The National Commission for Computing and Liberties has announced that it has given formal notice to 15 websites for faults or breaches in cybersecurity. The pinned sites are not revealed and thus escape public reprobation.
However, the Cnil indicates that it has inspected 21 French organizations in the public and private sectors in 2021. It is within the framework of these inspections that fifteen organizations were put on notice, with a period of three months for compliance.
The security problems pointed out are significant with defects in data encryption, management and security of user accounts.
Notifications on the rise for the CNIL
Among the examples cited, unsecured access to a site due to obsolete versions of the TLS protocol, non-compliant certificates for exchanges between servers. For user accounts, the Cnil emphasizes the absence of devices to trace abnormal connections to servers, the use of weak passwords, renewal procedures without sufficient security.
It turns out that such security flaws are also those most often observed by the CNIL during its inspections.
In 2021, the CNIL received 5,037 personal data breach notifications, with an increase of 79% compared to 2020 and an average of nearly 14 notifications per day. With over 2,150 notifications, breaches resulting from a ransomware attack represent 43% of the total volume of notifications.
.
The post the Cnil has given formal notice to 15 websites appeared first on Gamingsym.