Magecart Strikes Again
Ticketmaster, British Airways, and Newegg have all been compromised. Who’s next? Read our research to see how we discovered the breaches.
IDG Connect: 2017 State of Enterprise Digital Defense Report
Findings quantify the security management gap and business impact of external web, social, and mobile threats.
Get the Research Report
RiskIQ Digital Threat Management Platform Datasheet
Learn about our platform and products.
Read the Datasheet
Frost & Sullivan: The Digital Threat Management Platform Advantage
The material benefits of a platform-based approach to security outside the firewall.
Read the Report
Rackspace Accelerates External Digital Threat Investigation with RiskIQ PassiveTotal
Download Case Study
EMA Radar™ Q4 2017 Report
RiskIQ ranked a technology and value leader in digital threat intelligence management.
Get the Analyst Report
October 31, 2017, Scott Gordon
On May 25, 2018, the General Data Protection Regulation (GDPR) goes into effect. While many organizations see this as an EU-only regulation, in reality, it applies to any organization that collects, stores, and uses personal information about an EU citizen.
The GDPR is designed to improve privacy standards and enforce the rights of individual users to have control over the information that they share with organizations, as well as understand, in plain English, how that organization plans to use that data. In light of recent data breaches, especially those that are arguably preventable through basic system hygiene and cybersecurity best practices, the GDPR aims to hold organizations accountable for personal data under their management. Evidence of violations and negligence serves as cause for significant fines.
To support GDPR specifications, organizations need a comprehensive understanding of their digital footprint—all of the various internet-exposed assets that belong to them. They must be able to discover which external assets collect personally identifiable information (PII), including a user’s name, phone number, address, social media presence, photos, lifestyle preferences, location data, and even their IP address.
Sounds straightforward, but for multinational companies with expansive web infrastructure, merely compiling and assessing site details is often fraught with gaps and inaccuracies. When looking at 25 of the 50 largest banks in the U.S. (2017), the RiskIQ Threat Research team discovered that 68% of the banks had significant security gaps in PII collection:
Fig-1 Pages collecting data insecurely across 25 of the largest banks in the U.S.
RiskIQ Digital Footprint can help with GDPR compliance by identifying websites within an organization’s footprint that collect and process PII. Digital Footprint’s new PII/GDPR Analytics provides organizations with the capability to:
Fig-2 RiskIQ Digital Footprint with PII tags
RiskIQ Digital Footprint PII/GDPR Analytics feature helps expedite GDPR compliance during the initial discovery and subsequent audit processes by helping organizations identify websites belonging to them, as well as specific pages on those websites that collect PII insecurely.
With PII/GDPR Analytics applied to the Digital Footprint inventory, RiskIQ will automatically tag an organization’s internet-facing assets that have login forms, collect PII, or have cookies, and flag potential GDPR violations. Assets in this inventory can be filtered by tags, allowing for easy compliance evaluation and analysis. Organizations will also receive a detailed quarterly point-in-time GDPR assessment in a PDF format for convenient analysis, reporting, and sharing, as well as a CSV file of external assets that collect PII.
Fig-3 PII collection report
RiskIQ’s PII/GDPR Analytics feature is immediately available. Our PII/GDPR analytics feature for customers in the United States is included with our Digital Footprint Enterprise solution, and for those in the EU, it’s offered as either as standalone GDPR on-demand report or as an add-on to Digital Footprint. Register for RiskIQ’s webinar on Wednesday, Nov. 29 to learn best practices for ensuring your organization is prepared for the looming GDPR mandate. For even more information about how RiskIQ can help with GDPR compliance, please download our white paper and datasheet.