SC Magazine UK – Greenwich University Breach costs university £120,000

scmediaGreenwich University has been fined £120,000 after a security breach at the university resulted in the leak of 19,500 students’ data to the internet, according to Signavio.

Greenwich University has been fined £120,000 after a security breach at the university resulted in the leak of 19,500 students’ data to the internet, according to Signavio. This data included names, addresses, date of birth, phone numbers, signatures and in some cases, physical and mental health problems.

Jason Hart, CTO of Data Protection, Gemalto concludes: “This should be a reminder for organisations around the world to dig deep when it comes to protecting their data. If businesses don’t know where it is or whether it’s properly secured then they are leaving themselves and their customers vulnerable. While many are taking steps to improve their data security, the fact that some breaches can lay undiscovered for three years leaves little doubt that there is still work to do before there is widespread GDPR compliance. In order to adequately protect their data, businesses must regularly audit and ensure security controls, such as encryption and key management are implemented, whether the data is being stored or used in a transaction”.

To read the full article click here.

CSO Online – Let’s get serious about security: 2.6 billion records stolen or compromised in 2017

csoonlineGemalto’s 2017 Breach Level Index found 2.6 billion records were compromised in 2017, as well a number of new data breach tactics. Breached or exposed data is not only a headache for security teams. It also impacts brand reputation, customer confidence and stock prices, but risk can be managed by mapping out where data resides.

Gemalto, my employer, recently published the latest research from its Breach Level Index (BLI), sharing that 2.6 billion records were stolen, lost or exposed worldwide during the year of 2017. A global database, the BLI follows and studies breaches, the types of data compromised and how it was accessed or lost.

To read the full article click here.

IT Pro – UK businesses failing basic security measures

itproBritain’s business are still ignoring basic security fundamentals, with almost half failing to implement foundational security protections. This is according to the annual Cyber Security Breaches Survey, conducted by the Department for Digital, Culture, Media and Sport to assess the security awareness and preparedness of businesses in the UK, which found that many UK companies are not following the basic security steps laid out as part of the government’s Cyber Essentials scheme.

“While it’s troubling to hear that almost half of UK businesses have experienced a cyber attack in the past year, the actual volume of these incidents is likely considerably higher,” said Gemalto’s CTO and former ethical hacker, Jason Hart. “In fact, we’ve seen from our Breach Level Index that almost as many data incidents are caused by accidental loss, as malicious outsiders.”

To read the full article click here.

 

Cybersecurity Insiders – Fancy Bear Leaks Documents Allegedly Stolen from International Luge Federation

cybersecurity_insiders_logoFancy Bear has leaked what it asserts are documents stolen from the International Luge Federation (ILF) two weeks ahead of the 2018 Winter Olympics.

On 24 January, the digital espionage group posted a statement explaining its motivation for conducting what it calls “OpOlympics”:

Jason Hart, CTO of Data Protection at Gemalto, is familiar with the 2016 incident…

MUCH LIKE FANCY BEARS’ HACK OF THE WORLD ANTI-DOPING AGENCY’S (WADA) WEBSITE LAST YEAR, THESE DOCUMENTS NEED TO BE TAKEN WITH A PINCH OF SALT, AS THE HACKING GROUP HAS A HISTORY OF CHANGING THE DATA THEY STEAL TO SUIT THEIR OWN PURPOSES. THIS DATA MANIPULATION POSES AN ARGUABLY GREATER THREAT TO ORGANIZATIONS THAN SIMPLE DATA THEFT, AS IT CAN ALLOW HACKERS TO ALTER ANYTHING FROM STOCK OR SALES NUMBERS AND IN THIS CASE, POTENTIALLY THE REPUTATIONS OF INNOCENT ATHLETES.

To read the full article click here.

Cyber Security Hub – Cyber Security: Who’s In Charge?

cyber-security_1_0It’s no mystery that the threat landscape has intensified, widened and spooked many security practitioners around the globe. Between breach anxiety amongst the C-Suite, the increasing perimeter size of large enterprises, numerous endpoints tapping into the network and a glaring disconnect between departments, cyber security is still an often-overlooked facet of the business. This, of course, should not be so.

In recent years, the threat vectors have multiplied and security practitioners have been forced to deploy various solutions to mitigate – or attempt to mitigate – the many network dangers.

According to Gemalto’s 2017 Breach Level Index report, a whopping 2 billion data records were lost or stolen via cyber-attacks in the first part of 2017. Gemalto’s Vice President and Chief Technology Officer for Data Protection, Jason Hart, also added that two-thirds of firms breached had their share price negatively impacted. Of 65 companies evaluated, breaches cost shareholders $52.4 billion.

To read the full article click here.

CSO Online – Data breaches are taking a toll on customer loyalty

csoonlineData breaches are happening on a daily basis. And as the number of breaches has soared, the scale of attacks has escalated as well. According to the Breach Level Index, 1.9 billion data records worldwide were compromised during the first half of 2017 due to 918 data breaches. The number of lost, stolen or compromised records increased by an overwhelming 164 percent compared to the last six months of 2016. (Disclosure: the Breach Level Index is operated by Gemalto, where I am employed.)

This year saw major security incidents affecting numerous high-profile corporations such as Equifax and Deloitte. And the consequences of such breaches now appear to be moving beyond the direct financial impact. As businesses struggle to maintain and protect consumer data, consumers are growing wary of both the attitude and practices those organisations take in order to do so.

To read the full article click here. 

 

Four Data Security Trends that Defined 2017

With 2018 upon us, it’s important we take stock of the data security trends and threats that defined 2017. Several notable trends emerged over the course of the year, after all, and these will no doubt continue to shape the data security landscape into 2018 and beyond.

Here are four such remarkable data security trends that helped mould the past year:

1. International Malware Outbreaks

One of the most notable data security trends of 2017 were three strains of malware made headlines for attack campaigns that swept across national boundaries. On 12 May, WannaCry ransomware got things going with an outbreak that claimed the United Kingdom’s National Health Service (NHS), Spanish telecommunications giant Telefonica, and at least 200,000 other organizations worldwide as victims. NotPetya followed less than two months later when the Petya impersonator/wiper malware struck a Ukrainian power supplier, France’s Saint-Gobain, and close to 17,000 other targets primarily in North America and Europe. Both attacks leveraged EternalBlue, an exploit which abuses a vulnerability in Microsoft’s implementation of the Server Message Block (SMB) protocol, for distribution.

It wasn’t until October 2017 that Bad Rabbit, a strain of Diskcoder, reared its head. This malware used drive-by attacks as its primarily means of infecting users. As a result, it infected only a few hundred computers mainly located in Russia, Ukraine, Germany, Turkey, South Korea, the United States, and a few other countries.

2. Mega-Breaches (and Curious Responses)

In light of the hacking attack disclosures involving LinkedInDropbox, Yahoo (which only got worse), and others, history will no doubt remember 2016 as the “Year of the Mega Breach.” 2017 didn’t produce as many mega-breaches as 2016, but it nevertheless yielded some notable data security incidents…with some equally extraordinary responses. You can find a database of data breaches going back to 2013 in Gemalto’s Breach Level Index.

For instance, Equifax acknowledged in the beginning of September that hackers had breached its systems and thereby compromised the personal information of 143 million American citizens. Consumers’ personal data was simply left unencrypted. Things went awry on the day of disclosure when the credit bureau directed concerned users to visit a resource to verify if they were victims of the breach. That resource was located at a separate site riddled with bugs. Additionally, a slow disclosure time and subsequent gaffes on Twitter led Brian Krebs to call the response a “dumpster fire.”

Two months later, the world learned of the data breach at Uber that compromised 57 million driver and rider accounts in 2016. The ride-sharing company ultimately met the hackers’ ransom of $100,000 to ensure the attackers deleted their copy of the stolen data. It then went further by insisting the hackers sign a NDA, camouflaging the ransom payment as a bug bounty program payout, and remaining silent about the breach for more than a year.

3. CIA Hacking Tools

In the spring of 2017, WikiLeaks published a series of documents pertaining to the Central Intelligence Agency’s hacking operations. Detailedin those leaked sources are various tools used by CIA agents to infiltrate their targets, including malware for smart TVsand iOS exploits. The documents even include borrowed code from public malware samples.

Symantec subsequently analyzed those hacking tools in April and linked them to 40 attacks in 16 countries conducted by a group called Longhorn. It’s unclear how many additional attacks those tools have since facilitated.

4. Attacks against Cryptocurrency Exchanges

One Bitcoin was worth just $979 on 1 January 2017. Since then, its value has multiplied more than 13 times, with its rate peaking at $19,843. Investors no doubt celebrated that price explosion. But they weren’t the only ones tracking the digital money’s increase. Malefactors also saw the rise of Bitcoin; they took it upon themselves to try to hack various exchanges for the cryptocurrency. Indeed, at least eight marketplaces have suffered data breaches as of 23 December, with Parity Technologies losing $32 million in Ethereum and hackers stealing $70 million in Bitcoinfrom NiceHash. One can expect this data security trend to continue into 2018.

What Made 2017 Stand Out for You?

Which of these data security trends and threats concerns you most? Also, what other data security trend grabbed your attention in 2017? If so, let me know in the comments!

 

This post also appeared on the Gemalto Security blog here.

Channel Eye – Consumers will abandon insecure businesses

channeleyeCompanies that suffer from a data breach could lose more than 70 percent of their customers, according to a new survey.

Ok, the survey was carried out by Gemalto which is a security company, but it was based on questions asked to 10,000 consumers.

Gemalto Identity and Data Protection CTO Jason Hart said: “Consumers are evidently happy to relinquish the responsibility of protecting their data to business, but are expecting it to be kept secure without any effort on their part.”

“In the face of upcoming data regulations such as GDPR, it’s now up to businesses to ensure they are forcing security protocols on their customers to keep data secure. It’s no longer enough to offer these solutions as an option. These protocols must be mandatory from the start – otherwise, businesses will face not only financial consequences but also potential legal action from consumers.”

To read the full article click here.

IT Business Edge – Holiday-Related Studies Find Customers Will Go Elsewhere When Security Fails

itbe_logoI know Black Friday and Cyber Monday are over, but the holiday shopping season is in full swing. Some interesting cybersecurity studies are out right now that I think should serve as a good reminder on why companies should be taking a hard look at their cybersecurity systems – not just during November and December, but all year round…

As Jason Hart, CTO, Identity and Data Protection at Gemalto, said in a formal statement:

Consumers are evidently happy to relinquish the responsibility of protecting their data to a business, but are expecting it to be kept secure without any effort on their part. It’s now up to businesses to ensure they are forcing security protocols on their customers to keep data secure. It’s no longer enough to offer these solutions as an option.

To read the full article click here.

 

InfoSecurity Magazine – Consumers Overwhelmingly Blame Businesses for Breaches

infosecurityAccording to a Gemalto survey of more than 10,000 consumers worldwide, only a quarter (27%) feel businesses take customer data security very seriously, and 70% would take their business elsewhere after a breach.

“Consumers are evidently happy to relinquish the responsibility of protecting their data to a business, but are expecting it to be kept secure without any effort on their part,” said Jason Hart, CTO, Identity and Data Protection at Gemalto. “In the face of upcoming data regulations such as GDPR, it’s now up to businesses to ensure they are forcing security protocols on their customers to keep data secure. It’s no longer enough to offer these solutions as an option. These protocols must be mandatory from the start—otherwise businesses will face not only financial consequences, but also potentially legal action from consumers.”

To read the full article click here.