The week in security: Everybody wants a piece of PII – but do you have the skills to cut it?

You’ve been hearing about the need to protect personally identifiable information (PII) for years now, but things are set to get real in 2018 as data-breach notification laws and EU GDPR regulations impose tough compliance controls on companies from Australia to Zimbabwe.

Amazon Web Services did its part, adding some clear labelling to its AWS S3 console after an Australian breach compromised the PII of nearly 50,000 people.

Yet many small businesses struggle to embrace the kind of data-protection platforms that this regime requires. Adelaide firm OpSys has taken a novel approach, repackaging an enterprise-grade security visibility tool for measured consumption by Australian SMEs.

Another Australian monitoring provider, Sinefa, is capitalising on the growing nexus between compliance and visibility by expanding its operations to San Francisco in a bid to consolidate its position in the massive US market.

Tools are one thing – but without staff to operate them, you’re still going to struggle. New figures suggest the “pervasive and ominous” cybersecurity skills gap is only getting worse – so it’s well past time to start considering alternative sources of skills.

One place that isn’t wanting for skills is North Korea – which, despite its designs on becoming a nuclear state, is actually proving more threatening as a base for malicious-minded hackers that are, some reports suggest, generating more than $1 billion per year from all manner of malware attacks.

Google plugged the KRACK Wi-Fi security flaw in its November Android patch, while Microsoft was offering guidance for users to disable DDE (Direct Data Exchange) features that facilitated the Fancy Bear malware.

Tags compliance securityAmazon Web Services (AWS)PIIGDPR (General Data Protection Regulation)

Show Comments