RiskIQ adds GDPR analytics feature to its Digital Footprint service
The company’s analysis of major US banks reveals that 68% are not GDPR-compliant.
Security software company RiskIQ has added a new PII/GDPR analytics feature to its Digital Footprint product to help companies identify data collection that is not in compliance with the General Data Protection Regulation (GDPR).
Addition of the analytics feature comes on the heels of RiskIQ’s own assessment of external data security threats to companies in the US and Europe.
To assess the threats, RiskIQ applied advanced internet reconnaissance and analytics to companies with a broad digital footprint. They searched each company’s entire portfolio of assets just as a bad actor would, looking for security risks that could be exploited or that were in breach of the GDPR.
Its analysis of Europe’s top 30 companies found that 33 percent had web pages that collected EU personal data in violation of GDPR. Similar analysis conducted on 25 of the 50 largest US banks discovered that 68 percent had significant security gaps in Personally Identifiable Information (PII) collection.
The sheer number of web-facing assets collecting data under the umbrella of a large brand can pose a security risk for large and multinational companies, RiskIQ Chief Marketing Officer Scott Gordon told me. In the company’s analysis of the 30 top European companies, they found almost 100,000 web-facing pages.
RiskIQ’s review of the banks’ data security revealed an average of 1,891 insecure login forms; 1,663 pages collecting PII insecurely; 1,326 EU first-party cookie violations; and 1,265 EU third-party cookie violations.
“One problem that large companies have is that they don’t have an accurate understanding of all web-facing assets. For multinational companies, there are any number of microsites, apps, promotions — most managed by third parties. It can be a challenge to get an accurate accounting of everything,” Gordon said.
Once the risks to GDPR are assessed, RiskIQ sends mitigation recommendations to their clients. Digital Footprint automates some mitigation for other security risks like malware, phishing and fake social media profiles.
With the May 2018 deadline for GDPR compliance fast approaching, expect to see more third-party compliance tools and services rolling out.