No. 7 | CyberVade's Weekly Scoop 🍦

CyberPirates🚢 , 2️⃣0️⃣2️⃣4️⃣ : the year of the breach, the Complexity Data Privacy🔒, Cyber Risk Management and the cvPenScan

AuthorAuthor

Niko Kluyver & Caetano Kluyver
August 16, 2024

Hi there, this is CyberVade’s Weekly Scoop🍦, where we bring you Cybersecurity, AI, Data Privacy and Compliance knowledge updates.

Every issue, we’ll take you on a tour of the latest cybersecurity headlines (⚡️), throw in some witty analysis (🧠 ), serve up a mini cybersecurity MBA - because who doesn’t love a byte-sized brain boost? (🎓) And finally, shine a spotlight on one of CyberVade’s solutions to show how it can save the day ( 🚀).

Today’s edition: Number 7️⃣.
7️⃣ is also the number of colors in the rainbow, chakra’s in a human body, and number of world wonders. But I digress.

This is what we’ve got for you:

⚡️GDPR versus X, CyberPirates?, and 2024: the year of the data breach; 3 billion leaked records… 🤯 

🧠 The Complexity of Data Privacy

The General Data Protection Regulation (GDPR), created by the European Union, is the gold standard of data privacy regulation in the world. The GDPR aims to protect the personal data and privacy of individuals within the European Union by establishing strict guidelines for data collection, processing, and storage, while giving individuals greater control over their personal information — a fundamental right enshrined in the EU Charter of Fundamental Rights (article 8).

Since its inception, however, there’s has been a gap between the regulation and the compliance of it. A 2023 study states that nearly 75% of surveyed privacy professionals have said that “if a data protection authority (DPA) would walk through the door of an average company tomorrow, it would surely find relevant GDPR violations”4. The problem? Convincing decision-makers to make necessary changes to be GDPR compliant.

Increasingly though, the EU is stepping up its game when it comes to enforcement of this regulation, as indicated by the steady increase of distributed fines.

Overall number of fines (cumulative). Source: Enforcementtracker

The largest fine was given to Meta in 2023, a whopping EUR 1,2 billion. That might sound like a lot, but to put it in perspective, that accounts for only 0.1% of Meta’s 2023 revenue2 and Yahoo Finance summarized it nicely as: “is it significant for Meta overall … well, not monetarily maybe”1 . It makes one wonder if the fine is sufficiently scary to warrant adherence to the regulation. Scott Galloway has a nice analogy for this3 :

This is tantamount to getting a $10 parking ticket for not feeding a meter that costs $100 every 15 minutes. Yes, you should NOT feed the meter.

Scott Galloway

So what do we have: privacy professionals unable to convince decision makers to become GDPR compliance, increasing enforcement by the EU, and billion euro fines which still seem insufficient to scare of the big players. It just illustrates that protecting people’s fundamental right for data privacy is complex.

🎓 Cyber Risk Management and Governance

Welcome Cybersecurity 101. In this mini MBA series we distill essential cybersecurity knowledge into quick, digestible lessons 🍪 .

Think of it as a crash course in keeping your digital world safe, without the lengthy lectures. Today’s course: Cyber Risk Management and Governance.

Cyber risk is a critical threat to modern businesses, impacting financials, operations, and reputation. Effective cyber risk management and governance require C-suite engagement, as cyber threats—ranging from data breaches to ransomware—are rapidly evolving and have the potential to be costly (both monetarily and reputationally).

Cyber Risk Management 🎯 

Cyber risk management involves identifying, assessing, and mitigating threats. Start with regular risk assessments to identify vulnerabilities, both external (e.g., hackers) and internal (e.g., employee errors or crime). Risk mitigation includes implementing technical defenses (e.g., encryption, multi-factor authentication) and ensuring that employees and vendors comply with security protocols. Develop an incident response plan (IRP) to contain breaches quickly, and continuously monitor for emerging threats. There are various frameworks that can help.

Governance 🤝 

Effective Governance ensures that cybersecurity aligns with business strategy and risk appetite. The board and executives must oversee cybersecurity, making it a regular agenda item. A Chief Information Security Officer (CISO) should drive accountability. Foster a culture of security by prioritizing cyber awareness across the organization, and ensure compliance with regulations (e.g., GDPR — improper security measures to protect data is the third most fined violation of the GDPR) to avoid fines and reputational harm. It involves directing and controlling security governance, specifying the accountability framework and providing oversight to ensure effective risk mitigation. This underscores that cybersecurity is not only a technical and operational concern, but should be viewed as an enterprise risk management concern.

Effective cyber governance requires a proactive, top-down approach to minimize risks and ensure business resilience.

🚀 cvPenScan

In "Solution Spotlight” we highlight the CyberVade solutions protecting your data from cyber villains. Each edition introduces a new solution making waves, breaking down its features and benefits. Whether you're a pro or just starting, meet the tech superheroes keeping your digital world safe!

The cvPenScan in three sentences:

  • 💫 Get an overview of your cybersecurity posture on 9 key dimensions

  • 🚀 Get it within 5 business days

  • 💸 Fraction of the cost of a full penetration test

Strongly recommended for non-technical top management or board members; since you are responsible for the risks, its good to get this valuable independent quick scan of the environment you are responsible for.

Not yet convinced? All right, we’ll say a bit more.

You might have heard of Penetration Testing and Vulnerability scanning- and how this is an essential part to knowing how secure your organization is against cyberthreats. You might have also heard about the hefty price tag that usually accompanies this exercise 🤯 .

Well, if you’re interested in a high level overview of your organization’s security posture for a fraction of the cost - this is where the cvPenScan takes the stage 🪄 . While not a PenTest, the cvPenScan is a limited-scope cybersecurity assessment with both vulnerability scanning and PenTesting components.

  • The result of a cvPenScan will give you a indicative scorecard rating your cybersecurity posture on 9 dimensions: account security, M365, patches, firewalls, antivirus, encryption, and more.

  • We’ll also tell you a bit more about where the issues lie and can assist with remediation actions.

  • Practically, it means that we’ll run a scan on a few of your endpoint(s), analyze the results and provide you with a report. We’ll walk you through the results and answer any questions you might have.

  • Depending on your needs we can follow this quick scan up with full-fledged penetration tests and vulnerability scans.

Prevention is better than curing - and CyberVade is your partner to do so:

About CyberVade

CyberVade is a professional service provider focusing on cybersecurity, data privacy, AI, and compliance. CyberVade’s mission is to fortify your business and offer knowledge and managed cybersecurity tools to assist companies in their defensive strategies to fend off the ever-growing attacks from cybercriminals. We also assist clients to become compliant in any framework that applies to them such as PCI-DSS, ISO27001, SOC2.

cybervade.io