Tag Archives: GDPR

How to Tap into the Media Love-Affair with Data

We currently live in a digital world and almost everything can, and is, described with numbers. Data gives reporters the unique ability to tell a compelling story with the sheer scale and range of digital information available today and using data to drive stories has become a widely-adopted best practice among media professionals of all types.

Long story short: reporters love data and you should too.

Data plays a key role in any successful media strategy and can help organizations secure media coverage, develop thought leadership platforms and achieve overarching business objectives. Click To Tweet

Data plays a key role in any successful media strategy and can help organizations secure media coverage, develop thought leadership platforms and achieve overarching business objectives. In today’s global economy, there are invisible connections between products, consumers, organizations and larger industry trends. Data helps provide a credible and timely way to link these and participate at the forefront of these conversations in the media. From a PR perspective, a data-driven media relations campaign hinges closely on the theme of providing value to reporters and can be a useful tactic to develop mutually beneficial relationships. By arming reporters with proprietary data or leveraging existing data to introduce a new perspective on a larger industry trend, you’re participating in a value-based interaction vs. something that is overtly promotional.

So, how can an organization utilize data, proprietary or existing, to secure media coverage that advances its overarching business objectives? Ultimately, you want to use data as a springboard or jumping-off point to start a conversation which legitimizes a problem or industry-wide POV, and then propose a way in which your organization can provide value to the conversation.

For example, CompTIA, the Computing Technology Industry Association, recently released a study on GDPR which states that 52 percent of U.S. companies surveyed are either still exploring the applicability of GDPR to their business; have determined that GDPR is not a requirement for their business; or are unsure. Pitching reporters this data, in conjunction with an expert from your organization who can speak to the steps companies can take to figure out if GDPR applies to their business, provides reporters with a timely media angle and an expert on the topic. The desired result? A win-win situation for all parties: an educational piece for the reporters’ audience, coverage and brand awareness for your organization and a thought leadership platform for your subject matter expert.

Successful data-driven media programs involve strategy, foundational work and ongoing maintenance. There are both reactive and proactive approaches to building a comprehensive data-driven media program. The first step in implementing a data-driven media program, whether proactive or reactive, is to determine a list of topics and keywords that you will use to monitor for data. Next, use these identified topics and keywords to conduct an audit to see what studies already exist. Ask these questions:

  1. Is this study annual? If so, what is the publish date?
  2. Who conducted the study?
    NO FOLD ICON 15x15 Is this study commissioned by a third-party association or analyst firm?
    NO FOLD ICON 15x15 Was this study commissioned by a competitor or different company? Note: If it was commissioned by a competitor, avoid referencing it. If it was conducted by a different company, thoroughly vet the company to make sure there are no competing interests.
  3. Was the study conducted by credible means?
  4. Was this study covered and well-received in the media?

If your organization has the bandwidth and budget to commission proprietary data, this audit will be a useful tool to determine how your company can provide value in the current data landscape. Identify gaps and areas of opportunity to contribute new data to the conversation. Insights garnered from the audit will drive survey development. Next, determine budget and audience. Is your audience B2C or B2B? Do you have budget to engage a third-party vendor? If you do not have budget to hire a third-party research firm, you can explore cheaper options, like SurveyMonkey, to pursue. Be cognizant of the “magic number” of survey respondents or sample size that is required for a study to be considered credible by the media; these figures vary when targeting B2C and B2B survey audiences. Once you have fielded your data, create a comprehensive media strategy that takes into consideration timing, media targets, messaging, distribution and how you’ll cross promote the findings on different social and corporate media channels.

A reactive data-driven media program can help your organization capitalize on a third-party’s investment in data. Use the topics and keywords previously identified to set up “Google Alerts” and “Talkwalker Alerts” to be notified in real-time if relevant data is released and be prepared to “trend-jack”; on an ongoing basis, this is crucial to running a successful and timely reactive data-driven media strategy because it will allow you to react in real-time. The audit on the current data landscape as it relates to your organization will play a key role in the reactive data-driven media campaign.  Start by adding any reoccurring reports or surveys which are not issued by a competitor into your media content calendar. This way, you can anticipate when they will be published and incorporate the data into a larger media strategy. Identity your spokesperson in advance and storylines that directly connect to your company’s value proposition. When the data is published, you’ll be ready to execute a comprehensive and timely trend-jack campaign.

To successfully run a data-driven media program, you must first have a solid understanding of the current data landscape, how you want to participate and the new value you’ll add to the conversation. A wide range of data currently exists, so be sure to capitalize on it to maximize media coverage, advance business goals and develop thought leadership platforms.

By Jacquelyn Daane 

Security Never Sleeps- Locky Ransomware, Kaiser Breach

Locky Ransomware Rears its Head in Big August Campaigns

“Encryption extension changed”

A few weeks ago Locky changed its encryption extension to .lukitus (“locked” in Finnish). This variant has still proven frustratingly difficult to decrypt, according to Heimdal Security. It is often viewed as a part of a set of malicious spam waves that are hitting users one after the other. Comodo Labs has dubbed the late August campaign as the IKARUSdilapidated version of Locky. This still has the .lukitus extension and it spreads using a botnet of zombie computers responsible for coordinating a phishing attack.

There have been two waves in the new attacks so far. The first attempts targeted emails which appeared to be from an organization’s scanner/printer or other legitimate device. When the program was successful, it encrypted the victims’ computers and demanded a bitcoin ransom payment.

Comodo released the following in an analysis sent to Infosecurity: “As many employees today scan original documents at the company scanner printer and email them to themselves and others, this malware-laden email will look very innocent,” and “The sophistication here includes even matching the scanner/printer model number to make it look more common as the Sharp MX2600N is one of the most popular models of business scanner/printers in the market.”

Cyber Security Regulation — The Move Towards Board Involvement

“New regulations will have large impact on citizens and companies”

Regulators are often times the catalyst for stronger trends in cyber security, and new regulation from the EU is going to have a serious impact on organizations that process EU data in their busineses. After four years of diligence and debate, The EU Parliament approved the Global Data Protection Regulation on April 14, 2016. It will enter into effect on May 25, 2018, at which time those organizations in non-compliance will face heavy fines.

Kaiser Permanente says 600 Riverside area members affected by data breach

“Sensitive information thought to be safe”

Kaiser Permanente is notifying about 600 members from Riverside and “surrounding areas” by mail about a patient data breach, which include medical record numbers and procedures. No other identifying information was apparenty released. The breach was detected Aug. 9 when a list of information was “inadvertently sent to an unintended email address,” the statement noted. The information did not include Social Security numbers, financial information or other member information.

Almost half a million pacemakers need a firmware update to avoid getting hacked

“Patient hearts need hacking protections”

Nearly half a million pacemakers are being recalled by the US Food and Drug Administration after the agency found that the devices could be hacked to control pacing or deplete batteries. Rather than having patients remove or replace the device, however, the manufacturer is releasing a firmware update designed to address the vulnerabilities.

Enjoy your read? Check out our other content here.

10Fold Security Never Sleeps- GDPR, Law and IoT

New Trojan malware campaign sends users to fake banking site that looks just like the real thing

“False login ages steal sensitive info”

A credential stealing trickbot banking malware has been engaging in a email spam campaign that gives users a fake webpage that is nearly identical to the original. Online banking users in the US, UK, Australia, and many other countries have been affected, and this number is expected to grow as those developing it have been experimenting with EternalBlue. This was the exploit that allowed WannaCry and Petya to spread so efficiently.

Can U.S. lawmakers fix IoT security for good?

“Inter-connectivity leaves devices vulnerable”

Several U.S. Senators believe they have proposals that will aid in preventing the attacks that have plagued IoT devices in the last few years. The proposed solutions, put forward in the Internet of Things Cybersecurity Improvement Act of 2017. Many expert analyses of the IoT Act reveals that it’s likely a hearty step in the right direction, but it may not be enough to stop the tide of attacks that cause major issues for many people.

How to protect personally identifiable information under GDPR

“New rules grant more rights in PII for consumers”

The GDPR goes into force May 25, 2018, impacting many firms worldwide that process data for EU citizens. Heavy fines and other penalties are due to the companies that do not enforce the more rigorous personal identifiable information (PII) regulations, often up to 4% of a firms yearly revenue. Breaches are also required to reported with three days.

Ex-NSA Analyst Raises $10 Million To Stop Hackers Destroying Power Grids

“Infrastructure targets more popular”

Part of an espionage mission to disrupt critical services began in 2013, when a U.S. dam was targeted by mercenaries hired by Iran’s revolutionary Guard Corps. This relays the importance of national cyber security, recognized by Rob Lee, who was once part of National Security Agency and currently co-founder at infrastructure-focused cybersecurity firm Dragos Inc. The firm has recently raised $10 million in Series A funding for its goals, and a recognition of the seriousness of the situation.

Enjoy your read? Check out our other content here.

10Fold- Security Never Sleeps- 197

Ransomware can cost firms over $700,000; cloud computing may provide the protection they need

“Cybercrime costs are increasing”

A single ransomware incident can, on average, run a tab of over $713,000. About 21% of 200 SME businesses in the U.S. said they are completely ready to manage IT security and protect against threats. This number is dangerously small, but cloud computing may provide the security against the threats that many firms need.

The GDPR Deadline is Fast Approaching; How Enterprises are Readying Themselves

“Compliance needed by May 25, 2018”

Many organizations have dedicated countless hours for preparation for the European Union General Data Protection Regulation, but too many have just started taking steps to ensure compliance. The new regulations will have international consequences that must be addressed by firms who deal across borders, as the legislation has dire consequences for those who don’t comply.

WannaCry ‘Kill Switch’ Creator Arrested in Vegas

“Marcus Hutchins indicted for Kronos malware”

Federal authorities have nabbed user MalwareTech, aka Marcus Hutchins, for the creation and distribution of the Kronos banking Trojan. In an unsuspected move, authorities arrested Hutchins after his role as the researcher who stopped the expansion of the WannaCry ransomware earlier this year. WannaCry was deemed an extremely high risk malware, spanning over 150 countries in just a matter of days.

How do you predict cyber attacks? Listen to your Cassandras

“Proprietary data collection and intellectual property need protection”

Bad actors targeting vital institutions that had previously been sacrosanct have become harder to detect. The damages inflicted in many cases have dealt virtually fatal blows to corporate finance and organizational operations.

Enjoy your read? Check out our other content here.

10Fold- Security Never Sleeps- 182

The 15 biggest data breaches of the 21st century

“Highlights need for infosec upgrades”

Data breaches are, unfortunately, daily occurrences that end up exposing millions to undue risk. CSO have compiled a list of the 15 biggest breaches of this century, with criteria that includes damage to companies, insurers, and customer account holders. In many cases, passwords and other information were protected via encryption so a password reset eliminated.

New Malware Threatens to Send Users’ Pictures, Internet History and Messages to Friends

“LeakerLocker threatens privacy”

A new type of malware that can access and distribute pictures, browsing history and messages in a users device. The program, LeakerLocker, can be downloaded inadvertently through applications on Google Play, and will lock your phones screen and then claims your sensitive information has been stored.

Hospitals to receive £21m to increase cybersecurity at major trauma centres

“Huge beefing up of infosec”

Hospitals that treat patients for major incidents will receive over £21m for cybersecurity upgrades in the wake of the WannaCry ransomware attacks on NHS IT systems. Helath Secretary Jeremy Hunt pledged the funds in an attempt to shield the healthcare sector from the disruptions of malware events in the future.

Cyber security industry believes GDPR is stifling innovation

“Looked skeptically upon by the community”

A recent poll of Infosecurity Europe 2017 attendees showed that almost half think that the EU General Data Protection Regulation is stifling innovation by making companies nervous about cloud services. There are several concerns respondents named as issues with the regulations, including the perceived inability to find and/or report a data breach within 72 hours.

Enjoy your read? Check out our other content here.

10Fold- Security Never Sleeps- 177

More than half of major malware attack’s victims are industrial targets

“Petya intended effects examined”

Kaspersky Labs has released a new report with some grand insights in the Petya malware attack. First appearing as a widespread ransomware attack, it became clear later into the ordeal that the spread was more intended for destruction rather than financial gain. Kaspersky reported specifically that financial sectors were the most affected, as well as manufacturing or oil mechanisms.

Hacking Factory Robot Arms for Sabotage, Fun & Profit

“Could open a new world of ‘Subtle Blackmail'”

Black Hat talk will discuss how cybercriminals could manipulate robotic arms and create defects in vital products. Security researchers have been accumulating cache’s of big discoveries about IIoT vulnerabilities, and Black Hat is planning on continuing their release to raise awareness of critical flaws in infrastructure, power grids, and gas pipeline controls.

General Data Protection Regulation (GDPR) requirements, deadlines and facts

“EU legislation lowdown” 

GDPR is a regulation that requires businesses to protect the personal data and privacy of EU citizens for transactions that occur within EU member states, and non-compliance could cost companies dearly. This article details what every company that does business in Europe needs to know about GDPR.

Online fraud costs public billions but is still not a police priority, says watchdog

“Policing institutions not enforcing rules effectively”

The National Audit Office has claimed that various policing and regulatory agencies were insufficiently addressing the issue of online fraud. The NAO says that for most police forces the incidents are: “not yet a priority” and the problem had been overlooked by government, law enforcement and industry.

10Fold- Security Never Sleeps- 167

New Jaff Ransomware Variant Emerges

“Another active threat detected”

As WannaCry headlines begin to die down, another variant of a detrimental ransomware has begun to make the rounds. Jaff, a necurs distributed botnet, uses a similar deliery system as Locky and WannaCry. This gives security researchers an insight into the threat actors who designed Locky and Dridex, who also launched the Bart ransomware that grew concerns last year.

Survey Shows Disparity in GDPR Preparedness and Concerns

“New regulation affects any firm that does business in EU”

The GDPR will take affect one year from toay, but there seems to be little readiness for firms to take on the necessities outlined in the legislation. Specifically, geographic differences are highlighted in a recent study that shows just how ill-prepared disparate nations are.

Newly discovered vulnerability raises fears of another WannaCry

“Tens of thousands of devices potentially open to attacks”

A recently found flaw in widely used networking programs have a new flaw that could leave users open to ransomware like WannaCry. The U.S. Department of Homeland Security announced the potential for harm on Wednesday, which is claimed to be able to take control of the compromised device entirely without a patch applied by the user and admisistrator.