Lack of confidence in data security can cost you more than you think

csoonline(This article first appeared on CSO Online here.)

The majority of companies don’t understand the value of their data, because they aren’t taking the necessary steps to study the information they are gathering from customers.

The European Union’s General Data Protection Regulation (GDPR) came into effect almost two months ago. Leading the way to a new era of data protection, the long-awaited GDPR has emphasized the importance of data security more than ever before. Besides tarnishing their reputation, businesses face the risk of encountering large fines if they don’t align with the regulation.

Although cybersecurity is top of mind for most organizations with the new law, they still feel uncertain about their data protection practices. Recent research from Gemalto, its fifth-annual Data Security Confidence Index, which surveyed 1,050 IT professionals and 10,500 consumers globally, revealed that businesses differ in their capability to study data that has been collected. Shockingly, two in three companies (65%) admit they don’t have the proper resources to analyze data and therefore are unable to do so.

The European Union’s General Data Protection Regulation (GDPR) came into effect almost two months ago. Leading the way to a new era of data protection, the long-awaited GDPR has emphasized the importance of data security more than ever before. Besides tarnishing their reputation, businesses face the risk of encountering large fines if they don’t align with the regulation.

Although cybersecurity is top of mind for most organizations with the new law, they still feel uncertain about their data protection practices. Recent research from Gemalto, its fifth-annual Data Security Confidence Index, which surveyed 1,050 IT professionals and 10,500 consumers globally, revealed that businesses differ in their capability to study data that has been collected. Shockingly, two in three companies (65%) admit they don’t have the proper resources to analyze data and therefore are unable to do so.

This finding forces me to think – the majority of companies don’t understand the value of their data, because they aren’t taking the necessary steps to study the information they are gathering from customers. That’s why organizations are stunted in the process of applying appropriate security controls to protect the valuable information they possess. Unsecured data is a hacker’s dream. Attackers can offer it up to the dark web or use ransomware, causing financial loss and reputation damage. It can take years to uncover data manipulation, which can put everything from an organization’s business strategy to product development at risk. In today’s digital world, data informs everything, so its value cannot be underestimated. We’ve all seen our fair share of breaches this past year that illustrate how detrimental they can be to an organization.

Organizations have gaps in confidence levels

Almost half of IT professionals say perimeter security is effective at keeping unauthorized users out of their networks. However, two thirds of them believe unauthorized users can access their corporate networks and less than half are confident in the security of their data once cyberhackers are inside.

With that being said, more than half of companies don’t know where all of their data is stored. Moreover, more than two thirds admit they don’t carry out all the processes aligned with data protection guidelines such as GDPR.

This gap in people’s confidence in their organization’s data protection policies indicates the reason for continuous breaches: twenty-seven percent of organizations reported their perimeter security was breached last year. Of those that had suffered an attack, only 10% of the compromised data was protected by encryption, leaving the rest exposed. In order to secure their networks IT professionals, need to use encryption, which, paired with other solutions, will provide an essential security base for a robust system needed to guard sensitive information.

Crucial steps for strong security

When it comes to cybersecurity it’s a valid question to ask, “Who’s in charge?”It’s crucial for organizations to get their houses in order, starting with determining who will be responsible for overseeing security measures. Every executive board needs to have a Data Protection Officer, a chief individual who leads data security from the top down. Second, organizations must organize, and study collected data to properly protect it and make informed business decisions. Lastly, IT pros need to change their outlook on security as a whole. It’s no longer a case of if, but when a breach occurs. Therefore, organizations should implement a comprehensive approach to cybersecurity, using methods such as encryption, two-factor authentication, and key management in addition to perimeter protection.

These critical steps aren’t solely for the sake of companies, but also for consumers who have data records tied to these businesses. The vast majority of consumers say it’s imperative that organizations comply with data regulations due to their growing understanding of breaches and communications around GDPR. Actually, fifty-four percent of consumers are aware of what encryption is, which shows knowledge of how data should be protected.

Cost of poor data security

Over the years, security experts’ predictions about potential costs of a breach have been increasing. Cybersecurity Ventures estimates the costs related to cybercrime damages to reach $6 trillion by 2021. From upgrading IT infrastructure to paying legal fees and government fines – many costs are either tangible or intangible. We’ve now reached the tipping point on the implications of data breaches, that can negatively affect company’s market value and ruin the reputation of the corporate and management teams.

With pressure to ensure consumer data is protected and the risks and costs of breaches growing, organizations need to take immediate steps to transform their approach to data security. Companies need to have confidence in how they gather, analyze, and store their information. Only having this understanding and ensuring compliance, they will be able to adopt effective security measures.

This article first appeared on CSO Online here.

What challenges enterprise cyber security executives?

data-security-confidence-index-2017-infographic-image-300x179Here’s an understatement for you: this is an interesting time to be a cyber security or risk management executive at an enterprise.

In reality, this is the most challenging period ever for organizations when it comes to safeguarding data and systems. There is a rising number of data breaches—nearly 1.4 billion data records were lost or stolen in 2016, according to Gemalto’s Breach Level Index—and serious threats such as ransomware are making worldwide headlines on a regular basis.

On top of that, companies are having to deal with a growing number of data protection regulations. This includes the General Data Protection Regulation (GDPR), a set of rules created by the European Parliament, European Council and European Commission to strengthen data protection for individuals within the European Union (EU).

Despite these and other developing challenges swirling around the cyber security landscape, many organizations are relying on the same old security solutions they’ve had in place for years. For example, a majority of IT professionals still think perimeter security products are effective at keeping unauthorized users out of their networks, according to a new Gemalto report conducted by independent research firm Vanson Bourne.

The report, Gemalto’s fourth-annual Data Security Confidence Index, also shows that companies are under investing in technology that adequately protects their business.

To gather data for the study, Vanson Bourne surveyed 1,050 IT decision makers across the U.S., U.K., France, Germany, India, Japan, Australia, Brazil, Benelux the Middle East and South Africa on behalf of Gemalto. The sample was split between manufacturing, healthcare, financial services, government, telecommunications, retail, utilities, consultation and real estate, insurance and legal, IT and other sectors from organizations with 250 to more than 5,000 employees.

A huge majority of those surveyed (94%) think perimeter security tools are quite effective at keeping unauthorized users out of their networks. But at the same time, about two thirds (65%) are not extremely confident that their data would be protected should their perimeter be breached. This represents a slight decrease from the survey conducted last year (69%). And despite the broad lack of confidence, nearly six in 10 of the organizations report that they think all their sensitive data is secure.

This shows that at many organizations, perimeter security is the focus but a good understanding of technology and data security is still lacking. Many of these businesses are continuing to prioritize perimeter security without realizing it has been largely ineffective against sophisticated cyber attacks.

The latest Gemalto research findings show that 76% of the decision makers said their organization had increased investment in perimeter security technologies such as firewalls, intrusion detection and prevention systems (IDPS), antivirus software, content filtering tools and anomaly detection systems to protect against external attackers.

Despite this investment, however, two thirds of the survey respondents (68%) think unauthorized users could access their networks, rendering their perimeter security ineffective.

These findings suggest a lack of confidence in the solutions being used today, especially when you consider that more than one quarter of the organizations (28%) have suffered perimeter security breaches over the past 12 months.

The reality of the situation gets even worse when you take into account the fact that, on average, only 8% of the data breached was encrypted. That means the vast majority of the stolen data was completely exposed to attackers—an unacceptable situation for organizations that should be doing all they can to protect sensitive information.

Furthermore, according to the report more than half of the respondents said they do not know where their sensitive data is stored, and more than one third of businesses do not encrypt valuable information such as payment or customer data. In other words, if this data is stolen, a cyber criminal would have full access to the information and could use it for crimes such as identify theft, financial fraud or ransomware.

It is clear that there is a divide between organizations’ perceptions of the effectiveness of perimeter security and the reality. By believing that their data is already secure, businesses are failing to prioritize the measures necessary to protect their data.

Businesses need to be aware that hackers and other bad actors are going after companies’ most valuable assets: their data. It’s important that they focus on protecting these resource, otherwise reality will inevitably bite those that fail to do so.

Inadequate security not only exposes organizations’ data to attackers, it leaves enterprises open to the risk of non compliance with regulations such as GDPR. There seems to be a global trend toward reforming and enhancing data protection laws, and many companies are not sure how to approach these new requirements.

That’s especially true of data privacy, which has traditionally been an afterthought, rather than included in products “by design.” This necessitates a longer-term change in approach and mindset.

With GDPR, which becomes enforceable in May 2018, organizations need to understand how to comply by properly securing personal data to avoid the risk of administrative fines and reputational damage. However, more than half of the survey respondents said they do not think they will be fully compliant with GDPR by May next year.

With less than a year to go, companies need to begin introducing the correct security protocols in their efforts to reach GDPR compliance, including encryption, two-factor authentication and key management strategies.

Investing in cyber security solutions has clearly become more of a focus for businesses in the last 12 months. However, what is of concern is that so few are adequately securing the most vulnerable and crucial data they hold, or even understand where it is stored. This is standing in the way of GDPR compliance, and before long the businesses that don’t improve their cyber security will face severe legal, financial and reputational consequences.

That’s not all. Organizations that don’t bring their security infrastructure up to date might also face the wrath of their customers, employees, business partners and other stakeholders. Fortunately, they can take steps to bolster security before it’s too late.

Discover more and download the Data Security Confidence Report.

Also posted on the Gemalto Enterprise Security blog here.

eWEEK – Enterprises Overconfident About Perimeter Security, Gemalto Finds

logo_eweekThe 2017 Data Security Confidence Index Report reveals gaps between organizations’ perceptions of what keeps them secure and what actually works.

“One of the things that continues to show up every year, and I would have expected it to change, is the investment and perception of perimeter security versus the reality of its effectiveness,” Jason Hart, vice president and chief technology officer for data protection at Gemalto, told eWEEK. “As security professionals, I find it interesting we can know something doesn’t work but are willing to do it for the perceived security value.”

Hart added that sometimes a perceived sense of security is the motivation for unwarranted investments in perimeter security. He noted that Gemalto’s report found that only 8 percent of organizations encrypt data, which actually is a more effective security mechanism because it reduces the value of data if it’s stolen.

To read the full article click here.

SC Media – Research: businesses over confident about ability to fend off hackers

scmediaCombining the prioritisation of perimeter security and lack of knowledge in data security, according to Gemalto, is brewing an environment where businesses will soon lack the ability to fend off complex cyber-attacks.

“It is clear that there is a divide between organisations’ perceptions of the effectiveness of perimeter security and the reality,” said Jason Hart, vice president and chief technology officer for Data Protection at Gemalto.

“By believing that their data is already secure, businesses are failing to prioritise the measures necessary to protect their data. Businesses need to be aware that hackers are after a company’s most valuable asset – data. It’s important to focus on protecting this resource, otherwise, reality will inevitably bite those that fail to do so.”

To read the full article click here.

freshbusinessthinking.com – Businesses overly confident about keeping hackers at bay

fbt-new-logoDespite the increasing number of data breaches and nearly 1.4 billion data records being lost or stolen in 2016,  the vast majority of IT professionals still believe perimeter security is effective at keeping unauthorised users out of their networks.

“It is clear that there is a divide between organisations’ perceptions of the effectiveness of perimeter security and the reality,” said Jason Hart, Vice President and Chief Technology Officer for Data Protection at Gemalto. “By believing that their data is already secure, businesses are failing to prioritise the measures necessary to protect their data. Businesses need to be aware that hackers are after a company’s most valuable asset – data. It’s important to focus on protecting this resource, otherwise reality will inevitably bite those that fail to do so.”

Hart continues, “Investing in cybersecurity has clearly become more of a focus for businesses in the last 12 months. However, what is of concern is that so few are adequately securing the most vulnerable and crucial data they hold, or even understand where it is stored. This is standing in the way of GDPR compliance, and before long the businesses that don’t improve their cybersecurity will face severe legal, financial and reputational consequences.”

To read the full article click here.

LandMobile – Gemalto Research: Businesses Confident About Keeping Hackers Out, Less So On Data Security

landmobileCompanies are underinvesting in the technology needed to protect themselves from cyber security threats, according to Gemalto’s fourth annual Data Security Confidence Index, released today (11 July).

“It is clear that there is a divide between organizations’ perceptions of the effectiveness of perimeter security and the reality,” said Jason Hart, vice president and chief technology officer for data protection at Gemalto. “By believing that their data is already secure, businesses are failing to prioritize the measures necessary to protect their data. Businesses need to be aware that hackers are after a company’s most valuable asset – data. It’s important to focus on protecting this resource, otherwise reality will inevitably bite those that fail to do so.”

….

Hart continues, “Investing in cybersecurity has clearly become more of a focus for businesses in the last 12 months. However, what is of concern is that so few are adequately securing the most vulnerable and crucial data they hold, or even understand where it is stored. This is standing in the way of GDPR compliance, and before long the businesses that don’t improve their cybersecurity will face severe legal, financial and reputational consequences.”

To read the full article click here.

ITPro Portal – Perimeter security ineffective and a waste of money, research shows

itproportalGemalto says businesses are investing heavily in extra security solutions, but still feel they could be breached.

“It is clear that there is a divide between organisations’ perceptions of the effectiveness of perimeter security and the reality,” said Jason Hart, vice president and chief technology officer for data protection at Gemalto.

“By believing that their data is already secure, businesses are failing to prioritise the measures necessary to protect their data. Businesses need to be aware that hackers are after a company’s most valuable asset – data. It’s important to focus on protecting this resource, otherwise reality will inevitably bite those that fail to do so.”

To read the full article click here.

Help Net Security – Businesses overconfident about keeping attackers at bay

helpnetDespite the increasing number of data breaches and nearly 1.4 billion data records being lost or stolen in 2016, the vast majority of IT professionals still believe perimeter security is effective at keeping unauthorized users out of their networks. However, companies are under investing in technology that adequately protects their business, according to Gemalto.

“It is clear that there is a divide between organizations’ perceptions of the effectiveness of perimeter security and the reality,” said Jason Hart, VP and CTO for Data Protection at Gemalto. “By believing that their data is already secure, businesses are failing to prioritize the measures necessary to protect their data. Businesses need to be aware that hackers are after a company’s most valuable asset – data. It’s important to focus on protecting this resource, otherwise reality will inevitably bite those that fail to do so.”

Hart continues, “Investing in cybersecurity has clearly become more of a focus for businesses in the last 12 months. However, what is of concern is that so few are adequately securing the most vulnerable and crucial data they hold, or even understand where it is stored. This is standing in the way of GDPR compliance, and before long the businesses that don’t improve their cybersecurity will face severe legal, financial and reputational consequences.”

To read the full article click here.

IT Security Guru – “Mind the (breach) gap”: Gemalto research reveals businesses overly confident about keeping hackers at bay, but less so about keeping data safe

itsecurityguru2Despite the increasing number of data breaches and nearly 1.4 billion data records being lost or stolen in 2016 (source: Breach Level Index), the vast majority of IT professionals still believe perimeter security is effective at keeping unauthorised users out of their networks. However, companies are under investing in technology that adequately protects their business, according to the findings of the fourth-annual Data Security Confidence Index released today by Gemalto (Euronext NL0000400653 GTO), the world leader in digital security.

“It is clear that there is a divide between organisations’ perceptions of the effectiveness of perimeter security and the reality,” said Jason Hart, Vice President and Chief Technology Officer for Data Protection at Gemalto. “By believing that their data is already secure, businesses are failing to prioritise the measures necessary to protect their data. Businesses need to be aware that hackers are after a company’s most valuable asset – data. It’s important to focus on protecting this resource, otherwise reality will inevitably bite those that fail to do so.”

Hart continues, “Investing in cybersecurity has clearly become more of a focus for businesses in the last 12 months. However, what is of concern is that so few are adequately securing the most vulnerable and crucial data they hold, or even understand where it is stored. This is standing in the way of GDPR compliance, and before long the businesses that don’t improve their cybersecurity will face severe legal, financial and reputational consequences.”

To read the full article click here.

Channel EYE – IT professionals have outdated view about security

channeleyeDespite the increasing number of data breaches and nearly 1.4 billion data records being lost or stolen in 2016 the vast majority of IT professionals still believe perimeter security is effective at keeping unauthorised users out of their networks. However, companies are under investing in technology that adequately protects their business.

Gemalto’s, Vice President and Chief Technology Officer for Data Protection Jason Hart said that it is clear that there is a divide between organizations’ perceptions of the effectiveness of perimeter security and the reality.

“By believing that their data is already secure, businesses are failing to prioritize the measures necessary to protect their data. Businesses need to be aware that hackers are after a company’s most valuable asset – data. It’s important to focus on protecting this resource, otherwise reality will inevitably bite those that fail to do so.”

…Hart said, “Investing in cybersecurity has clearly become more of a focus for businesses in the last 12 months. However, what is of concern is that so few are adequately securing the most vulnerable and crucial data they hold, or even understand where it is stored. This is standing in the way of GDPR compliance, and before long the businesses that don’t improve their cybersecurity will face severe legal, financial and reputational consequences.”

To read the full article click here.