Your organization’s leadership is 12 times more likely to be the target of a security incident and nine times more likely to be the target of a data breach than they were last year. Find out how they can be protected.
Read the Datasheet
Gift Cardsharks: The Massive Threat Campaigns Circling Beneath the Surface
Learn about the attack group primarily targeting gift card retailers and the monetization techniques they use.
Get the Report
Threat Hunting Workshop Series
Join one of our security threat hunting workshops to get hands-on experience investigating and remediating threats.
Attend an Upcoming Workshop
Inside Magecart: New RiskIQ & Flashpoint Research Report
Learn about the groups and criminal underworld behind the front-page breaches.
Threat Hunting Guide: 3 Must-Haves for the Effective Modern Threat Hunter
The threat hunting landscape is constantly evolving. Learn the techniques, tactics, and tools needed to become a highly-effective threat hunter.
With EU GDPR one year away, there is still a lot of ground to cover for organizations that will be most affected, and the data shows it.
Over the past year, the EU General Data Protection Regulation (GDPR) and the online collection of personally identifiable information (PII) have been top-of-mind for RiskIQ, and we’ve recently posted two blogs on the topic, which you can read here and here.
With the go-live date now less than a year away, we at RiskIQ were curious to see the progress organizations were making toward compliance, specifically in the area of secure data capture. As a representative sample of UK plc, we set up a research project to look at the public-facing websites of the top-30 UK companies (FTSE 30 or FT 30 as it is also known). Given that GDPR applies to all EU organizations as well as those that directly engage with EU citizens, the findings are likely to be representative of what we would find if we increased our scope beyond the UK.
Overall, our research identified 100,000 live websites belonging to FTSE 30 organizations, 13,000 pages of which are collecting PII—an average of 400 pages per organization. What’s worse, a third of these pages are still collecting information insecurely, either through lack of encryption or vulnerable, obsolete encryption algorithms.
Fig-1 As the data indicates, there is still plenty of progress to make for organizations affected by the new regulations
An insecure collection of PII can affect consumers through loss and fraudulent use of their data, and organizations through loss of revenue, brand reputation, and damages. Under GDPR those damages can be considerable if collected data is compromised.
Along with secure capture, other elements of the regulation bring requirements to the data collection process. In our recent press release, Bob Tarzey, analyst, and director, Quocirca Ltd. said “Many will already have the data security basics in place to comply with the regulations that precede GDPR. However, GDPR has many additional requirements, especially around the way data is captured and processed. These include obtaining explicit opt-in from data subjects. Before an organization can address GDPR, it needs to fully understand the extent of its online data gathering activities.”
Using our RiskIQ Digital Footprint solution, we’re working closely with some clients to identify and assess all data collection points across their web presence. Once they establish a baseline, these customers can identify and evaluate any new collection points that arise in the future. To see a demo and take a virtual tour of the solution, sign up for RiskIQ Community Edition today.
RiskIQ is the leader in attack surface management. We help organizations discover, understand, and mitigate exposures across all digital channels.
🛡️#CyberSecurityBrief #Alert: @FTC Refunds Victims Of @OfficeDepot Tech Support Scam via @BleepinComputer @AthertonLab #CyberSecurity #InfoSec #Malware #Ransomware #DDoS #DataBreach #ITsecurity #CyberThreats #CloudSecurity #CyberSecurityInsights https://cybersecurityinsights.substack.com/p/your-friday-morning-cybersecurity?r=63k3&utm_campaign=post&utm_medium=web&utm_source=twitter
At #RSAC2020, stop by the @CrowdStrike booth on Tuesday at 11:30 to see the RiskIQ Illuminate app in action! It analyzes CrowdStrike endpoint coverage and compares it to RiskIQ's unmatched external data to provide a 360-degree view of your attack surface: https://bit.ly/2ujagwt
Credit Card Skimmer Found on Nine Sites, Researchers Ignored - by @Ionut_Ilascu
Looking for plans in San Francisco Monday night during #RSAC 2020? You're invited to party with RiskIQ at IGNITE, hosted by @FlashpointIntel! RSVP today: https://bit.ly/2R1SPJe