LondonLovesBusiness – Talk Talk fined again after customer data breach

londonlovesbiz-logoTalkTalk has been fined £100,000 for failing to protect 21,000 of its customers data, and putting it at risk by allowing contractors to access it.

Jason Hart, CTO, Data Protection at Gemalto and former ethical hacker said it is the important to punish businesses that fail to protect their customers’ data. He said: “This fine should serve as a warning to all other companies that they need to ensure they are protecting their customers’ data.

“GDPR is just around the corner, so this is likely to be just the start of things and we’ll soon start to see what the real picture of cybersecurity is like throughout Europe. If businesses are not protecting data at its source they will no longer be able to hide any breaches that occur and ultimately deserve to be fined.”

To read the full article click here.

GDPR:Report – HBO has suffers a “cyber incident” leaking a Game of Thrones episode

gdprreport-logogHBO was victim to a “cyber incident”, which has resulted in the theft of a Game of Thrones episode and other data.

On Tuesday anonymous hackers leaked HBO data to the website “winter-leaks.com” however it was inaccessible by Wednesday. The hackers claimed to have stolen 1.5 terabytes of data from the network’s servers.

Jason Hart, CTO, Data Protection at Gemalto and former ethical hacker said on the incident:

“Broadcasters face a unique threat. Due to the nature of the industry, hackers have the opportunity to access data as it is transmitted between multiple data centres, and so they require solutions to help encrypt their high-value TV transmissions – without interfering with the audience’s viewing experience. These specialised solutions, such as high-speed encryption, will help ensure that broadcasters are protecting their IP in an age of increased piracy and data theft.

“HBO now joins a list of other Hollywood victims of crime such as Netflix and Sony. This incident is another reminder that broadcasters must invest in fundamental security controls and practises – encryption, key management and two-factor authentication – to control access to highly sought-after content and protect it in the event that a breach takes place.”

To read the full article click here.

eSecurity Planet – HBO Hack Highlights Importance of Encryption, Data Governance

esp_logo1.5 TB of data, including unreleased episodes of upcoming shows, was stolen and leaked online.

Gemalto CTO of data protection Jason Hart said by email that broadcasters in particular face a unique threat. “Due to the nature of the industry, hackers have the opportunity to access data as it is transmitted between multiple data centers, and so they require solutions to help encrypt their high value TV transmissions — without interfering with the audience’s viewing experience,” he said.

“HBO now joins a list of other Hollywood victims of crime such as Netflix and Sony,” Hart added. “This incident is another reminder that broadcasters must invest in fundamental security controls and practices — encryption, key management and two-factor authentication — to control access to highly sought-after content and protect it in the event that a breach takes place.”

To read the full article click here.

Game of Threats: It’s Time for a New Data Security Script

game-of-threats-imageHBO now finds itself among a growing list of Hollywood data breach victims, joining Netflix and Sony, to have some very serious intellectual property stolen by hackers – their programming content. One would think media companies would defend their most sensitive assets like banks do with financial data. That does not seem to be the case here. There’s an explanation for that, which I will get to shortly. But let me start with some context.

This data breach comes just as HBO has released the seventh series of Game of Thrones. For the first six seasons, it’s been somewhat easy to predict what might happen because readers of George R. R. Martin’s books knew the general storyline. Season seven is different. There’s no book to provide a script. This time around, viewers are all flying blind – with the exception of a few clues that may foreshadow the events of this new season. (Of course, this could now change because of the breach, but .)

This is kind of how IT and security teams find themselves today when it comes to protecting their data and networks from hackers and other threats. It’s a new Game of Threats and there’s no script to follow. There’s so much data to defend, the attack surfaces have increased and the threat vectors are too large to stay on top of. Security teams can no longer rely on what traditional strategies have told them in order to predict how best to defend their networks and what is most critical – their data. The script they have followed –breach prevention – is a thing of the past just like medieval history and the dodo bird.

Much like the castles of Dragonstone, Riverrun and Winterfell that were built to protect the great houses in the Game of Thrones, today’s security teams continue to rely on defending the perimeter as the foundation of their strategy. Build walls and moats, set up sentries to keep guard and monitor who gets in (or not) with the right password or credentials. Even as the threats and technology landscape has changed dramatically, this is the essence of security practiced today. But just like the first (and second) Siege of Riverrun, castles and perimeter defenses can easily be compromised and taken control of by outsiders.

Breach prevention (as a foundational strategy) is dead. Relying on perimeter security as the principle means of protecting sensitive information is a fool’s errand. Instead, companies should stop pretending they can prevent a perimeter breach. They should accept this reality and build their security strategies accordingly. They need to learn how to best secure the breach and adopt cybersecurity situational awareness.  It is impossible to protect everything by building bigger walls and adding more guards to detect attacks. Deploy layered defensive strategies that enable them to protect what matters most, where it matters.

In 2017, companies will spend $90 billion on information security worldwide, up nearly eight percent from last year. Most of this is being spent on prevention, detection and response products and services. Now let’s weigh that against how effective this has been. According to the Breach Level Index, in 2016 there were more than 1.4 billion data records stolen which was up 86% versus 2015. So, one might say companies are not making very good investments with their IT budgets. You know the saying made famous by Albert Einstein that the definition of insanity is doing the same thing over and over again and expecting different results? It applies very well with how data security is done today.

It’s time for a new data security mindset. One that shifts from breach prevention to breach acceptance and is focused on securing the breach. This Secure the Breach manifesto is something we have been saying for five years. Companies need to move their security controls as close as possible to the data and users accessing that data because perimeter security controls do not protect data. By embedding protection on the assets themselves you ensure that even after the perimeter is breached, the information remains secure. By implementing a three step approach – encrypting all sensitive data at rest and in motion, securely managing and storing all of your encryption keys, and controlling access to apps and authentication of users – you can effectively prepare for a breach. That way, you can Secure the Breach and more effectively defend your company in the Game of Threats.

Protect what matters, where it matters – Discover how at Secure the Breach.

This post also appears on the Gemalto Enterprise Security Blog here.

 

eSecurity Planet – Massive Breach of Swedish Citizens’ Data Points to Desperate Need for Risk Management

esp_logoVehicle registration data for every Swedish citizen was exposed — including those under witness protection.

“It is clear that there is a divide between organizations’ perceptions of the effectiveness of perimeter security and the reality,” Gemalto vice president and chief technology officer for data protection Jason Hart said in a statement. “By believing that their data is already secure, businesses are failing to prioritize the measures necessary to protect their data.”

To read the full article click here.

Payments Cards and Mobile – Data Breaches Increase 86 Percent Year on Year

pcm-logo-web-2017Almost 1.4 billion data records were compromised in 2016 as hackers targeted large-scale databases across industries, a Gemalto report found. The 2016 Breach Level Index revealed that there were 1,792 data breaches worldwide last year, an increase of 86 percent on 2015.

“Hackers are casting a wider net and using easily-attainable account an identity information as a starting point for high volume targets,” says Jason Hart, vice president and chief technology officer for data protection, Gemalto. “Fraudsters are also shifting from attacks targeted at financial organisations to infiltrating large databases, such as entertainment and social media sites.”

To read the full article click here.

In 2016 Data Breaches Got Personal. That Means: YOU

itspmagSince 2013, Gemalto’s Breach Level Index (BLI) has been used to track data breaches and measure their severity based on multiple dimensions, including number of records compromised, types of data, breach sources, how data was used and whether it was encrypted. The findings are released annually and each year seems to have unique trends. For instance, 2015 attacks focused on well-known consumer websites and shed light on the need for stronger security as the Internet of Things began to take off.

2016 was no exception.

To read the full article click here.

Compliance Insights – 2016: A Record Year for Data Breaches

cci-logo3When it comes to data security breaches, 2016 was yet another year that many governance, risk and compliance (GRC) executives will not remember fondly. The year saw almost 1.4 billion data records lost or stolen, up 86 percent from 2015, according to a comprehensive analysis of security breaches conducted by Gemalto through data collected in its Breach Level Index (BLI). Every year seems to have its own unique trends when it comes to data security breaches, and 2016 was no exception. Here are the key takeaways for the GRC community:

To read the full article click here.

Network World – Data breaches: It’s still personal

network wordThe recent Breach Level Index found that 1,792 data breaches led to almost 1.4 million data records being compromised worldwide, an increase of 86% compared to 2015.

In a blog post last September, I highlighted how data breaches for the first half of 2016 shifted from stolen credit card data and financial information to the theft of something much more personal—identities. Unsurprisingly, this trend continued throughout the remainder of the year.
To read the full article click here.

eSecurity Planet – Shoney’s Restaurants, IHG Hotels Hit by Credit Card Breaches

esecurityplanetA pair of separate credit card breaches were recently confirmed at 37 Shoney’s restaurants and at hundreds of InterContinental Hotels Group (IHG) hotels across the United States.

Gemalto CTO of data protection Jason Hart told eSecurity Planet by email that these types of attacks will inevitably continue until organizations leverage end-to-end encryption to protect payment data. “Breaches are inevitable and companies and IT staff must accept that fact, but that doesn’t mean action can’t be taken — they need to secure the breach,” he said. “Doing so requires a data-centric view of threats in which essentially the value of data is made useless to hackers,” Hart added. “And that entails better identity and access control techniques, foremost, multi-factor authentication and the use of encryption and key management to secure sensitive data.”

 

To read the full article click here.