IoT security is a growing concern when developing connected devices and bringing them to market. However, there is presently a lack of clarity about the different regulations and requirements to respect, as many actors are working simultaneously on certifications, laws and/or standards. To help you figure this out, we’re presenting you very briefly some of the main legal requirements and standards currently in force that apply to consumer IoT devices.
From the too many cyberattacks 2019, we’ve summed up 5 insights: here is our year in review.
We are happy and proud to share with you that we are now officially a CREST accredited company for penetration testing.
This accreditation demonstrates our commitment to
offer high level of professional penetration testing services. It certifies
that Vaadata respects appropriate processes and procedures for conducting
penetration testing and for the protection of its client information.
Vaadata is a startup specialising in penetration testing. We are looking for a pentester (f/m) to join our team!
Who are we?
2018 is just finished and we decided to look back at it. From the many news that did the headlines this year, we’ve summed up 8 main elements about 2018. Here’s our year in review for web security.
1/ So many data breaches
Figures for 2018 are not known yet, but already on the first half were 944 data breaches listed (source). Despite raising awareness on cybersecurity, data breaches are still numerous.
In some cases, data compromised went further than the “classic” email / password / credit card number loss: For example, Marriott breach included passport numbers, the Aadhaar breach biometrics data… It has a major impact on the people whose data were compromised, and on the image of the companies concerned.
Here are the sources of the statistics used on our website:
77% of organisations in the world were victimized by one (or more) successful cyberattack in 2017.
2018 Cyberthreat Defense Report. Cyberedge Group. (p. 3)
48% of breaches featured hacking.
2018 Data Breach Investigations Report. Verizon. (p. 5)
Vaadata is a start-up, specializing in web, mobile and IoT security. We are looking for two ethical hackers (pentesters) to join our team!
Who are we?
– A dynamic start-up and a hacking techniques specialist
– A small and fun team, with people who like freedom, unlike big companies’ corporate spirit
– An innovative company that provides time for technology watch and creativity
Who are we looking for?
– An experienced pentester OR a developer with security skills
– A passionate about hacking with experience on one (or more) of the following topics : web applications, mobile applications, connected devices, social engineering
– Versatile, resourceful, with a « hands on » attitude
– With a strong motivation for a start-up adventure within a cohesive team
– Able to work in English (a work experience in an international environment would be perfect) / native English is even a plus
What is the job?
2018, year when the CEBIT reinvents itself to become a digital fair-festival. Let’s have a look black on that event where we were.
A Brand-new CEBIT
Existing since 1986, the CEBIT had its best years in the 1990s-2000s. There were then up to 6,500 exhibitors and 800,000 visitors.
Declining since, the CEBIT chose to transform into a fair-festival. Classic exhibition stands stay in the halls, meanwhile an open-air area in the middle of the exhibition grounds is dedicated to the festival. We can find there a Ferris wheel (SAP), a cloud lifter (IBM), a surf wave (INTEL), … various food trucks and concerts in evenings.
Cyberattacks regularly did the news in 2017. It keeps going in 2018, from the Olympic Games to the record-breaking DdoS attacks (for those who missed the news: memcached reflection attack). This gives the impression that there are more and more cyberattacks, and that they are bigger and bigger. But actually, what is the situation?
We have put together some 2017 interesting statistics related to cybersecurity, focusing on data related to our speciality: penetration test on web platform, mobile applications and IoT.
At a Glance
Two main points are to notice:
- 77% of organisations in the world were victims at least once of a successful cyberattack in 2017. (1)
- On average, attacks are discovered after more than 6 months (191 days!) and corrected after more than 2 months (66 days). (2)
What is the GDPR?
In one year from today, the General Data Protection Regulation (GDPR) will be enforced in the European Union. This new regulation aims at unifying everything that had been done until now in terms of data protection in the EU, but also goes one step further with the sanctions for unlawful companies, and broadens the definition of private data.
The sanctions for companies that do not respect the GDPR should be dissuasive enough with fines that could reach 4% of the global turnover up to €20 million. Europeans company are not the only one that could be penalized by the EU, as any company dealing with personal data of European citizens will have to comply with the GDPR.
The article 4(1) of the GDPR defines personal data as: « an identifier such as a name, an identification number, location data, online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that person. » For example, under the category ‘online identifier’ fall the IP addresses or the navigation cookies, which were not considered before as personal data. Companies using data will need a “freely given, specific, informed and unambiguous” consent from the users (Art.4(11)). In practice companies will have to thoroughly explain to their users what will be done with their data.
Why is it important for companies?
This new regulation should have a positive impact on consumers and internet users. Trust being a fundamental criterion for people buying on an e-commerce platform or using online services, knowing that the website falls under the GDPR should reassure users. The whole web industry should then benefit from a better image. It could even be relevant for companies to communicate on the fact that they are compliant with the regulation and to explain to their users what it implies. This would surely be a competitive advantage for companies that are being proactive on the cybersecurity topic. Indeed, the GDPR also states that any data leaks must be reported to its users within 72 hours. Rather than a threat for companies’ reputation, this should be seen as an opportunity to level up their security level and processes.
What about users?
The GDPR will give to individuals a better control onto their data. This means that for any service they will use, they will be able to ask for their data and demand their destruction. Another benefit for European citizens is that they won’t have to worry about the nationality of a company before using its services. Indeed, all companies dealing with data from European citizens will have to comply with the GDPR regardless of whether they are based in Europe or not. This does not only benefit the individuals, but also European companies that could have feared unfair competition from outside the EU.