IT Security & Privacy

Danish Cyber Stress Test Spurs New Financial Sector Resilience Measures

A cyberattack that corrupts data presents a different kind of crisis from one that simply takes systems offline. Restoring servers is one challenge. Restoring confidence that the information inside them can still be trusted is another. Denmark's financial authorities chose that distinction as the foundation for a new operational resilience exercise whose conclusions reached well beyond the fictional attack itself.

EY Warns Frontier AI Is Exposing Enterprise Cybersecurity Blind Spots

For years, cybersecurity has rested on a bargain that most organizations scarcely questioned. Not every asset could receive the same level of protection, so security leaders concentrated their attention where the consequences of failure would be greatest. The systems most critical to the business became the crown jewels. Everything else received what time, people and budgets allowed. It was an imperfect arrangement, but for a long time it was a practical one.

Australian Telecom Providers Face New Transparency Requirements on Coverage & Network Outages

New rules introduced by the Australian Communications and Media Authority now require mobile network operators to publish standardized 4G and 5G coverage maps using four common ratings (good, moderate, basic and no coverage) alongside plain-English explanations of what each category actually means. The maps must be refreshed at least every three months, giving Australians a consistent basis for comparing competing networks.

The End of Point-in-Time Security

The most dangerous assumption in enterprise security is rarely the one anyone remembers making. It settles quietly into the organization, becoming less a decision than a background condition, until eventually everyone begins treating a moment in time as though it were a durable fact. A system was patched, supplier was assessed, and administrator's access was reviewed. The penetration test found nothing significant and the audit closed without material findings. The evidence exists, neatly timestamped and carefully preserved, carrying all the reassuring weight that documentation has always carried. Then the environment changes around it and almost never dramatically.

Greek Privacy Regulator Orders Hotels to Stop Copying Guest IDs & Payment Cards

Hotels have always occupied an awkward place in the privacy conversation. They are, by necessity, temporary custodians of strangers. Every day, people hand over names, identification, payment details, travel plans, and, for a night or a week, a remarkable amount of trust. The transaction has always depended on a simple understanding that you collect what you need, protect it while you have it, and let it go when you no longer do. Somewhere along the way, some establishments decided that making copies of passports, identity cards, and even both sides of customers' credit cards was simply part of doing business.

Europe Signals Its Cloud Crackdown May Be About to Get Much Bigger

The European Commission has taken a step that would have seemed improbable when the Digital Markets Act first came into force. It has told Amazon and Microsoft that it preliminarily believes their cloud businesses (Amazon Web Services and Microsoft Azure) should be designated as gatekeepers under the DMA, even though neither service meets the law's standard quantitative thresholds.

Australian Privacy Commissioner Draws a Line on Tracking Pixels & Health Data

Two privacy determinations released Thursday by the Australian Privacy Commissioner found that health service providers Medmate and Monash IVF interfered with individuals' privacy through their use of third-party tracking pixels. The decisions conclude a year-long investigation by the Office of the Australian Information Commissioner into how the two companies collected information from visitors to websites offering telehealth and fertility services.