Posted on February 8, 2011 by Josh Arrington
The UK Information Commissioner’s Office has today issued two local government councils with fines for breaches of the Data Protection Act. The two bodies were fined £80k / $128k and £70k / $113k respectively after two unencrypted laptops, containing the details of around 1,700 individuals, were stolen from the home of an employee working on the joint out of hours service for both councils.
What’s particularly interesting in this case is that one of the council’s actually had a policy in place requiring all data to be encrypted – something which they’d evidently failed to roll out organisation-wide.
Given both councils chose to ignore the warning signs, it’s quite clear that more needs to be done to ensure that organisations take data protection more seriously. As we’ve seen in the US with Senate Bill 1386, fines certainly act as a wake-up call to those involved, but education is absolutely essential if staff are to understand the pitfalls that can ensue from poor data protection policies.
With four fines already under its belt, the UK ICO seems set to make its point – issuing a warning only last week to local councils threatening prosecution for failure to implement proper data control procedures. Unfortunately we’re still seeing the fallout from organisations that are simply not succeeding in protecting valuable data, so it remains to be seen whether such warnings will be taken seriously. If not, and lessons are to be learned the hard way, at least we can be sure the powers that be will not be turning a blind eye.
Posted on January 25, 2011 by Udi Mokady
By Udi Mokady, CEO, Cyber-Ark
Cyber-Ark Software believes 2011 will be a significant year for the security industry. One marked by
transformation – both in terms of increasingly sophisticated threats and encouraging technology
innovation. Behind these changes are converging market factors such as the challenges facing
organizations that must protect against more targeted, persistent and sophisticated attacks, including
those related to Stuxnet and Wikileaks-type incidents; easing economic pressures driving new
infrastructure investments, particularly virtualization and cloud computing; and evolving internal audit
pressures and compliance requirements, such as PCI. To address these market factors, Cyber-Ark has
launched the “Privileged Insights” blog.
With our global reach, Cyber-Ark is in a fortunate position to be able to draw upon our experiences,
and those of our partners and customers, to share real-world examples of how unexpected
vulnerabilities, such as hard-coded passwords in a video conferencing system, digital copier or storage
device, can impact the overall security posture of an organization. No longer are threats limited to
insiders and expected targets like databases and servers—we must think about the unexpected. That
will be one of the goals of this blog, generating industry dialogue and empowering people with the
information they need to proactively manage unexpected threats by elevating awareness about the
risks of status quo security, and the need for innovation and new IT skill sets.
Cyber-Ark closed 2010 with 800 customers in more than 50 countries and strong revenues that are
driving tremendous momentum into the new year, including providing customers with proactive
security solutions for increasingly distributed architectures. In speaking with our customers, we
understand that, particularly at the C-Level, there remains hesitation about cloud adoption due to
multiple factors including security uncertainties and the sense of a “loss of control.” Cyber-Ark
recently produced a fun, informative video [included in this post] aimed at describing how Cyber-Ark
can help address key security issues in a cloud environment, whether you are a cloud service customer
or a cloud service provider.
Even with the growing complexity and fragmentation of the IT security space, we are optimistic about
the year to come. Cyber-Ark is extremely well-positioned in the privileged Account Activity
Management space, one of the fastest growing segments within the identity and access management
market. And with innovative offerings for governed file transfer, we continue to empower multi-
national organizations to initiate new business models and address their most daunting security
challenges related to how information is accessed, shared, monitored and managed. We look forward
to sharing our stories and participating in thought-provoking discussions about the expanding threat
landscape. And – stay tuned for more announcements coming from Cyber-Ark this year.
How do you see enterprise cloud adoption and security in the cloud evolving this year?
- Excessive Admins and Privileged Security – Part I
- Grossly Underestimating the Privileged Account Security Problem Part 3: Automating Privileged Account Management and Cyber-Ark DNA™ (Discovery & Audit)
- Google’s Insecurities
- Grossly Underestimating the Privileged Account Security Problem Part 2: Defining Privilege with Cyber-Ark CMO, John Worrall
- Grossly Underestimating the Privileged Account Security Problem
“The Compromise of Privileged Accounts was a Crucial Factor in 100% of APTs”: CyberSheath Releases the First APT/Privileged Account Research Report
Posted on April 24, 2013
Posted on April 1, 2013
Protecting Privileged Accounts can be the Difference Between “Managing” and “Securing” File Transfers
Posted on January 10, 2013
Copyright 2013 Cyber-Ark Software - All Rights Reserved