The Guardian reported yesterday on a new legal threat for firms in the United Kingdom: huge fines for cyber security failures. Why would the government decide to add insult to injury? The goal is to force companies to get their act together.
Increasing pressure
We reported earlier on the rise of ransomware and noted just yesterday in our announcement of a ransomware protection app the massive costs to business these attacks can have. These attacks have also hit the National Health Service, causing significant disruption to public services. The UK government is now looking for ways to increase pressure on companies to implement preventive measures and improve processes of dealing with cyber attacks.
While bugs in code and their consequences are to some degree inevitable, there is a lot organizations can do to prevent their infrastructure from attacks and to react adequately once a breach has taken place. The goal of the new penalties is thus not to punish those who, despite all effort, get hacked. Rather, it is to increase the cost for those who decided not to invest in prevention and protection.
If, thus, a major cyber attack results in disruption to services such as transport, health or electricity, an investigation is started. If it is concluded that the victim of the cyber attack had failed to take measures to prevent or deal with security failures, a fine of up to 4% of yearly turnover can be given.
Notification of potential ransomware in Nextcloud
How to protect your business
This is merely another reminder of the growing threats businesses face. Picking the right technologies to depend on is the first and perhaps most important step in protecting your infrastructure.
Sadly, vendors are often hostile to security researchers reporting vulnerabilities. Many invest little beyond what gets them marketing attention.
Here are a few factors to consider to avoid such vendors:
Does the vendor develop its software in a secure way? A transparent process with security reviews of new designs, code reviews and use of pentesting tools all help avoid bugs in the process of writing code.
Have these processes been verified by an independent third party? It is worth downloading a report and flipping through it and checking what the conclusions were.
Is there a public Security Bug Bounty program with relevant payouts? On security platforms like HackerOne you can easily check statistics of responsivity and payments, giving you an idea of how serious a vendor takes security.
How is their security track record? Security mistakes are rarely heavily advertised but you can often find reports by independent researchers complaining their findings were not taken seriously. Or you find issues mentioned and discussed on prominent security lists like the famous Full Disclosure list. A search in the archives can be enlightening!
And a last point: encryption is great. Modern encryption cyphers are rarely broken. Instead, crypto is bypassed! Amazon’s Kindle and Samsung Galaxy protections were bypassed by replacing the key or remove the signature checking code. Bad development practices and a lack of security reviews isn’t fixed with encryption!
I love crypto, it tells me what part of the system not to bother attacking
Nextcloud ist die erste Cloud-Plattform, die mit dem Umweltzeichen „Blauer Engel“ ausgezeichnet wurde und damit beweist, dass eine digital souveräne und grüne IT möglich ist.
Wir stellen Nextcloud Talk „Munich“ vor - eine digital souveräne Open-Source-Kommunikationsplattform für hybride Teams, die eine starke Antwort auf die Clouds von Big Tech bietet. Jetzt noch resilienter, leistungsfähiger und einfacher in der Anwendung. Erfahren Sie mehr.
Willkommen bei Nextcloud Hub 10. Die neueste Version der Plattform bietet eine besserte Leistung für alle Apps, besser Integration Plattform und Dutzende neuer Funktionen, die Ihnen den Alltag erleichtern werden.
Unternehmen, ob klein oder groß, brauchen eine Möglichkeit, die Ausfallsicherheit und digitale Souveränität ihrer Abläufe zu gewährleisten - eine Open-Source-Alternative zu Teams, die die Privatsphäre respektiert. Und heute stellen wir diese Lösung vor - Nextcloud Talk.
Bechtle und Nextcloud kündigen heute eine vollständig verwaltete Kollaborationsplattform für den öffentlichen Sektor an, die keiner Ausschreibung bedarf und sofort bereitgestellt werden kann.
Our mission is to help individuals, businesses and organizations achieve digital sovereignty and regain control over their data. Nextcloud Hub 5 marks a massive step forward towards achieving this mission, putting the power of AI into your hands – in a way that keeps you in control. New release, new possibilities Hub 5 builds on […]
Passionate about data privacy and Nextcloud? We invite you speak at the Nextcloud Community Conference to share your experience, knowledge and news with the community!
Nextcloud announces new partnership with Thinkfree Office, a self-hosted office suite developed in South Korea, which is known for its ease of use. This collaboration is all about giving you more options, greater control, and a better user experience.
Wir speichern einige Cookies, um Besucher zu zählen und die Nutzung der Website zu erleichtern. Diese verlassen unseren Server nicht und dienen nicht der Verfolgung Ihrer online-Aktivitäten.
Weitere Informationen hierzu finden Sie in unserer Datenschutzrichtlinie. Anpassen
Statistik-Cookies sammeln anonym Informationen und helfen uns zu verstehen, wie unsere Besucher unsere Website nutzen. Wir verwenden cloud-gehostetes Matomo
Dienst:Matomo
Cookie-Beschreibung:
_pk_ses*: Zählt den ersten Besuch des Benutzers
_pk_id*: Hilft, die Besuche nicht doppelt zu zählen.
mtm_cookie_consent: Erinnert daran, dass der Nutzer seine Zustimmung zur Speicherung und Verwendung von Cookies gegeben hat.
Cookie-Ablauf:_pk_ses*: 30 Minuten
_pk_id*: 28 Tage
mtm_cookie_consent: 30 Tage