Tag Archives: whitepaper

Panda Security’s GDPR Preparation Guide Helps Ease the Transition to the New Regulation

There’s a new challenge that lies ahead for businesses that have operations within the European Union. The new General Data Protection Regulation came into effect on 25 May, 2016, and will begin to be enforced 25 May, 2018.

With the focus on protecting the fundamental rights and freedoms of natural persons and their right to the protection of personal data, the regulation establishes obligations and advantages both for private entities and public administrations.

Panda Security’s “Preparation Guide to the New European General Data Protection Regulation” introduces the new legislation to businesses before its application in 2018. Disregarding the application of the GDPR could lead to costly administration fines of up to 20,000,000 euros.

Panda’s objective is to address the need to adapt data security practices and thereby give its clients a competitive advantage.

How will the GDPR affect businesses?

One of the main points of the white paper is that taking action only when an infringement has already occurred is insufficient as a strategy, since such a failure can cause irreversible damage to interested parties and can be very difficult to compensate.

Here are some sanctions and other potential problems stemming from non-compliance with the GDPR:

  • Direct or indirect economic repercussions. These could result from security incidents coming from outside the company or from a company’s own employees and collaborators.
  • PR damages. Damages to your reputation could result from security incidents not properly being reported to the public.
  • The loss of current or potential clients may occur when the company is unable to demonstrate that it is in compliance with the regulation.
  • The risk of data-processing limits or bans imposed by data protection audits, which could affect the normal functioning of a company.
  • The possible suspension of your service for your clients, which could induce them to leave your service or even take legal action.
  • Reparations that interested parties will have the right to claim in case of infringement.
  • Costly administration fines that could reach up to 20,000,000€ or 4% of the total worldwide annual turnover of the preceding financial year, whichever is higher.

Panda Security, a partner in compliance with the new law

For organizations dealing with data, prevention is the core element of the regulation. We underscore the importance of working with vision and anticipation as a competitive advantage in business strategy.

Businesses that have put their trust in Adaptive Defense are already well on their way to complying with the GDPR. It offers:

  • Prevention: Adaptive Defense features an internal audit system to verify the security status of the IT infrastructure at any given time, even before the solution is deployed. In the implementation of the action plan for compliance with the GDPR, it proves to be an invaluable tool.
  • Protection of personal data processed on a business’s systems, stopping, for example, any untrusted process from running.
  • Risk reduction, key activity indicators, and endpoint status, which helps to establish security protocols.
  • Tools to satisfy the requirement to notify authorities of security incidents within the first 72 hours after a breach·
  • Control mechanisms and data management for the DPO, who will be notified in real time not only of security incidents, but also whether or not these incidents involve compromised personal data files.

 

The post Panda Security’s GDPR Preparation Guide Helps Ease the Transition to the New Regulation appeared first on Panda Security Mediacenter.

How to avoid hacking to Critical Infrastructure

panda-security-infrastructure

The cyber-attacks on the backbone of today’s economies are materialized in those assaults that affect society as a whole. The strategic priorities of national security include infrastructure exposed to the threats that can affect the operation of essential services.

PandaLabs, Panda Securitys anti-malware laboratory, has released a whitepaper called “Critical Infrastructure: Cyber- attacks on the backbone of today’s economy” with a timeline of the most notorious cyber-security attacks around the world on critical infrastructure, and recommendations on how to protect them.

Malware and targeted attacks aimed at sabotaging these networks are the main threats to critical infrastructure. Oil refineries, gas pipelines, transport systems, electricity companies or water supply control systems all form part of a technologically advanced industry where security failures can affect the whole of society.

Malware and targeted attacks

Today’s increasing trend towards interconnecting all types of infrastructure also increases potential points of entry for attacks on the services that have become essential for today’s societies.

This is apparent with the cyber-attacks that have been carried out in the past against these networks, the first of which took place in 1982, even before the Internet existed. In this case, attackers infected the systems of a Siberian oil pipeline with a Trojan.

critical-infrastructure-pandaIn addition to paralyzing and reducing services, which was what happened to the Venezuelan oil company PDVSA when it was hit by an attack that reduced production from 3 million barrels a day to 370,000, such attacks can also have a significant financial impact. One of the largest car manufacturers in the USA was left with losses of around US$150 million thanks to an attack using SQLSlammer, which spread rapidly and affected 17 production plants.

The threat is real

panda-security-crtical-infrastructureOne of the most infamous cases of cyber-attacks on critical infrastructures in history was Stuxnet. It is now known that this was a coordinated attack between the Israeli and US intelligence services, aimed at sabotaging Iran’s nuclear program. The case became the catalyst that made the general public aware of these types of threats.

Over the years there have been key events that have marked turning points in global security, such as the 09/11 attacks. In Europe, there was a similar key date, March 11, 2004, the date of the Madrid train bombings. As a result, the European commission drew up a global strategy for the protection of critical infrastructure, the ‘European Programme for Critical Infrastructure Protection’, which includes proposals to improve Europe’s prevention, preparation and response to terrorist attacks.

How could these attacks have been avoided?

The technical characteristics and the high level of exposure of data that can be stolen means that special care needs to be taken in protecting these infrastructures, including a series of good practices, such as:

  • Checking systems for vulnerabilities.
  • The networks used to control these infrastructures should be adequately monitored and, where necessary, isolated from external connections.
  • Control of removable drives is essential on any infrastructure and not just because it has been the attack vector for attacks as notorious as Stuxnet. When protecting such critical infrastructure, it is essential to ensure that malware doesn’t enter the internal network through pen drives or that they are not used to steal confidential information.
  • Monitoring PCs to which programmable logic controllers (or PLCs) are connected. These Internet-connected devices are the most sensitive, as they can give an attacker access to sensitive control systems. Moreover, even if they don’t manage to take control of a system, they can obtain valuable information for other attack vectors.

In light of this panorama, protection against advanced threats and targeted attacks is essential. Adaptive Defense 360 offers comprehensive security against these attacks and provides companies with all they need to defend themselves and close the door on the cyber-security vulnerabilities that can, in the end, affect us all.

Download the infographic “Cyber-attacks on the backbone of today’s economy” here.

Download the Whitepaper:

international

International Edition

 

Russia

Russian Edition

 

PortuguesePortuguese Edition

 

swissSwiss Edition

 

The post How to avoid hacking to Critical Infrastructure appeared first on Panda Security Mediacenter.

Panda Security Protects Privacy in Public Administration

Header-EN

There have been thousands of top secret documents leaked, confidential information pertaining to individuals has been stolen, cyber espionage between powerful governments has occurred, and attacks have been performed by personnel with privileged access. These are all examples that confirm that propagandistic pursuit and economic gain drive cybercriminals, and they target those who are willing to pay for the retrieval of their valuable information, such as institutions in the public sector.

PandaLabs, Panda Security’s anti-malware laboratory, presents the “Privacy in Public Administrationwhitepaper; detailing numerous cyber-attacks on countries that could almost have come from a science fiction story.

Legislative Developments in Cybersecurity

The technological revolution in the public sector, the digitalization and storage of information, and the boom in online services to simplify administration for the public have led to an exponential growth  in the generation, storage and processing of confidential data; data which must be treated with the utmost care. Consequently, the public sector now faces a new series of demands in risk prevention, security and legal compliance.

Politically-motivated attacks

During the past decade, crimes including cyber-terrorism, cyber-espionage and hacktivism have been on the rise, threatening the privacy of Public Administrations, businesses and nations:

Manning-EN 2010: Bradley Manning, a US soldier, copied 700,000 confidential documents and used WikiLeaks to publish the data. In total almost half a million records from the Iraq and Afghanistan conflicts, and more than 250,000 secret U.S. diplomatic cables.

2013: EdSnowden-ENward Snowden, a former employee of the CIA and NSA, published top secret documents through the Guardian and the Washington Post concerning various NSA programs, including the mass surveillance programs PRISM and xkeyscore.

2016: A total of 19,252 emails (including attachments) from 8,034 servers of the US Democratic National Committee sent between January 2015 and May 2016 were revealed on WikiLeaks this July. The security company contracted by the Democratic National Committee has claimed that the hack was the work of at least two different groups of hackers linked to a Russian government agency in an action designed to favor Republican candidate Donald Trump.

Now, three months before the US elections, the FBI has confirmed the hacking of at least two electoral databases by foreign hackers who have extracted voter information from at least one of them. There is an ongoing investigation and IPs have been traced back once again to Russian hacking forums. Coincidence?

Elections-EN

The solution for adapting to the change.

The emergence of new players from different backgrounds and with varying motivations combined with their ability to act in any security dimension, hinders the identification of aggressors and decreases the ability of countries to adequately respond. Current legislation is not adapted to the new cyber-crime dynamic or to new technological or data management demands.

To prevent new attacks on public agencies, a common regulatory and legislative framework is needed, with responsibilities shared between states. One such example is the new regulatory framework passed in the EU in 2016.

For public institutions, success in ensuring cyber-security lies with meeting certain requirements:

  • Having real-time information about incidents and security holes related to data security, such as the accidental or illegal destruction, loss, alteration, unauthorized disclosure or remote transference of data.
  • Compliance with Article 35 of the “General Data Protection Regulation” on data protection with regular and systematic monitoring of data on a large scale.
  • Reporting all possible transfers of data files to foreign countries.
  • Improving individual rights, including the right to be forgotten, and data portability across all shared data files.
  • Safeguarding delegation to other processors of data deletion, reporting and notification requirements, and the maintenance of file transfer activities.

To this effect, the implementation of advanced technologies such as Adaptive Defense 360, as a complement to traditional antivirus solutions or perimeter security, enables compliance with guidelines and the technical requirements outlined above, since Adaptive Defense offers guaranteed security against threats and advanced targeted attacks on companies.

Download the Infographic here.

Download the Whitepaper:

International Edition
Edición América Latina Edición México
Edição Portugal Ausgabe Schweiz
UK Edition US Edition

The post Panda Security Protects Privacy in Public Administration appeared first on Panda Security Mediacenter.

Panda Security Dissects the “Cyber-Pandemic”

pandasecurity-hospitals-1

Economic gain is the fuel that motivates cyber-criminals. There are thousands of credit cards stolen, infected computers and POS terminals, and kidnapped information that cyber-criminals use in order to make large sums of money. These victims are in the line of fire, and are willing to pay these ransoms in order to get their private information back.

Recently, we have seen particular cases of large scale attacks that are designed specifically for industries, like the hotel sector or certain financial institutions, but can you imagine what would happen if a hospital fell into the hands of a cyber-criminal? PandaLabs, Panda Security’s anti-malware laboratory, presents a new whitepaper, “The Cyber-Pandemic”, with examples of real threats that seem science fictional but can affect us all.

A History of Attacks

The healthcare industry is very technologically advanced but it also has huge security flaws, making it an easy target for cyber-criminals. If we add this to the immense amount of highly sensitive information that is managed by hospitals, pharmacies and health insurance providers, plus the high price that it could be sold for on the black market where a medical history is much more valuable than a credit card, we are able to understand how this was the most attacked industry last year.

A Timeline of the Most Notorious Attacks

2008: The University of Utah Hospital and Clinics announced that the private information belonging to 2.2 million of their patients was compromised. The information was stored on backup tapes belonging to an external employee that was subcontracted, who failed to comply with the established protocols.

2015: One of the most infamous attacks that was aimed at the second largest Insurance company in the United States, Anthem. In this attack 80 million customer records was stolen, including sensitive data such as Social Security numbers.

2016: The cyber-attack that hit the Hollywood Presbyterian Medical Center in Los Angeles left their employees without access to patient medical records, emails and other systems. As a result, some patients could not receive treatment and had to be transferred to other hospitals. What was the ransom? 3.7 million dollars.

pandasecurity-hospitals-2

They Can Hack Our Health

These attacks have demonstrated that these cyber-criminals are capable of shutting down all hospital activity, When we take into account all the medical equipment that is connected to the network, we can imagine how this cyber-pandemic could affect any ordinary person.

In 2013, former U.S. Vice President Dick Cheney revealed that his doctors disabled wireless communication on his pacemaker because they saw that it was highly possible for someone to remotely attack his device if they wanted to. Globally known hackers have demonstrated how it is possible to remotely alter a portable insulin pump that is used by thousands of diabetics or how to remotely manipulate a pacemaker in order to send a life-threatening electric shock.

In a hospital room, everything from the belts that raise your feet to the infusion pump that injects your medicine is connected to a computer. To demonstrate how easy it is to access this equipment, a number of these machines were tested to alter the dose of medicine to lethal levels. This can be done on more than 400,000 of these pumps throughout the world that remain vulnerable.

How Can We Avoid These Attacks?

It is important to take note: paying a ransom does not guarantee that stolen documents or information will be returned. The ransom payment did not secure that the victim got back their documents in any of these examples. It is better to avoid this altogether. Here are some of PandaLab’s recommendations on how you can avoid a cyber-pandemic:

  • Depend on a cyber-security solution that has both advanced protection functionalities and is also able to detect and remedy possible threats.
  • There is something in common in all of the systems that were targeted in the attacks: a lack of control. What would have helped prevent these attacks is a cyber-security solution that is capable of controlling all running processes, in every machine, connected to the network.
  • Revise staff policies and control systems in order to adjust the privacy requirements and adapt them to available technology.
  • Keep all operating systems and company devices updated.

To help the Healthcare sector stay ahead of cyber-crime, Adaptive Defense 360 offers complete security to fight off attacks. Adaptive Defense 360 provides everything that your company may need to remedy known vulnerabilities.

Download this whitepaper and learn how to avoid a “Cyber-Pandemic”, here:

Download

Check out our Cyber-Pandemic Infographic

 

 

 

The post Panda Security Dissects the “Cyber-Pandemic” appeared first on Panda Security Mediacenter.