GDPR Report – Almost half of companies still can’t detect IoT device breaches

gdprreport-logogResearch released today, reveals that only around half (48%) of businesses can detect if any of their IoT devices suffers a breach, despite companies having an increased focus on IoT security.

The research by Gemalto found that spending on protection has grown (from 11% of IoT budget in 2017 to 13% now) and nearly all (90%) believing it is a big consideration for customers.

Jason Hart, CTO, Data Protection at Gemalto said“Given the increase in the number of IoT-enabled devices, it’s extremely worrying to see that businesses still can’t detect if they have been breached,”

“With no consistent regulation guiding the industry, it’s no surprise the threats – and, in turn, vulnerability of businesses – are increasing. This will only continue unless governments step in now to help industry avoid losing control.” He added.

To read the full article click here.

GDPR: Report – Reddit hack: data held in 2007 exposed

gdprreport-logogReddit, the website supporting discussion and content ratings, has confirmed it was subject to a data breach, affecting all data held in 2007 and before and email digests sent in June of this year.

“Although it was a serious attack,” said Reddit in a statement, “the attacker did not gain write access to Reddit systems; they gained read-only access to some systems that contained backup data, source code and other logs.”

Jason Hart, CTO, Data Protection at Gemalto said: “Network intrusions like this are inevitable. The Reddit issue reinforces again that being breached is not a question of ‘if’ but ‘when’ and a multi-layered approach to security is needed. Even with multi-factor authentication deployed, the Reddit breach still occurred. Given today’s security climate, all online companies should use the forms of multi-factor authentication that are appropriate for the data assets being accessed as well as using encryption and key management to secure sensitive data.”

To read the full article click here.

GDPR Report – More than 2.5 billion records stolen or compromised in 2017

gdprreport-logogNew findings of the Breach Level Index were released today by Gemalto, revealing that 2.6 billion records were stolen, lost or exposed worldwide in 2017, an 88% increase from 2016. While data breach incidents decreased by 11%, 2017 was the first year publicly disclosed breaches surpassed more than two billion compromised data records since the Breach Level Index began tracking data breaches in 2013.

“The manipulation of data or data integrity attacks pose an arguably more unknown threat for organisations to combat than simple data theft, as it can allow hackers to alter anything from sales numbers to intellectual property. By nature, data integrity breaches are often difficult to identify and in many cases, where this type of attack has occurred, we have yet to see the real impact,” said Jason Hart, Vice President and Chief Technology Officer for Data Protection at Gemalto. In the event that the confidentiality, or privacy, of the data is breached, an organisation must have controls, such as encryption, key management and user access management, in place to ensure that integrity of the data isn’t tampered with and it can still be trusted. Regardless of any concerns around manipulation, these controls would protect the data in situ and render it useless the moment it’s stolen.”

To read the full article click here.

GDPR Report – GDPR Summit London: Should you be worried about a data breach?

gdprreport-logogReports of business data breaches have unfortunately become commonplace. This week, the corporate finance giant Deloitte has suffered a cyber-attack that compromised confidential data, including the private emails of some of its clients.

More than ever, businesses need to ensure their data is protected from outside threats. Jason Hart, CTO of Data Protection at Gemalto said about the news of the Deloitte breach:

“Today’s announcement that Deloitte was hacked is not a surprise. Breaches will – and ARE continuing to happen—to expect otherwise would be unrealistic. As an industry, we need to truly know our surroundings, meaning knowing exactly where data resides, who has access to it, how it is transferred, when it is encrypted/decrypted – really the entire supply change of digital users and the data. Of the 1.9 billion data records compromised worldwide in the first half of 2017, less than 1% used encryption to render the information useless.

“We need a data-centric view of threats means using better identity and access control techniques, multi-factor authentication and encryption and key management to secure sensitive data. This is, even more, pressing with new and updated government mandates like the 2015 Digital Privacy Act in Canada, the GDPR in Europe, as well as U.S state-based and APAC country-based breach disclosure laws.”

To read the full article click here.