Security Boulevard – How Brexit Impacts the Future of Europe’s Cybersecurity Posture

security-boulevardThe British parliament has been unable to agree the exit package from the European Union. With the possibility of a “no deal” departure looming, EU leaders have granted a six-month extension to Brexit day. But the uncertainty that still lingers with regards to Britain’s future, creates various opportunities which cyber criminals could try to exploit.

Given the situation, careful examination of Brexit’s direct and indirect implications must be made, if we are to better understand the potential ramifications of a “no deal” exit. Let’s begin by looking at relevant regulations.

A brief look at current and future legal frameworks

The EU recently adopted two key pieces of legislation designed to govern cybersecurity and privacy issues. The first piece of legislation, the General Data Protection Regulation (GDPR)1, regulates data protection and privacy for all individuals within the European Union (EU) and the European Economic Area (EEA). The second regulation, the EU Network and Information Security Directive (NIS)2, provides legal measures to boost the overall level of cybersecurity in the EU.

For its part, the United Kingdom incorporated GDPR into its Data Protection Act 20183 and the NIS Directive into its NIS Regulations 20184, a political choice showing that the UK strategically desires to be aligned and, to a certain extent, compliant with the new EU regulations.

To read the full article, click here.

The Future of Cybersecurity – A 2019 Outlook

The Future of Cybersecurity – A 2019 Outlook


This post also appears on the Gemalto Enterprise security blog here.

From the record-breaking number of data breaches to the implementation of the General Data Protection Regulation (GDPR), 2018 will certainly go down as a memorable year for the cybersecurity industry. And there have been plenty of learnings for both the industry and organisations, too.

Despite having two years to prepare for its inception, some companies were still not ready when GDPR hit and have faced the consequences this year. According to the law firm EMW, the Information Commissioner’s Office received over 6,000 complaints in around six weeks between 25th May and 3rd July – a 160% increase over the same period in 2017. When GDPR came into force, there were questions raised about its true power to hold companies to account – with the regulation saying fines could be implemented up to £16.5 million or 4% of worldwide turnover. The latter half of this year has shown those concerns were unfounded, with big companies, including Uber as recently as this week, being fined for losing customer data. What 2018 has shown, is the authorities have the power and they’re prepared to use it.

In fact, the role of GDPR was to give more power back to the end user about who ultimately has their data, but it was also ensuring companies start taking the protection of the data they hold more seriously. Unfortunately, while the issue around protecting data has grown more prominent, the methods to achieving this are still misguided. Put simply, businesses are still not doing the basics when it comes to data protection. This means protecting the data at its core through encryption, key management and controlling access. In our latest Breach Level Index results for the first half of 2018, only 1% of data lost, stolen or compromised was protected through encryption. The use of encryption renders the data useless to any unauthorised person, effectively protecting it from being misused. Another reason to implement this is it is actually part of the regulation and will help businesses avoid fines as well. With such a large percentage still unprotected, businesses are clearly not learning their lessons.

So, moving on from last year, what might the next 12 months bring the security industry? Based on the way the industry is moving, 2019 is set to be an exciting year as AI gains more prominence and, quantum and crypto-agility start to make themselves known.

2019 Predictions

1. Quantum Computing Puts Pressure on Crypto-Agility

Next year will see the emergence of the future of security – crypto-agility. As computing power increases, so does the threat to current security protocols. But one notable example here is encryption, the static algorithms of which could be broken by the increased power. Crypto-agility will enable businesses to employ flexible algorithms that can be changed, without significantly changing the system infrastructure, should the original encryption fail. It means businesses can protect their data from future threats including quantum computing, which is still years away, without having to tear up their systems each year as computing power grows.

2. Hackers will launch the most sophisticated cyber-attack ever using AI in 2019

Up until now, the use of AI has been limited, but as the computing power grows, so too do the capabilities of AI itself. In turn this means that next year will see the first AI-orchestrated attack take down a FTSE100 company. Creating a new breed of AI powered malware, hackers will infect an organisations system using the malware and sit undetected gathering information about users’ behaviours, and organisations systems. Adapting to its surroundings, the malware will unleash a series of bespoke attacks targeted to take down a company from the inside out. The sophistication of this attack will be like none seen before, and organisations must prepare themselves by embracing the technology itself as a method of hitting back and fight fire with fire.

3. Growing importance of digital transformation will see the rise of Cloud Migration Security Specialists in 2019

As organisations embrace digital transformation, the process of migrating to the cloud has never been under more scrutiny; from business leaders looking to minimise any downtime and gain positive impact on the bottom line, to hackers looking to breach systems and wreak havoc. As such, 2019 will see the rise of a new role for the channel – the Cloud Migration Security Specialist. As companies move across, there is an assumption that they’re automatically protected as they transition workloads to the cloud. The channel has a role to play in educating companies that this isn’t necessarily the case and they’ll need help protecting themselves from threats. It’s these new roles that’ll ensure the channel continues to thrive.

A Boardroom Issue That Needs to Yield Results

With 2018 fast disappearing, the next year is going to be another big one no matter what happens, as companies still struggle to get to terms with regulations like GDPR. With growing anticipation around the impact of technologies like quantum and AI, it’s important that companies don’t forget that the basics are just as vital, if not more, to focus on. So, while 2018 has been the year where cybersecurity finally became a boardroom issue, 2019 needs to be the year where its importance filters down throughout the entire company. For an issue like cybersecurity, the company attitude towards it needs to be led from the top down, so everyone buys into it. If that happens, could next year see no breaches take place? Extremely unlikely. But maybe it could be the year the industry starts to turn the tide against the hacking community.

CMO Australia – Report: Consumers prepared to walk away due to data breaches

cmoAustralian consumers are more likely than their global counterparts to walk away from a company that experiences a data breach.

Consumers are holding companies responsible for data security and are likely to abandon a business entirely, and take legal action, if they suffer a data breach, a new study reports.

Gemalto’s Customer Loyalty 2018 Report found Australian consumers are more likely than their global counterparts to walk away from a company (retail, financial, healthcare) that experiences a breach, with over two-thirds (70 per cent) admitting they would look elsewhere if financial and sensitive information such as card details and bank accounts were stolen. Over half (55 per cent) admitted they would also walk if passwords alone were stolen.

“Businesses have no choice but to improve their security if they want to address frustrated consumers that don’t believe the onus is on them to change their security habits,” Gemalto CTO of data protection, Jason Hart. “Social media sites in particular have a battle on their hands to restore faith in their security and show consumers they’re listening – failing to do so will spell disaster for the most flagrant offenders, as consumers take their business elsewhere.”

“This should be a wake-up call to businesses that consumer patience has run out. It’s clear they have little faith that organisations are taking their data protection seriously, or that their concerns will be heard, forcing them to take action themselves.”

This protection is also vital if organisations want to keep the next generation of customers, Hart said.

“As young people become the big spenders of the future, businesses are risking not only alienating their current and future revenue streams but also their reputation if they continue to give the impression that they don’t take data security seriously,” he added. “Businesses must start doing the basics properly; protecting their most valuable asset, data, with the correct security controls.”

To read the full article click here.

Payments Journal – New York CyberSecurity State of Mind

paymentsjournalThe conversation around data protection is heating up as governments start to think more strategically and globally about information security and breaches. It’s increasingly clear that we need standardized cybersecurity regulations and more intense enforcement to track criminals across borders. In the wake of tough new regulatory frameworks adopted by the European Union and California, the U.S. Commerce Department is seeking comments on how to set nationwide data privacy rules.

To read the full article click here.

Information Age – A CTO guide: Cyber security best practice tips

information-age-logo-text-onlyAs part of Information Age’s Cyber Security Month, we have provided three CTO guides on cyber security: the challengesthe technology and the best practices. This is the last one, and will focus on cyber security best practice tips, with some insights on how CTOs, or CISOs or those in charge of security, can protect their organisation from the growing list of cyber threats, as well as increasing human error.

Jason Hart, CTO at Gemalto suggests that the cyber criminals are exploiting the arrogance of organisations.

“Senior leaders must be situationally aware and ensure that employees only have access to the data that they need at any given point,” he says.

>Read more on Gemalto CTO: Beating ‘cybercriminals at their own game’

“Very few understand the critical importance of knowing the impact of people, data and business processes, and this is the weakness that cyber criminals are exploiting. There are those that are simply ignorant, who just aren’t looking or considering the impact of a data breach and those that are arrogant and believe they know it all, thinking that massive investment in the latest security products will stop a breach. But it’s this very arrogance that makes them vulnerable. In both cases, there is a serious lack of situational awareness.”

To read the full article click here.

AV Technology Europe – Is your AV equipment putting your company’s cyber security at risk?

avte-logo“The change and transformation that AV brings is fantastic, but it’s all a potential proxy for the bad guys to get into an organisation”

Jason Hart, CTO, data protection at Gemalto – a world leader in digital security – agreed, stating that any piece of connected AV equipment creates added opportunities for cyber criminals to gain access to your precious data.

“Anyone with digital signage, uses digital displays, does video conferencing, uses a microphone and has speakers are all potentially at risk,” he explained.“Every piece of equipment that’s connected to a network is a potential doorway for a hacker. Anyone with a digital display, or does video conferencing, uses microphones and has speakers are potentially at risk. Think about all the information displayed on an interactive whiteboard? Your entire business strategy might have been outlined, containing highly confidential information. That whiteboard is recording everything electronically and storing it on a computer and that computer is backing it up to the cloud. If I was a bad guy and could access that information, the ramifications could be enormous.

He continued: “What about a lawyer or a legal council using forms of AV technology, such as conference calling? What if I could find that conference calling system online and listen in to the calls without them even knowing?

“The change and transformation that AV brings is fantastic, but it’s all a potential proxy for the bad guys to get into an organisation.”

To read the full article click here.

ITPro – Tech firms welcome Cyber Security Export Strategy

itproBut experts caution against nation state hacking risks, and urge firms to get basics right

The UK government’s new Cyber Security Export Strategy has been welcomed by tech industry experts who believe it will help small businesses secure contracts with overseas buyers.

The plan, published by the Department for International Trade (DIT) yesterday, sets out to support the UK’s cyber security companies and small businesses as they look to grow, and make the UK a global leader in the fight against cybercrime.

Data protection CTO Jason Hart said he is happy to see the UK sharing its expertise, but stresses the need for businesses to get the ‘basics’ right to fully protect their valuable data.

“The UK has long been a cyber security leader, so it’s great to see some of this expertise being shared with other countries,” he said.

“With much of our world now connected by valuable data, hackers can easily access this data unless everyone gets the basics right when it comes to security.

“Businesses need to be protecting what matters by encrypting the data at its source and restrict access via identity controls. If the UK can help other nations follow these basic security principles then we’ll go some way to better protecting our valuable assets.”

To read the full article click here.

ComputerWorld UK – Cyber security tips for UK businesses

computerworldukHere’s ten cyber security tips your business needs, from an ethical hacker.

The amount of data we create is increasing rapidly. According to IBM, every day we generate 2.5 quintillion bytes, so much that 90 percent of the data in the world today has been created in the last two years alone.

To read the full article click here. 

Silicon Republic – Wanted: IT security superheroes to fight cybercrime

siliconrepublicFrom WannaCry to Petya, it’s no wonder the cybersecurity sector is crying out for talent to fight ransomware. Hays’ Carolyn Dickason explores the increasing need for talent in infosec.

“The Breach Level Index highlights four major cyber-criminal trends over the past year. Hackers are casting a wider net and are using easily attainable account and identity information as a starting point for high-value targets,” said Jason Hart, Gemalto’s chief technology officer for data protection, in the report.

“Clearly, fraudsters are also shifting from attacks targeted at financial organisations to infiltrating large databases, such as entertainment and social media sites. Lastly, fraudsters have been using encryption to make breached data unreadable, then hold it for ransom and decrypting once they are paid.”

To read the full article click here.

Pearl & Coutts – Improving cybersecurity in your small business office

pearlandcouttsThe recent cybercrime incident experienced by the NHS highlights just how easily an organisation can be brought to a standstill by an online attack. As the owner of an SME, you’re particularly vulnerable to this type of threat – with 60% of smaller companies going out of business within six months of suffering a cyber-attack.

According to Jason Hart, CTO  for digital security specialist Gemalto, companies need to accept that a breach of security in the 21st century is inevitable. As such, your approach should focus on how to cope with security breaches as well as on how to prevent them. The new method of managing security breaches is called ‘micro-segmentation’, which essentially involves creating lots of small walls (rather than one large firewall) around the data that needs protecting most. Then, if a hacker does manage to gain access, they won’t be able to cause large-scale disruption.

To read the full article click here.