HelpNet Security – Companies still struggle to detect IoT device breaches

helpnethelpOnly 48% of businesses can detect if any of their IoT devices suffers a breach, according to Gemalto.

This comes despite companies having an increased focus on IoT security:

  • Spending on protection has grown (from 11% of IoT budget in 2017 to 13% now)
  • Nearly all (90%) believing it is a big consideration for customers
  • Almost three times as many now see IoT security as an ethical responsibility (14%), compared to a year ago (4%)

With the number of connected devices set to top 20 billion by 2023, businesses must act quickly to ensure their IoT breach detection is as effective as possible.

“Given the increase in the number of IoT-enabled devices, it’s extremely worrying to see that businesses still can’t detect if they have been breached,” said Jason Hart, CTO, Data Protection at Gemalto. “With no consistent regulation guiding the industry, it’s no surprise the threats – and, in turn, vulnerability of businesses – are increasing. This will only continue unless governments step in now to help industry avoid losing control.”

To read the full article click here.

HelpNet Security – Consumers believe social media sites pose greatest risk to data

helpnetA majority of consumers are willing to walk away from businesses entirely if they suffer a data breach, with retailers most at risk, according to Gemalto. Two-thirds (66%) are unlikely to shop or do business with an organisation that experiences a breach where their financial and sensitive information is stolen. Retailers (62%), banks (59%), and social media sites (58%) are the most at risk of suffering consequences with consumers prepared to use their feet.

“Businesses have no choice but to improve their security if they want to address frustrated consumers that don’t believe the onus is on them to change their security habits,” says Jason Hart, CTO, Data Protection at Gemalto. “Social media sites in particular have a battle on their hands to restore faith in their security and show consumers they’re listening – failing to do so will spell disaster for the most flagrant offenders, as consumers take their business elsewhere.”

To read the full article click here.

HelpNet Security – Businesses collect more data than they can handle, only half know where sensitive data is stored

helpnetWith pressure to ensure consumer data is protected mounting, Gemalto today released the results of a global study which reveals that 65% are unable to analyze all the data they collect and only 54% of companies know where all of their sensitive data is stored.

Compounding this uncertainty, more than two thirds of organizations (68%) admit they don’t carry out all the procedures in line with data protection laws such as GDPR.

“If businesses can’t analyze all of the data they collect, they can’t understand the value of it – and that means they won’t know how to apply the appropriate security controls to that data,” says Jason Hart, VP and CTO for Data Protection at Gemalto. “Whether it’s selling it on the dark web, manipulating it for financial gain or to damage reputations, unsecured data is a goldmine for hackers. What’s more, data manipulation can take years to discover, and with data informing everything from business strategy to sales and product development, its value and integrity cannot be underestimated.”

To read the full article click here.

Help Net Security – 2.6 billion records were stolen, lost or exposed worldwide in 2017

helpnetGemalto released the latest findings of the Breach Level Index, revealing that 2.6 billion records were stolen, lost or exposed worldwide in 2017, an 88% increase from 2016. While data breach incidents decreased by 11%, 2017 was the first year publicly disclosed breaches surpassed more than two billion compromised data records since the Breach Level Index began tracking data breaches in 2013.

“The manipulation of data or data integrity attacks pose an arguably more unknown threat for organizations to combat than simple data theft, as it can allow hackers to alter anything from sales numbers to intellectual property. By nature, data integrity breaches are often difficult to identify and in many cases, where this type of attack has occurred, we have yet to see the real impact,” said Jason Hart, Vice President and CTO for Data Protection at Gemalto.

To read the full article click here.

Help Net Security – As the cloud’s popularity grows, so does the risk to sensitive data

helpnetWhile the vast majority of global companies (95%) have adopted cloud services, there is a wide gap in the level of security precautions applied by companies in different markets. Organizations admitted that on average, only two-fifths (40%) of the data stored in the cloud is secured with encryption and key management solutions.

“While it’s good to see some countries like Germany taking the issue of cloud security seriously, there is a worrying attitude emerging elsewhere,” said Jason Hart, CTO, Data Protection at Gemalto. “This may be down to nearly half believing the cloud makes it more difficult to protect data, when the opposite is true.

“The benefit of the cloud is its convenience, scalability and cost control in offering options to businesses that they would not be able to access or afford on their own, particularly when it comes to security. However, while securing data is easier, there should never be an assumption that cloud adoption means information is automatically secure. Just look at the recent Accenture and Uber breaches as examples of data in the cloud that has been left exposed. No matter where data is, the appropriate controls like encryption and tokenization need to be placed at the source of the data. Once these are in place, any issues of compliance should be resolved.”

To read the full article click here.

Help Net Security – Data breaches hurt loyalty

helpnetA majority (70%) of consumers would stop doing business with a company if it experienced a data breach, according to a survey of more than 10,000 consumers worldwide conducted by Vanson Bourne. In addition, seven in ten consumers (69%) feel businesses don’t take the security of customer data very seriously.

“Consumers are evidently happy to relinquish the responsibility of protecting their data to a business, but are expecting it to be kept secure without any effort on their part,” says Jason Hart, CTO, Identity and Data Protection at Gemalto. “In the face of upcoming data regulations such as GDPR, it’s now up to businesses to ensure they are forcing security protocols on their customers to keep data secure. It’s no longer enough to offer these solutions as an option. These protocols must be mandatory from the start – otherwise businesses will face not only financial consequences, but also potentially legal action from consumers.”

To read the full article click here.

HelpNet Security – Infosec expert viewpoint: IoT security initiatives

helpnetIoT went quickly from buzzword to mainstream, and connected devices have become common in households and enterprises around the globe. A worrying lack of regulation has fueled a plethora of security problems causing headaches to security teams and endangering end users.

“A new IoT botnet, called Reaper, surfaced recently, infecting thousands of webcams, security cameras and DVRs, and providing a fresh reminder of the persisting security issues with the IoT. In response, we need to implement the lessons learned a year ago from the Mirai attack. One of the shocking revelations at that time was that so many devices had hardcoded, unchangeable passwords. Many others were protected only by unchanged default passwords.

IoT manufacturers, cloud providers and third-party vendors need not only to better protect these devices with dynamic passwords and to patch known vulnerabilities, but also to encrypt communication between the devices and to create an infrastructure of trusted identities that can be authenticated virtually. A recent Gemalto survey found that just 62 percent of organizations currently encrypt data as soon as it reaches their IoT devices. Two thirds of organizations admitted they don’t have complete control over the data that IoT products or services collect as it moves from partner to partner.

The same survey found that 96 percent of business organizations and 90 percent of consumers are looking for government-enforced IoT security regulation. Currently, without any such law, companies are managing it on their own and falling short. Security in IoT is not a patch or quick fix. There are too many devices and users, and the cost associated with a traditional security patching approach would be too great.

Hopefully the “distributed consensus” capabilities of blockchain will soon come into play and give us an even better way to secure IoT communications. Multiple organizations are working on ways to use blockchain to improve how we do authentication and non-repudiation for the IoT.”

To read the full article click here.

Help Net Security – Most organizations and consumers believe there is a need for IoT security regulation

helpnet90% of consumers lack confidence in the security of Internet of Things (IoT) devices. This comes as more than two-thirds of consumers and almost 80% of organizations support governments getting involved in setting IoT security, according to Gemalto.

“It’s clear that both consumers and businesses have serious concerns around IoT security and little confidence that IoT service providers and device manufacturers will be able to protect IoT devices and more importantly the integrity of the data created, stored and transmitted by these devices,” said Jason Hart, CTO, Data Protection at Gemalto. “With legislation like GDPR showing that governments are beginning to recognize the threats and long-lasting damage cyber-attacks can have on everyday lives, they now need to step up when it comes to IoT security. Until there is confidence in IoT amongst businesses and consumers, it won’t see mainstream adoption.”

To read the full article click here.

Help Net Security – Number of lost, stolen or compromised records increased by 164%

helpnetAccording to Gemalto’s Breach Level Index, 918 data breaches led to 1.9 billion data records being compromised worldwide in the first half of 2017.

Compared to the last six months of 2016, the number of lost, stolen or compromised records increased by 164%. A large portion came from the 22 largest data breaches, each involving more than one million compromised records. Of the 918 data breaches more than 500 (59% of all breaches) had an unknown or unaccounted number of compromised data records.

“IT consultant CGI and Oxford Economics recently issued a study, using data from the Breach Level Index and found that two-thirds of firms breached had their share price negatively impacted. Out of the 65 companies evaluated the breach cost shareholders over $52.40 billion,” said Jason Hart, Vice President and CTO for Data Protection at Gemalto. “We can expect that number to grow significantly, especially as government regulations in the U.S., Europe and elsewhere enact laws to protect the privacy and data of their constituents by associating a monetary value to improperly securing data. Security is no longer a reactive measure but an expectation from companies and consumers.”

To read the full article click here.

Help Net Security – Businesses overconfident about keeping attackers at bay

helpnetDespite the increasing number of data breaches and nearly 1.4 billion data records being lost or stolen in 2016, the vast majority of IT professionals still believe perimeter security is effective at keeping unauthorized users out of their networks. However, companies are under investing in technology that adequately protects their business, according to Gemalto.

“It is clear that there is a divide between organizations’ perceptions of the effectiveness of perimeter security and the reality,” said Jason Hart, VP and CTO for Data Protection at Gemalto. “By believing that their data is already secure, businesses are failing to prioritize the measures necessary to protect their data. Businesses need to be aware that hackers are after a company’s most valuable asset – data. It’s important to focus on protecting this resource, otherwise reality will inevitably bite those that fail to do so.”

Hart continues, “Investing in cybersecurity has clearly become more of a focus for businesses in the last 12 months. However, what is of concern is that so few are adequately securing the most vulnerable and crucial data they hold, or even understand where it is stored. This is standing in the way of GDPR compliance, and before long the businesses that don’t improve their cybersecurity will face severe legal, financial and reputational consequences.”

To read the full article click here.