SC Media – UK ‘near the bottom of league tables’ on IoT security

scmediaNew report reveals UK is particularly exposed to IoT security failings, in spite of industry guidelines introduced by government last year.

A massive six in ten UK organisations can’t tell If their IoT devices have been breached by hackers or not, according to a new study by Gemalto.

Flipping the figures around, while 42 percent of UK organisations can detect IoT device breaches, this is the second lowest in Europe after France, at 36 percent. This might be connected to the fact that UK spending on IoT protection is lower than the global average (11 percent of IoT budgets).

Jason Hart, CTO of data protection at Gemalto, told SC Media UK: “The simple fact is that lack of investment in properly securing IoT devices means that the UK not only continues to struggle on IoT security, but that it’s left itself wide open to attack from cyber criminals.”

He added: “British organisations must start looking at how they protect themselves, focussing on spending in the right areas in order to protect what matters with the increasing amounts of sensitive data IoT devices now produce. This means investing in applying the correct security controls such as encryption, key management and user and device authentication which enables that correct level of security to protect the data whether it’s in transit or at rest and accessing both the data and the device at all times.”

To read the full article click here.

SC Magazine – 2019 cyber-security predictions – Pandora’s box of ills – but Hope remains

scmediaMore extensive that ever: AI-driven chat-bots to Zero-day mining as a service, Fuzzing; 5G, successes & failures of GDPR, loss of faith in the public internet, the IOT, breaches, Sim-jacking, skills shortage, ROI, death of privacy, failure to evolve and a host of novel new threats and solutions.

AI will be used by hackers for most sophisticated cyber-attack ever: “Next year will see the first AI-orchestrated attack take down a FTSE100 company. Creating a new breed of AI powered malware, hackers will infect an organisations system using the malware and sit undetected gathering information about users’ behaviours, and organisations systems. Adapting to its surroundings, the malware will unleash a series of bespoke attacks targeted to take down a company from the inside out. The sophistication of this attack will be like none seen before, and organisations must prepare themselves by embracing the technology itself as a method of hitting back and fight fire with fire.”  – Jason Hart, CTO, Data Protection at Gemalto.

To read the full article click here.

SC Magazine UK – Greenwich University Breach costs university £120,000

scmediaGreenwich University has been fined £120,000 after a security breach at the university resulted in the leak of 19,500 students’ data to the internet, according to Signavio.

Greenwich University has been fined £120,000 after a security breach at the university resulted in the leak of 19,500 students’ data to the internet, according to Signavio. This data included names, addresses, date of birth, phone numbers, signatures and in some cases, physical and mental health problems.

Jason Hart, CTO of Data Protection, Gemalto concludes: “This should be a reminder for organisations around the world to dig deep when it comes to protecting their data. If businesses don’t know where it is or whether it’s properly secured then they are leaving themselves and their customers vulnerable. While many are taking steps to improve their data security, the fact that some breaches can lay undiscovered for three years leaves little doubt that there is still work to do before there is widespread GDPR compliance. In order to adequately protect their data, businesses must regularly audit and ensure security controls, such as encryption and key management are implemented, whether the data is being stored or used in a transaction”.

To read the full article click here.

SC Magazine – Covert warfare: How likely are attacks on the UK’s critical infrastructure?

scmediaAttacks on critical national infrastructure are growing in number and sophistication. So how big is the UK’s risk?

However, at the same time, Jason Hart, CTO of data protection at Gemalto points out that power stations and other industrial SCADA systems connected to the internet have a manual override switch. He says, therefore, that they are more at risk of another form of attack, on the integrity of the system.He explains: “A breach is about confidentiality, integrity and availability. If the availability of the system is targeted, it can manually override this so the underlying critical system will have the ability to shut down if needed.”

Therefore, he says: “What we need to worry about is the integrity of the data: What if attackers get in and alter the data that the SCADA system uses to make decisions?”
Hart suggests attackers could gain access through a SQL injection, or weak passwords. In the NHS, he points out, it would be “a massive problem” if patient data is altered or changed.
To read the full article click here.

SC Media – Multiple vulnerabilities found in connected IoT home security device

scmediaPopular IoT home security device could allow hackers to turn burglar alarms on and off and switch on siren, says researcher who dissected it.

Security researchers have discovered a number of vulnerabilities in an internet-enabled burglar alarm that could see the device being remotely switched off by an attacker.

Jason Hart, CTO of data protection at Gemalto, told SC Media UK that consumers are increasingly embracing connected devices, but the lack of security controls within them is giving hackers the ability to compromise data, take control of devices, or use them to access networks to conduct cyber-attacks.
“Any device that can connect to the internet is susceptible, and the data that’s often collected can be very sensitive, so securing them is crucial for the growth of the IoT,” he said.

To read the full article click here.

SC Media – Research: businesses over confident about ability to fend off hackers

scmediaCombining the prioritisation of perimeter security and lack of knowledge in data security, according to Gemalto, is brewing an environment where businesses will soon lack the ability to fend off complex cyber-attacks.

“It is clear that there is a divide between organisations’ perceptions of the effectiveness of perimeter security and the reality,” said Jason Hart, vice president and chief technology officer for Data Protection at Gemalto.

“By believing that their data is already secure, businesses are failing to prioritise the measures necessary to protect their data. Businesses need to be aware that hackers are after a company’s most valuable asset – data. It’s important to focus on protecting this resource, otherwise, reality will inevitably bite those that fail to do so.”

To read the full article click here.

SC Media – Struggle is real: UK businesses unprepared for cyber-attack response

scmediaBusinesses in the UK are struggling to face the looming threat of cyber-attacks, with nearly a third of C-level executives admitting they don’t have a response plan – or don’t even know whether or not they have one.

“Security training within businesses today is essentially not working. There needs to be different types of training for different types of individuals within the organisation. More importantly, the training needs to highlight the potential impact of security breaches to specific individuals,” Hart said.

“Security ultimately needs to be transparent to the individual user. We are a long way from that point today. But there are hopeful signs. The onward march of AI and behavioural analytics is helping drive the process and the move to cloud and microservices will help to accelerate it. Looking to the future, however, if this is to be sustained, we need to see more collaboration between technology vendors and cloud providers and vendors need to make security simpler and easier for users,” Hart said.

To read the full article click here.

SC Media – Yahoo issues new breach warning; Verizon shaves $300M off its Yahoo offer

scmediaVerizon was in talks to purchase Yahoo’s internet business when news broke that the web company had been hit with two massive data breaches and this has had an impact on the asking price with the initial offer of $4.8 billion has been reduced by about $250 million, according to a report Wednesday on Bloomberg. Other reports cite the revised figure as shaving as much as $350 million off.

While it is news that Yahoo is making another announcement about a breach, it shouldn’t be surprising, Jason Hart, CTO of data protection at Gemalto, told SC Media on Wednesday. Opt-in security is not an option in this day and age, he said. “The company recommended that users consider adopting its Yahoo Account Key, an authentication tool that eliminates the need for a password. However, tools like this only work if the user remembers to activate them.”

Given the current security climate, Hart said all companies should have multifactor authentication activated by default for all online accounts. “Now, it only remains to see how much more of a discount Verizon may ask for.”

To read the full article click here.

SC Media – Only 31% of UK consumers say protecting data is their responsibility

scmediaThe majority of UK consumers (69 percent) believe that the responsibility for protecting their personal data lies in the hands of the businesses holding that information, while the remaining 31 percent believe they are responsible for protecting their own information.

“In 2016, we saw a number of high profile data breaches, notably TalkTalk and Yahoo, affect UK consumers, helping raise public awareness around the very real threats to personal data. Despite this, it appears that UK consumers are less concerned about becoming a victim of a breach than their counterparts worldwide, with more than half being confident when banking online or via mobile. What is clear, is that UK consumers believe the responsibility for protecting personal data lies with the business and not the individual, leading to a feeling that it is not their own fault should a data breach occur,” said Jason Hart, CTO of data protection at Gemalto.

To read the full article click here.

SC Media – Cyber-security industry 2017 predictions: reaching the tipping point

scmedia

 

 

 

 

SC’s Roi Perez sifts through a mountain of predictions for cyber-security in 2017 to pick out recurrent trends, specific predictions and warnings as to where we need to prioritise our defences in the year ahead…

…Looking at 2017, many in the security industry are predicting not only more of the same, but new and improved techniques which will take cyber-attacks to the next level. One of the most notable is from Jason Hart, CTO Data Protection, Gemalto, who is predicting that data integrity breaches are set to send shockwaves throughout the world in 2017, with at least one ‘almighty’ breach disclosure of this type expected next year.

Data integrity is a promise or assurance that information can be accessed or modified only by authorised users. Data integrity attacks compromise that promise, with the aim of gaining unauthorised access to modify data for various ulterior motives, such as financial or reputational damage.

Hart said: “Data integrity attacks are, of course, nothing new, yet they remain under the radar of businesses who have an ever increasing reliance on data and make huge business decisions based on its analysis. These types of attacks are what I like to call the ultimate weaponisation of data.”

To read the full article click here.