Infosecurity Magazine – “Cloud Apps Make Us Targets” Say 49% of Companies

infosecurityAlmost half of businesses believe cloud apps make them a target for cyber-attacks, according to a survey of 1,050 IT decision makers who participated in Thales’ 2019 Access Management Index.

The report found that 49% of organizations admitted that cloud apps are likely one of the top three reasons their organization might be attacked. Cloud apps followed behind unprotected infrastructure such as IoT devices (54%) and web portals (50%), according to the study.

“While the UK has been slower to react to the rising number of data breaches by appointing a dedicated CISO, positively it’s ahead of the global average when it comes to using its expertise in the right places,” said Jason Hart, cybersecurity expert at Thales.

Businesses in the UK (19%) are slightly ahead of global organizations (14%) when it comes to empowering the CISO to make final decisions over cloud access management. “Giving CISOs the final decision on cloud access management is the most logical thing because they have the situational awareness to understand the risks facing the business and how to stop it. Many other countries worldwide are falling short of the mark here and leaving themselves exposed in the long run,” Hart said.

To read the full article click here.

Infosecurity Magazine – Businesses Are Collecting More Data Than They Need

infosecurityBusinesses have gotten into the habit of collecting lots of data, but the mounting data they’ve compiled surpasses its usefulness. Nearly half of all companies having no idea where their sensitive data is stored, according to a new survey from Gemalto.

The fifth annual Data Security Confidence Index surveyed 1,050 IT decision makers and 10,500 consumers worldwide, revealing that 46% of companies don’t know where all of their sensitive data is stored and a majority of companies are unable to analyze all the data they collect.

“If businesses can’t analyze all of the data they collect, they can’t understand the value of it – and that means they won’t know how to apply the appropriate security controls to that data,” says Jason Hart, vice president and CTO for data protection at Gemalto.

“Whether it’s selling it on the dark web, manipulating it for financial gain or to damage reputations, unsecured data is a goldmine for hackers. You only need to look at the recent hacks on the World Anti-Doping Agency and International Luge Federation to see the damage that can be done. What’s more, data manipulation can take years to discover, and with data informing everything from business strategy to sales and product development, its value and integrity cannot be underestimated.”

InfoSecurity Magazine – Consumers Overwhelmingly Blame Businesses for Breaches

infosecurityAccording to a Gemalto survey of more than 10,000 consumers worldwide, only a quarter (27%) feel businesses take customer data security very seriously, and 70% would take their business elsewhere after a breach.

“Consumers are evidently happy to relinquish the responsibility of protecting their data to a business, but are expecting it to be kept secure without any effort on their part,” said Jason Hart, CTO, Identity and Data Protection at Gemalto. “In the face of upcoming data regulations such as GDPR, it’s now up to businesses to ensure they are forcing security protocols on their customers to keep data secure. It’s no longer enough to offer these solutions as an option. These protocols must be mandatory from the start—otherwise businesses will face not only financial consequences, but also potentially legal action from consumers.”

To read the full article click here.

InfoSecurity Magazine – Uber Shock: Firm Hid Breach of 57 Million Users

infosecurityThe information security industry is in shock after Uber confessed to a massive data breach affecting 57 million customers and drivers around the globe, which it concealed last year by paying off the hackers.

Jason Hart, CTO of data protection at Gemalto, claimed two things should have been done better by Uber: “faster disclosure and better use of encryption for the entire data lifecycle”. “Delay in disclosing erodes trust, and it belies the fact that breaches like this, that access your data via cloud services, are inevitable,” he added.

To read the full article click here.

InfoSecurity – US Uni DDoS-ed by its Own IoT Devices

infosecurityA US university was recently hit by a DDoS attack made possible after its own IoT devices across campus were hijacked and turned against its network, in a manner reminiscent of the notorious Mirai campaign, Verizon has revealed.


Jason Hart, CTO of data protection at Gemalto, added that IoT devices can also act as portals to highly sensitive data.

“No matter how secure one device is, if there is another one that is connected to the same network that isn’t, hackers can manipulate and use this to access other devices within the network or as in this case, stop normal operation of other systems,” he argued.

“In order to prevent this from happening, organizations must ensure they are putting in the right protocols to protect the data at its source.”

To read the full article click here.