IT Pro – UK businesses failing basic security measures

itproBritain’s business are still ignoring basic security fundamentals, with almost half failing to implement foundational security protections. This is according to the annual Cyber Security Breaches Survey, conducted by the Department for Digital, Culture, Media and Sport to assess the security awareness and preparedness of businesses in the UK, which found that many UK companies are not following the basic security steps laid out as part of the government’s Cyber Essentials scheme.

“While it’s troubling to hear that almost half of UK businesses have experienced a cyber attack in the past year, the actual volume of these incidents is likely considerably higher,” said Gemalto’s CTO and former ethical hacker, Jason Hart. “In fact, we’ve seen from our Breach Level Index that almost as many data incidents are caused by accidental loss, as malicious outsiders.”

To read the full article click here.

 

IT Pro – UK data breaches decline despite sharp global rise

itproAmount of leaked data is down as organisations prepare for GDPR

Approximately 40% fewer data records were stolen or compromised in the UK in 2017 against the previous year, despite more than 2.6 billion records leaked worldwide, new findings show.

Ahead of GDPR legislation coming into force in May, the number of data breaches recorded in the UK declined from 108 in 2016 to 80 last year, according to Gemalto’s Data Breach Index 2017, released today.

Jason Hart, vice president and CTO for data protection at Gemalto, urged companies to adopt a privacy-by-design approach.

He added: “This will be especially important, considering in 2018 new government regulations like Europe’s General Data Protection Regulation (GDPR) and the Australian Privacy Act (APA) go into effect. These regulations require companies to adapt a new mindset towards security, protecting not only their sensitive data but the privacy of the customer data they store or manage.”

To read the full article click here.

ITPro – Tech firms welcome Cyber Security Export Strategy

itproBut experts caution against nation state hacking risks, and urge firms to get basics right

The UK government’s new Cyber Security Export Strategy has been welcomed by tech industry experts who believe it will help small businesses secure contracts with overseas buyers.

The plan, published by the Department for International Trade (DIT) yesterday, sets out to support the UK’s cyber security companies and small businesses as they look to grow, and make the UK a global leader in the fight against cybercrime.

Data protection CTO Jason Hart said he is happy to see the UK sharing its expertise, but stresses the need for businesses to get the ‘basics’ right to fully protect their valuable data.

“The UK has long been a cyber security leader, so it’s great to see some of this expertise being shared with other countries,” he said.

“With much of our world now connected by valuable data, hackers can easily access this data unless everyone gets the basics right when it comes to security.

“Businesses need to be protecting what matters by encrypting the data at its source and restrict access via identity controls. If the UK can help other nations follow these basic security principles then we’ll go some way to better protecting our valuable assets.”

To read the full article click here.

ITPro – UK businesses lulled into false sense of cybersecurity, report reveals

itproSurvey shows that 95% of companies trust their perimeter, despite mounting breaches.

“Investing in cybersecurity has clearly become more of a focus for businesses in the last 12 months,” said Jason Hart, vice president and chief technology officer for data protection at Gemalto.

“However, what is of concern is that so few are adequately securing the most vulnerable and crucial data they hold, or even understand where it is stored. This is standing in the way of GDPR compliance, and before long the businesses that don’t improve their cybersecurity will face severe legal, financial and reputational consequences.”

To read the full article click here.

ITPro – GDPR news: One year to go until GDPR applies in the UK

itproUK firms struggle with compliance, but experts warn of penalties for failure.

There is just a year to go for businesses to prepare for new data protection rules that hand EU citizens more power over their personal data and promise large fines for companies that transgress.

Jason Hart, CTO of data protection at digital security firm Gemalto, warned that time is running out for “businesses to get their house in order before GDPR comes into effect”.

He added: “Once that happens, we’ll start to see the true picture of data breaches within Europe and the impact that will have on the reputation of a multitude of businesses.

“Companies need to realise that being breached is an inevitability and customers will not put up with those that can’t protect their data. In order to be compliant, business must follow the six step process outlined in the legislation.”

 

To read the full article click here.

ITPro – Data Protection Day: why it’s time to speak up for privacy

itproWith the looming Investigatory Powers Act and threats from across the pond that the US may not consider privacy all that important to those who aren’t American, this year’s Data Protection Day is as timely as ever.

Also known as Data Privacy Day, the awareness-raising effort commemorates the signing of Convention 108 — the first international treaty dealing with data protection.

To celebrate, we heard from tech and security experts about what they’d like to see companies and indivduals do to improve data privacy in 2017.

You can’t keep customers’ data private if your company isn’t properly secured – take that responsibility seriously, said Jason Hart, CTO for data protection at Gemalto.

“Consumers expect that their data will only be accessed by internally authorised individuals, and be completely secure from external threats,” he said.

Because of that, companies should implement encryption as well as two-factor authentication, he advised. “By encrypting the data, and managing the encryption keys properly, the data is useless to the hacker, as well as any unauthorised personnel within the organisation,” Hart added. “This means that, even if a breach takes place, consumer data remains private.”

To read the full article click here.