Intelligent CISO – Research reveals businesses believe cloud apps make them targets

intelligent-cisoAccording to new research from Thales, almost half (49%) of businesses believe cloud apps make them a target for cyberattacks.

Surveying 1,050 IT decision makers globally, Thales’ 2019 Access Management Index revealed that cloud applications (49%) are listed in the top three reasons an organisation might be attacked, just behind unprotected infrastructure such as IoT devices (54%) and web portals (50%).

Jason Hart, Cybersecurity expert at Thales, added: “It’s positive to see the UK ahead of its counterparts in using the right expertise in the right places. Giving CISOs the final decision on cloud access management is the most logical thing because they have the situational awareness to understand the risks facing the business and how to stop it more than anyone else. However, being ahead of the global average isn’t enough as a huge majority are still not giving the CISO or equivalent the final say, leaving most UK businesses exposed in the long run.”

To read the full article click here.

Computer Weekly – Nearly half of firms fear cloud apps make them insecure

cw_logoSurvey shows more than one-third of global companies appoint a CISO in the face of data breaches, and the UK is giving CISOs more power despite making fewer appointments

Jason Hart, cyber security expert at Thales, said it is positive to see the UK ahead of its counterparts in using the right expertise in the right places.

“Giving CISOs the final decision on cloud access management is the most logical thing because they have the situational awareness to understand the risks facing the business and how to stop it more than anyone else. However, being ahead of the global average isn’t enough as a huge majority are still not giving the CISO or equivalent the final say, leaving most UK businesses exposed in the long run.”

To read the full article click here.

The Telegraph – The hidden dangers of using Wi-Fi on holiday, according to a former hacker

telegraph2We all use public Wi-Fi on our holidays, but is this safe? A former ‘ethical hacker’ explains the dangers of public connections, and the simple measures we can take to protect our online identities abroad.

There’s no escaping it. We’re all vulnerable to theft on our holidays. I was reminded of this on a recent trip to Chile, when a friend I was travelling with had her phone, bank cards and cash pinched from her pocket in Santiago city centre…

“Anyone who connects a device to a Wi-Fi access point without taking necessary safety precautions is inviting hackers on their vacation with them,” he said. “Travellers should realise, especially in foreign countries, that hacks are inevitable. You could be in a hotel resort, down by the pool but the hacker is up in a room on the 12th floor and you wouldn’t know. But there are ways to protect against a ruined vacation.”

 

Read the full article here.

 

Infosecurity Magazine – “Cloud Apps Make Us Targets” Say 49% of Companies

infosecurityAlmost half of businesses believe cloud apps make them a target for cyber-attacks, according to a survey of 1,050 IT decision makers who participated in Thales’ 2019 Access Management Index.

The report found that 49% of organizations admitted that cloud apps are likely one of the top three reasons their organization might be attacked. Cloud apps followed behind unprotected infrastructure such as IoT devices (54%) and web portals (50%), according to the study.

“While the UK has been slower to react to the rising number of data breaches by appointing a dedicated CISO, positively it’s ahead of the global average when it comes to using its expertise in the right places,” said Jason Hart, cybersecurity expert at Thales.

Businesses in the UK (19%) are slightly ahead of global organizations (14%) when it comes to empowering the CISO to make final decisions over cloud access management. “Giving CISOs the final decision on cloud access management is the most logical thing because they have the situational awareness to understand the risks facing the business and how to stop it. Many other countries worldwide are falling short of the mark here and leaving themselves exposed in the long run,” Hart said.

To read the full article click here.

Wired UK – Threat Matrix: navigating new challenges and emerging risks

wiredThis special report created by WIRED Consulting and Bird & Bird seeks to explore key threats to businesses and how they can mitigate damage should disaster strike. This is the ultimate C-suite guide to navigating new business challenges and emerging risks.

“Yet many companies, according to Jason Hart, chief technology officer at Gemalto’s data protection solutions, do not fully grasp the level of associated risk. ‘Board and C-suite level awareness around security generally has grown,’ he says, ‘but there’s still much less understanding about what the different risks are around confidentiality and data integrity [where data is maliciously altered], the different types of data a company may hold, and the impact it would have if they were to be compromised.”

Download the report here.

Infosecurity – Encryption is Often Poorly Deployed, if Deployed at All

 infosecurityEncryption continues to be a challenge for companies, as only a quarter of organizations admit to using it for at-rest data, and for emails and data centers.

According to research by Thales and IDC, encryption for email is only adopted by around 27% of the European respondents, while the numbers decline for data at rest, data centers, Big Data environments and full disk encryption. The only instance of European respondents ranking higher than a global number was in the instance of using cloud-native provider encryption.

Jason Hart, security evangelist at Thales, said that there is a wider problem of nothing changing in the last 25 years, except that we are creating more and more data. That has become a commodity, and “because of the acceleration of cloud I say to a company ‘what are you trying to protect?’ and after an hour we may get to a conversation about data and two hours later we may get to the type of data that they deem to be valuable.”

However, Hart argued that companies do not understand the risks that they are trying to mitigate, “and information security is really simple, it is about people, data and process.”

Speaking to Infosecurity, Hart said that if you look at every major breach that has occurred, there are too many instances of companies not deploying encryption properly, and also people do not look at the risk.

“You encrypted the data in the database, but what talks to the database? The application, so the data now transverses into the application’s code text and then from the application it goes into the cloud,” he said. “So they do it in silos and elements, but when people do it wrong, there is a false sense of security.”

To read the full article click here.

 

Just Food – UK companies “lack understanding of cyber security threats” – government report

just-foodA UK government report highlighting a significant lack of understanding among directors of FTSE 350 companies of how cyber attacks can hit businesses has been dubbed “alarming” by a cyber security professional.

The Government report, published today, found only 16% of boards have a full understanding of the impact from and disruption associated with cyber attacks, despite 96% having an established cyber security strategy.

“It’s alarming to see that the boards of the UK’s biggest businesses don’t understand the impact of cyber attacks, especially given that the impact of a serious attack is absolutely proven to impact revenue, reputation and even individual jobs,” said Jason Hart, CTO of Data Protection at Gemalto and former ethical hacker, in response to the report.

To read the full article click here.

Verdict UK – Lack of board-level cybersecurity awareness “alarming”

verdict-logoA UK government report highlighting a significant lack of board-level cybersecurity awareness among FTSE 350 members has been dubbed “alarming” by a senior cybersecurity professional.

The report, published today, found that only 16% of boards have a full understanding of the impact and disruption associated with cyberattacks, despite 96% having an established cybersecurity strategy.

“It’s alarming to see that the boards of the UK’s biggest businesses don’t understand the impact of cyberattacks, especially given that the impact of a serious attack is absolutely proven to impact revenue, reputation and even individual jobs,” said Jason Hart, CTO of Data Protection at Gemalto and former ethical hacker, in response to the news.

“Of course these organisations will have a cybersecurity strategy in place, but if the business doesn’t understand it – let alone test it – it may as well not be there,” added Hart

To read the full article click here.