Huffington Post – Data Breaches And The Erosion Of Trust

The recent Uber data breach is another clear sign that companies are losing the battle to protect their customers’ data, and what is at stake is one of the most fundamental aspects of the relationship between consumers and companies: trust. The risks are only going to get bigger because our personal and professional lives depend more on digital services that create more data which companies have proven they cannot protect.

Today, every aspect of our personal and work lives today involves a digital or online interaction that results in the creation, sharing and storage of our personal or financial information. In everything we do we leave behind digital footprints about who were are, where we are, what we like or what we dislike. The simple reality is, we cannot work, live or enjoy leisure without giving up data about ourselves. This is the price we pay for all of the benefits of the connected, always-on digital economy.

If this digital economy is going to work, consumers need to be able to trust the companies they give their data to. Not even a generation ago, trust was a handshake and looking the person in the eye when you opened a new bank account, bought a new car, or obtained a home mortgage. Today, transactions happen in the online ethersphere between two entities that will never see each other. This means trust will matter even more as physical interactions disappear from transactional relationships.

But trust is under increasing assault. This year alone there have been nearly 1,000 data breaches reported worldwide that exposed nearly two billion personal or financial data records. This is 160 per cent more than during the same period last year, and it’s likely only to get worse. Sadly, according to a recent global study by Gemalto, only one quarter of consumers feels companies take the security of their data seriously.

Even as companies spend more and more on cybersecurity, data breaches continue to grow in frequency and size. No company has been immune to data breaches, even major corporations that spend tens of millions of dollars on data security every year. Just look at this year’s list of the breached companies and you will see a who’s who of the corporate world – Deloitte, Equifax, Verizon, Whole Foods and most recently, Uber. No industry has been spared and no one has been able to stop the rising tide of data breaches.

If one thing must change, it is the corporate mindset on data security. For decades, the prevailing wisdom about cybersecurity has been that a perimeter “wall” should be built around the data and network to keep out intruders. This strategy of breach prevention has been the foundation of corporate data security for decades. The current breach epidemic shows us this approach is not working very well.

While there is much that can be done by companies to improve corporate data security practices, here are four guiding principles that can help reduce the erosion of trust:

Out With the Old, In With the New: Today’s security strategies are dominated by a singular focus on breach prevention technologies. But, if history has taught us anything, it is that walls are eventually breached and made obsolete. Think Maginot Line or the Great Wall of China. Companies should assume that prevention and threat detection tools can only go so far and be used as part of a layered approach to security that can defend data once criminals get into the network. In this new digital world, the new perimeter is the data itself. That is why security needs to be attached to the data itself using encryption, as well as the users who access the data through stronger access controls.

Make Data Security a Mission Statement: If companies want to earn and retain customer trust, they must view the protection of sensitive customer data not just as a compliance mandate, but as a responsibility essential to their success. Meeting the minimum legal requirements is no longer enough. If a breach hits, and a company has encrypted customer financial data but not the 10 million records containing personal information such as dates of birth, addresses, medical records and social security numbers, it has broken the bond of customer trust in its brand. Being a better steward of customer data is not just good public relations, it makes good business sense, too.

Transparency Is the Road to Trust: Companies should put security front and centre and tell customers about the security measures that have been put in place to protect their data. If a company is doing something better than the rest of the industry, then it will be seen as a trusted innovator.

Security Is a Two-Way Street: Just as companies can tell what they are doing to protect customer data, they should also tell customers how they can best protect their personal identities and financial information. If a customer experiences identity theft or a data breach while doing business with a company, that brand suffers. A better-educated consumer is a safer consumer of services.

The data breach dilemma proves that the traditional approach to data security does not work anymore in the digital world. If companies don’t wake up to this new reality soon, they may soon find a potential consumer revolt on their hands and it won’t be pretty.

This article also appears on Huffington Post here.

IT Security Thing – Security industry responds to massive Uber data breach cover-up

it-security-thingThat Uber has become the latest big target to fall victim to data compromise is not overly surprising. How the company decided to deal with the breach, however, was jaw-droppingly bad. Is cover-up ever a good headline to be reading?

“Two things should have been done better here: faster disclosure and better use of encryption for the entire data lifecycle. Delay in disclosing erodes trust, and it belies the fact that breaches like this, that access your data via cloud services, are inevitable. The goal should not be to hide these breaches or even prevent them—it should be to make them secure breaches by taking a more intelligent, data-centric approach to security. This means knowing exactly where your valuable data resides, who has access to it, how it is transferred, and when and where it is encrypted and decrypted. Of the 1.9 billion data records compromised worldwide in the first half of 2017, less than 1 percent were encrypted. That’s all that had to be done here and it’s what other organizations need to do in the future to avoid this.”

To read the full  article click here.

Real Business – Uber paid hackers to hide a massive data breach

rb-logo2That more should have been done to prevent the situation is a view point numerous experts are taking. Jason Hart, CTO of data protection at Gemalto, for example, exclaimed Uber could have benefited from faster disclosure and better use of data encryption. He also portrays a note of concern.

So close to the implementation of GDPR, it’s worrying that such high-profile companies don’t seem geared for the reporting process. The Uber case should thus serve as an example of the importance of transparency and accountability for businesses.

To read the full article click here.

Computer Business Review – Uber data breach scandal: A shocked tech industry reacts to the cover-up

cbr-logoWe are all used to news of data breaches and the reputational apocalypse that follows, but this one stands out head and shoulders above the rest. Uber has been found trying to cover its tracks by paying hackers to delete 57 million sets of customer and driver data stolen in 2016.

The right way to be ready for a breach

Jason Hart, CTO, Data Protection at Gemalto, said: “The goal should not be to hide these breaches or even prevent them—it should be to make them secure breaches by taking a more intelligent, data-centric approach to security. This means knowing exactly where your valuable data resides, who has access to it, how it is transferred, and when and where it is encrypted and decrypted. Of the 1.9 billion data records compromised worldwide in the first half of 2017, less than 1 percent were encrypted. That’s all that had to be done here and it’s what other organizations need to do in the future to avoid this.”

To read the full article click here.

InfoSecurity Magazine – Uber Shock: Firm Hid Breach of 57 Million Users

infosecurityThe information security industry is in shock after Uber confessed to a massive data breach affecting 57 million customers and drivers around the globe, which it concealed last year by paying off the hackers.

Jason Hart, CTO of data protection at Gemalto, claimed two things should have been done better by Uber: “faster disclosure and better use of encryption for the entire data lifecycle”. “Delay in disclosing erodes trust, and it belies the fact that breaches like this, that access your data via cloud services, are inevitable,” he added.

To read the full article click here.

CIOL – Uber’s 2016 data breach affected 57M people; paid hackers to cover up

logo1Uber faced a massive data breach in 2016 which affected over 57 million customers including riders and drivers. A new report from Bloomberg has surfaced which reveals that the data breach exposed customer’s name, email address and phone numbers of 50 million customers. The breach also exposed the driver’s licenses and other information for roughly 7 million drivers for the company, including 600,000 in the US.

Jason Hart, VP, and CTO for data protection, Gemalto says, “The goal should not be to hide these breaches or even prevent them. It should be to make them secure by taking a more intelligent, data-centric approach to security, which means knowing where your valuable data resides.”

To read the full article click here.