HelpNet Security – Consumers believe social media sites pose greatest risk to data

helpnetA majority of consumers are willing to walk away from businesses entirely if they suffer a data breach, with retailers most at risk, according to Gemalto. Two-thirds (66%) are unlikely to shop or do business with an organisation that experiences a breach where their financial and sensitive information is stolen. Retailers (62%), banks (59%), and social media sites (58%) are the most at risk of suffering consequences with consumers prepared to use their feet.

“Businesses have no choice but to improve their security if they want to address frustrated consumers that don’t believe the onus is on them to change their security habits,” says Jason Hart, CTO, Data Protection at Gemalto. “Social media sites in particular have a battle on their hands to restore faith in their security and show consumers they’re listening – failing to do so will spell disaster for the most flagrant offenders, as consumers take their business elsewhere.”

To read the full article click here.

Computer Weekly – UK consumers threaten data breach backlash

cw_logoMost UK and global consumers are willing to walk away from businesses that fail to look after personal data, with retailers most at risk, research shows

Seven out of 10 UK consumers and two-thirds, on average, around the world would stop doing business with a brand that suffers a breach of users’ financial or personal data. Retailers are most at risk globally, with 62% of respondents willing to walk away after a data breach, followed by banks (59%) and social media sites (58%), according to a survey of 10,500 consumers by digital security firm Gemalto.

“Businesses have no choice but to improve their security if they want to address frustrated consumers that don’t believe the onus is on them to change their security habits,” said Jason Hart, CTO, data protection at Gemalto.

“Social media sites, in particular, have a battle on their hands to restore faith in their security and show consumers they are listening. Failing to do so will spell disaster for the most flagrant offenders, as consumers take their business elsewhere.”

To view the full article click here.

techradar – The true cost of a data breach

techradarFalling victim to a data breach hurts your business’ bottom line as well as its reputation

From the implementation of the General Data Protection Regulation (GDPR) back in May, which fundamentally changed the rulebook for storing data of EU citizens at least to the Butlin’s hack, 2018 has been a very significant year for cybersecurity.

One of the biggest changes centred around transparency, specifically businesses being forced to reveal within 72 hours if they have suffered a breach. While the US has had this type of policy for a while, businesses in the EU were not required to publicly state when a breach occurred, leaving them free to keep significant news like this from their customers. But now that things have changed, and it’s starting to heat up in the EU.

To read the full article click here.

Computer Business Review – The True Cost of a Data Breach

cbr-logo“Encrypting data at rest and in motion, securely managing the encryption keys and storing them securely, while also managing and controlling user access, are vital steps for businesses to take to protect themselves”

From the implementation of the General Data Protection Regulation (GDPR) back in May, which fundamentally changed the rulebook for storing data of EU citizens at least to the Butlin’s hack, 2018 has been a very significant year for cybersecurity.

One of the biggest changes centred around transparency, specifically businesses being forced to reveal within 72 hours if they have suffered a breach. While the US has had this type of policy for a while, businesses in the EU were not required to publicly state when a breach occured, leaving them free to keep significant news like this from their customers. But now that things have changed, and it’s starting to heat up in the EU.

To read the full article click here.

GDPR: Report – Reddit hack: data held in 2007 exposed

gdprreport-logogReddit, the website supporting discussion and content ratings, has confirmed it was subject to a data breach, affecting all data held in 2007 and before and email digests sent in June of this year.

“Although it was a serious attack,” said Reddit in a statement, “the attacker did not gain write access to Reddit systems; they gained read-only access to some systems that contained backup data, source code and other logs.”

Jason Hart, CTO, Data Protection at Gemalto said: “Network intrusions like this are inevitable. The Reddit issue reinforces again that being breached is not a question of ‘if’ but ‘when’ and a multi-layered approach to security is needed. Even with multi-factor authentication deployed, the Reddit breach still occurred. Given today’s security climate, all online companies should use the forms of multi-factor authentication that are appropriate for the data assets being accessed as well as using encryption and key management to secure sensitive data.”

To read the full article click here.

Silicon: Reddit Confirms ‘Serious’ Hack Of User Data

siliconReddit knew of ‘security incident’ since 19 June but only alerted users more than a month later

More than a month since it happened, Reddit has this week confirmed that it has suffered what it is calling a ‘security incident’.

“Network intrusions like this are inevitable,” explained Jason Hart, CTO of data protection at Gemalto. “The Reddit issue reinforces again that being breached is not a question of ‘if’ but ‘when’ and a multi-layered approach to security is needed.”

“Even with multi-factor authentication deployed, the Reddit breach still occurred,” said Hart. “Two years ago NIST made recommendations for companies to consider stronger forms of MFA like token-based authentication. Given today’s security climate, all online companies should use the forms of multi-factor authentication that are appropriate for the data assets being accessed as well as using encryption and key management to secure sensitive data.”

To read the full article click here.

Computer Business Review – MyHeritage Hack: “Future Hackers Could Amend Stolen DNA”

cbr-logoNo DNA data has been lost as a result of a hack at genealogy and DNA testing website MyHeritage that resulted in the leak of 92,283,889 email addresses and hashed user passwords the company has claimed.

“Sensitive data such as family trees and DNA data are stored by MyHeritage on segregated systems, separate from those that store the email addresses, and they include added layers of security. We have no reason to believe those systems have been compromised,” the Israel-based company said.

Gemalto CTO of Data Protection Jason Hart said: “This reinforces again that being breached is not a question of ‘if’ but ‘when’. Perimeter defences are just what they are, first lines of defence. When those fail, the only way data can be protected is to encrypt it. It is especially important that sensitive personal data is always be encrypted. That way, if the data is stolen it is useless to the thieves.”

He added: “MyHeritage noted that it plans to add additional protective measures in the future. While it appears that MyHeritage hashed its passwords, this is a weak form of protection. Given today’s security climate, all online companies should have multi-factor authentication activated by default for all online accounts as well as using encryption and key management to secure sensitive data.”

To read the full article click here.

Business Today – Data theft increased by 783% in India in 2017, says study

business-todaySome 3.24 million records were stolen, lost or exposed in India in 2017, according to Breach Level Index study by digital security firm Gemalto. This number has increased by a whopping 783% over the previous year. The study tracks and analyses data breaches, the type of data compromised and how it was accessed, lost or stolen in the last five years.

“The manipulation of data or data integrity attacks pose an arguably more unknown threat for organizations to combat than simple data theft, as it can allow hackers to alter anything from sales numbers to intellectual property. By nature, data integrity breaches are often difficult to identify and in many cases, where this type of attack has occurred, we have yet to see the real impact,” said Jason Hart, Vice President and Chief Technology Officer for Data Protection at Gemalto.
To read the full article click here.

SC Magazine UK – Greenwich University Breach costs university £120,000

scmediaGreenwich University has been fined £120,000 after a security breach at the university resulted in the leak of 19,500 students’ data to the internet, according to Signavio.

Greenwich University has been fined £120,000 after a security breach at the university resulted in the leak of 19,500 students’ data to the internet, according to Signavio. This data included names, addresses, date of birth, phone numbers, signatures and in some cases, physical and mental health problems.

Jason Hart, CTO of Data Protection, Gemalto concludes: “This should be a reminder for organisations around the world to dig deep when it comes to protecting their data. If businesses don’t know where it is or whether it’s properly secured then they are leaving themselves and their customers vulnerable. While many are taking steps to improve their data security, the fact that some breaches can lay undiscovered for three years leaves little doubt that there is still work to do before there is widespread GDPR compliance. In order to adequately protect their data, businesses must regularly audit and ensure security controls, such as encryption and key management are implemented, whether the data is being stored or used in a transaction”.

To read the full article click here.

CSO Online – Let’s get serious about security: 2.6 billion records stolen or compromised in 2017

csoonlineGemalto’s 2017 Breach Level Index found 2.6 billion records were compromised in 2017, as well a number of new data breach tactics. Breached or exposed data is not only a headache for security teams. It also impacts brand reputation, customer confidence and stock prices, but risk can be managed by mapping out where data resides.

Gemalto, my employer, recently published the latest research from its Breach Level Index (BLI), sharing that 2.6 billion records were stolen, lost or exposed worldwide during the year of 2017. A global database, the BLI follows and studies breaches, the types of data compromised and how it was accessed or lost.

To read the full article click here.