Connect with us

Market Research

Number of GDPR Fines Surge by 113% in a Year Despite Strict Regulations: Report

Published

on

European regulators are increasingly focusing on implementing the General Data Protection Regulation (GDPR) with a spotlight on organizations. The focus has also resulted in the unearthing of more violations alongside increased fines.

Data acquired by Finbold indicates that the cumulative number of GDPR violations has surged 113.5% over the last 12 months between July 2020 and July 2021. Last year, the number of fines was 332, rising to 709 in 2021. Over the same period, the number of fines imposed by EU regulators for the violations spiked 124.92%. In July last year, the cumulative fines stood at  €130.69 million, growing to €293.96 million.

Among the specific fines, big tech companies dominated with Google accounting for the biggest share of fines at €60 million as of July 18th, 2021. The fine was imposed by French regulators. Google Ireland ranks second with €40 million in fines while H&M Hennes &Mauritz OnlineShop from Germany is third at €35.26 million. The fines are based on GDPR Enforcement Tracker and Finbold’s GDPR Fines 2020 report.

The rising fines over the last year highlight the improved ability by regulators to detect instances of personal data violation. Additionally, it also shows the power bestowed on consumers who are increasingly able to report situations of data violations. Furthermore, it also highlights the urge by regulators to protect consumers considering that the GDPR law is relatively new.

The fines and violations continue to grow when European regulators are increasingly showing their willingness to use their enforcement powers. At the same time, the regulators are adopting strict interpretations of GDPR laws leading to possible heated legal battles that might span over the years.

Furthermore, some of the imposed fines are not always paid as required. Some of the companies sometimes launch appeals leading to either scraping off the fines or reducing them.

Worth mentioning is that the GDPR rules are supposed to be applied in uniform to all adhering countries. However, different nations have emerged to adopt various approaches in implementing the laws.

Notably, the fines and cases increased, and some regulators showed some leniency due to the coronavirus pandemic. Some of the notable high-profile fines were lowered as companies experienced financial hardship.

In recent months, enforcement actions relating to GDPR’s restrictions have highly focused on the transfers of personal data. Notably, big tech companies have been on the receiving end due to their influence in the market.

Due to the lack of varied choices in the market, these companies have remained dominant, exerting undue influence and control over their customer bases and the data they collect in exchange for the use of their services.

Furthermore, telecom companies have also been hit by some of the biggest fines. These organizations are regularly accused of deliberately misusing personal data to gain a financial and competitive advantage.

In general, both the tech and telecom sectors are heavily data-driven and are involved in large-scale data processing. Furthermore, most customers are concentrated among just a few players whose churn rates are low. This situation leads to companies being complacent about compliance because customers have stuck with them due to a lack of choice.

The fines also point to the veracity of the situation in the absence of the laws. However, the hefty fines are enabling businesses and organizations to prioritize data protection. Furthermore, the fines are helping regulators in Europe set the blueprint for the rest of the world in managing data violation cases.

There is also a need to uphold best practices like having information governance programs that do not promote unnecessary collection or retention of personal data.

Cyber Security

MENA Region Sees Surge in Managed Security Services Adoption, Says SearchInform

Published

on

SearchInform, the leading information security and risk management solutions vendor, has conducted an extensive survey among organizations in the Middle East and North Africa (MENA) region to assess their approach to information security. The results show a significant shift towards outsourcing security functions, with nearly 70% of organizations either already using Managed Security Services (MSS) or planning to do so shortly.

This survey involved business executives, information technology and security (IT, IS) professionals, and Chief Information Security Officers (CISOs) from both public and private sectors. The research aimed to evaluate the current state of corporate protection and identify priorities in ensuring information security amid the region’s unique challenges. Notably, 80% of respondents reported an increase in their information security budgets over the past year, reflecting a growing recognition of the need for robust security measures. Only 22% of respondents reported budgets haven’t changed, no one reported a decrease in budgets.

SearchInform’s findings indicate that while many organizations have implemented basic cybersecurity measures such as Antivirus, Next-Generation Firewalls (NGFW), Intrusion Detection Systems (IDS), Intrusion Prevention Systems (IPS) and Endpoint Protection Systems (EPS); there is still a significant gap in the deployment of more advanced systems like Data Loss Prevention (DLP) and Security Information and Event Management (SIEM). These tools are critical for real-time monitoring and internal threat protection, yet only 29% of companies have implemented DLP, and a mere 5% have adopted SIEM systems.

Lev Matveev, Chairman of the Board of Directors at SearchInform, commented on the survey results, stating, “The increasing reliance on MSS highlights the ongoing shift in how organizations are approaching their cybersecurity needs. Outsourcing provides access to specialized expertise and technology, which is particularly vital in regions facing a shortage of skilled information security professionals.”

The research also revealed that internal threats are coming to the fore. More than half of respondents admitted experiencing one or more information security incidents, caused by insider actions. “To effectively combat internal threats, increasing the cybersecurity literacy of employees will reduce the risk of undesirable incidents. The second measure is the implementation of protective solutions that help prevent both accidental and deliberate incidents, such as data leaks, corporate fraud cases, theft, kickbacks and bribery, illicit access to confidential data, etc. In this regard, the integration of DLP and DCAP systems is necessary. DCAP-class systems that perform corporate file system analysis, classify data stored in the organization, handle the task of distributing access rights, and prevent the risk of data leakage and misuse at the initial stage. These are important components of the protective system, and the concept of DCAP systems is highly recommended by Gartner experts,” Matveev commented.

As the demand for MSS continues to grow, SearchInform’s local subsidiary in the UAE has seen strong interest from both businesses and governmental organizations, underscoring the importance of managed services in addressing the region’s complex security challenges. The global MSS market size is expected to grow from USD 30.6 billion in 2023 to USD 52.9 billion by 2028, with a Compound Annual Growth Rate (CAGR) of 11.5%.

Continue Reading

Cyber Security

Positive Technologies: 16% of Darkweb Listings Involve Middle Eastern Organisations

Published

on

In 2024, cyber criminals have shifted focus from personal data to stealing company credentials and trade secrets. One in six listings (16%) on the dark web featuring stolen government data involves organizations in the Middle East. This insight comes from Positive Technologies’ first study on data breaches in Russia, the Middle East, and globally. Their experts reviewed over 1,000 dark web listings and 700 public incident reports from the first half of 2024 worldwide.

Credential leaks from organisations hit a record high of 21% in the first half of 2024, up 9 percentage points from last year. The theft of commercial secrets and restricted information rose to 24% in the first half of 2024, an increase of 10 percentage points compared to the same period in 2023. Meanwhile, personal data theft incidents returned to pre-peak levels: dropping to 2022 levels in Q1 2024 to 37%, and then falling to 25% in Q2 2024.

In the first half of 2024, the industrial sector (39%), government agencies (36%), and transportation companies (29%) continued to lead in the share of leaks of commercial secrets and other restricted information. Notable victims include Hyundai Motor Europe and Volkswagen, with the latter losing documents on electric vehicle technology. IT companies are also at risk, with breaches involving internal processes and products accounting for 29% of incidents. In 2024, hackers allegedly accessed the source code of some Apple and AMD software.

Stolen credentials are often used for further attacks on these companies’ clients, primarily government organizations. Credential compromise is typically a step before more severe actions, such as theft of funds or system disruption. Ransomware was used in nearly a third of successful breaches involving data leaks. Dark web listings for government data heavily feature Middle Eastern countries (16%), with Asia (33%) in the lead, followed by Latin America and the Caribbean (18%). These regions are targeted by APT groups, mainly focusing on the public sector. Positive Technologies’ research on APT groups in the Middle East and Southeast Asia provides more details.

“Credentials are frequently sold on dark web forums, a key revenue source for cybercriminals. In March, access to a prominent UAE Bank’s website was listed for $10,000. The rise in these leaks is evident on the dark market—forums now offer access to dozens or hundreds of companies per post. In April, a listing was posted offering access to the infrastructure of 16 companies from various industries across Latin America, the Middle East, Europe, and Asia, with prices ranging from $250 to $5,000. According to the listing’s authors, these firms’ revenues range from $4 million to $2.8 billion. For instance, a UAE-based consumer electronics company with $6.5 million in revenue had its data valued at $400. In June, another listing offered credentials for over 400 companies, including access via Jira, GitHub, and GitLab,” notes Anna Golushko, Senior Analyst at Positive Technologies.

The number of dark web ads offering free information is nearly double those selling it (64% vs. 33%). This is because not all attackers aim to sell data; many demand ransom not to disclose it, though not all victims pay. In the first half of 2024, government organizations were often targeted specifically to steal personal data. More than half of ads on the dark web are priced under $1,000. Every tenth ad belongs to the most expensive category at $10,000 or more.

The most expensive offers (over $50,000) involve major financial institutions, retail giants, and IT companies. In Q2 2024, EDR developer Cylance suffered a cyberattack, resulting in 34 million emails and an unspecified volume of customer and employee data being sold for $750,000. Positive Technologies analysts highlight that every second successful attack on organizations in H1 2024 resulted in the leakage of confidential data. The largest number of incidents occurred in government agencies (13%), IT companies (12%), and industrial companies (11%).

Preventing data leaks requires a comprehensive approach, including tools to protect user devices, corporate networks, and the data itself. As corporate data infrastructures evolve into complex systems that are constantly changing rapidly, a unified solution is essential to safeguard information, regardless of its complexity or location.

Continue Reading

Cyber Security

Gartner Forecasts Global Information Security Spending to Grow 15% in 2025

Published

on

Worldwide end-user spending on information security is projected to total $212 billion in 2025, an increase of 15.1% from 2024, according to a new forecast from Gartner, Inc. In 2024, global information security end-user spending is estimated to reach $183.9 billion.

“The continued heightened threat environment, cloud movement and talent crunch are pushing security to the top of the priorities list and pressing chief information security officers (CISOs) to increase their organization’s security spend,” said Shailendra Upadhyay, Senior Research Principal at Gartner. “Furthermore, organizations are currently assessing their endpoint protection platform (EPP) and endpoint detection and response (EDR) needs and making adjustments to boost their operational resilience and incident response following the CrowdStrike outage.”

The adoption of AI and generative AI (GenAI) continues to increase investments in security software markets like application security, data security and privacy, and infrastructure protection. Through 2025, GenAI will trigger a spike in the cybersecurity resources required to secure it, leading to an expected 15% increase on security software spending (see Table 1).

Since the release of GenAI, attackers are increasingly employing tools along with large language models (LLMs) to carry out large-scale social engineering attacks, and Gartner predicts that by 2027, 17% of total cyberattacks/data leaks will involve generative AI.

As organizations continue to move to the cloud, Gartner analysts expect an increase in cloud security solutions, and the market share of cloud-native solutions will grow. The combined cloud access security brokers (CASB) and cloud workload protection platforms (CWPP) market is estimated to reach $8.7 billion in 2025, up from the forecasted $6.7 billion in 2024.

The global skills shortage in the cybersecurity industry is a major factor driving investment in the security services market (security consulting services, security professional services and managed security services) which is expected to grow faster than the other security segments.

In the Middle East and North Africa (MENA) region, end-user spending on information security is forecast to total $3.2 billion in 2025, an increase of 14% year on year (see Table 2).

“The continued growth in security spending in the MENA region is primarily driven by the constantly evolving regulatory environment and the rise in cyberattacks,” said Upadhyay. “Furthermore, digitalization and cloud migration are broadening the threat landscape for enterprises. Consequently, CISOs in the region are focusing on ensuring compliance with rapidly changing regulatory and privacy frameworks, countering persistent threats as well as addressing C-suite and board-level executives’ concerns on organizational resilience and cybersecurity posture.”

Continue Reading
Advertisement

Follow Us

Trending

Copyright © 2021 Security Review Magazine. Rysha Media LLC. All Rights Reserved.