting information insecurely, either through lack of encryption or vulnerable, obsolete encryption algorithms.
Fig-1 As the data indicates, there is still plenty of progress to make for organizations affected by the new regulations
An insecure collection of PII can affect consumers through loss and fraudulent use of their data, and organizations through loss of revenue, brand reputation, and damages. Under GDPR those damages can be considerable if collected data is compromised.
Along with secure capture, other elements of the regulation bring requirements to the data collection process. In our recent press release, Bob Tarzey, analyst, and director, Quocirca Ltd. said “Many will already have the data security basics in place to comply with the regulations that precede GDPR. However, GDPR has many additional requirements, especially around the way data is captured and processed. These include obtaining explicit opt-in from data subjects. Before an organization can address GDPR, it needs to fully understand the extent of its online data gathering activities.”
Using our RiskIQ Digital Footprint solution, we’re working closely with some clients to identify and assess all data collection points across their web presence. Once they establish a baseline, these customers can identify and evaluate any new collection points that arise in the future. To see a demo and take a virtual tour of the solution, sign up for RiskIQ Community Edition today.