Trustwave SpiderLabs Uncovers Ov3r_Stealer Malware Spread via Phishing and Facebook Advertising. Learn More

Trustwave SpiderLabs Uncovers Ov3r_Stealer Malware Spread via Phishing and Facebook Advertising. Learn More

Services
Capture
Managed Detection & Response

Eliminate active threats with 24/7 threat detection, investigation, and response.

twi-managed-portal-color
Co-Managed SOC (SIEM)

Maximize your SIEM investment, stop alert fatigue, and enhance your team with hybrid security operations support.

twi-briefcase-color-svg
Advisory & Diagnostics

Advance your cybersecurity program and get expert guidance where you need it most.

tw-laptop-data
Penetration Testing

Test your physical locations and IT infrastructure to shore up weaknesses before exploitation.

twi-database-color-svg
Database Security

Prevent unauthorized access and exceed compliance requirements.

twi-email-color-svg
Email Security

Stop email threats others miss and secure your organization against the #1 ransomware attack vector.

tw-officer
Digital Forensics & Incident Response

Prepare for the inevitable with 24/7 global breach response in-region and available on-site.

tw-network
Firewall & Technology Management

Mitigate risk of a cyberattack with 24/7 incident and health monitoring and the latest threat intelligence.

Solutions
BY TOPIC
Microsoft Exchange Server Attacks
Stay protected against emerging threats
Rapidly Secure New Environments
Security for rapid response situations
Securing the Cloud
Safely navigate and stay protected
Securing the IoT Landscape
Test, monitor and secure network objects
Why Trustwave
About Us
Awards and Accolades
Trustwave SpiderLabs Team
Trustwave Fusion Security Operations Platform
Trustwave Security Colony
Partners
Technology Alliance Partners
Key alliances who align and support our ecosystem of security offerings
Trustwave PartnerOne Program
Join forces with Trustwave to protect against the most advance cybersecurity threats

International Data Privacy Day 2023: New Regulations on the Horizon

The International Association of Privacy Professionals (IAPP) has partnered with the National Cybersecurity Alliance to promote International Data Privacy Day 2023 on January 28, an event dedicated to teaching everyone from major enterprises to the average Internet user how to protect their sensitive personal information.

The importance of consumer-level data privacy is reflected in the growing number of laws and regulations being put in place worldwide, with the United States set to put no less than five separate data privacy laws in place in 2023.

In the Asia/Pacific region, the Attorney General of Australia in December 2022 stated that nation’s privacy laws are out of date, and he will recommend an overhaul of Australia’s Privacy Act take place in 2023. Additionally, the New Zealand government is considering potential changes to the notification rules for collecting personal information under the Privacy Act 2020. The proposed changes would broaden the Act’s requirements for an individual to be notified when an agency collects their personal information indirectly through a third party.

Businesses of all sizes must not only be aware of the new regulations coming on the books, but also need to take steps to ensure their data is properly protected.

And there is no better day to set aside some time to review these plans than Data Privacy Day. The IAPP offers classes and certifications to:

  • Reduce the risk of a data breach by making privacy a shared business objective
  • Improve decision-making among employees who handle data
  • Facilitate collaboration and communication across departments
  • Demonstrate your commitment to privacy and data protection to customers, partners, regulators and staff.

In addition, the National Cybersecurity Alliance offers a wealth of information on this important subject, and Trustwave has services and solutions that can help your organization with data privacy needs.

  • Emphasize employee education. Protecting data starts with empowering your employees, so that they know how to practice good security hygiene and how to protect themselves (and your business) from the most common cyber-attacks, like phishing, business email compromise, and other exploits that specifically target the human element. It’s also important to note that Security Awareness Educationtraining and policies are mandatory for most organizations for compliance reasons. Dive deeper into this subject with this blog post on CISO data solutions, this infographic on essential cybersecurity tips, and this data sheet on cybersecurity education.   
  • Map out your data storage. Modern organizations, especially enterprise level organizations, are dealing with ever growing data sprawl. As the 2020 Trustwave Data Security Indexshowed, most organizations are moving their data into a hybrid cloud/on-premises storage model, with multiple cloud providers. A special concern exists for organizations that either have or will go through a merger or acquisition, as legacy data concerns frequently occur. Learn more about data risk mitigation, the risks of hosting data in the cloud, and check out this infographic which shows the 5 ways attackers will try to get to your data.
  • Recognize the hidden weaknesses. Most organizations don’t realize that partners and vendors typically have no responsibility for protecting your data. A common misconception is that cloud providers share liability for data protection: they do not. Even the major providers, like Google, Azure, and AWS, have no responsibility in the case of a breach – and a common vulnerability that Trustwave SpiderLabs researchers often uncover is from organizations relying on default cloud server settings. Another all-too common hidden vulnerability results from sloppy or slow database patching practices. Learn more about how to recognize your data weak spots with this webinar on patching practices and this infographic on testing your data security.
  • Remember that less is more. Since every piece of data you collect adds to your potential risk, the simplest way to mitigate that risk is to only collect data that you absolutely need. Many organizations are also beginning to consider when it’s appropriate to actually destroy unnecessary data – which is also a consideration in certain compliance situations. Additionally, organizations should always adhere to the principle of least privilege,so employees only access the data they need to perform their jobs. Regularly reviewing user privileges is also vital. Dig deeper into this topic with this interview on the changes occurring in data security.

The most important strategies for protecting data is having a program in place to detect and respond to breaches – which is why so many organizations are turning to managed threat detection and response solutions.

 

Latest Trustwave Blogs

Unlocking Cyber Resilience: UK’s NCSC Drafts Code of Practice to Elevate Cybersecurity Governance in UK Businesses

In late January, the UK’s National Cyber Security Centre (NCSC) issued the draft of its Code of Practice on Cybersecurity Governance. The document's goal is to raise the profile of cyber issues with...

Read More

Defending Healthcare Databases: Strategies to Safeguard Critical Information

The healthcare sector continues to be a primary target for threat actors, with 2023 seeing a record number of data breaches and compromised records. While successful attacks are inevitable, it’s...

Read More

Trustwave SpiderLabs: Ransomware Gangs Dominate 2024 Education Threat Landscape

The security teams manning the defenses at the higher education and primary school system levels often find themselves being tested by threat actors taking advantage of the sector's inherent cyber...

Read More