Archive for March, 2017

Gemalto Wins 2017 Cybersecurity Excellence Award for Best Encryption Product with SafeNet KeySecure

Thursday, March 30th, 2017

Gemalto, the world leader in digital security, announces that they have been named a winner of the 2017 Cybersecurity Excellence Awards. Gemalto’s SafeNet KeySecure was voted “best encryption product” by over 300,000 members of the global information security community.

Gemalto’s SafeNet KeySecure provides an organisation’s security team with the ability to centrally manage and store encryption keys easily and securely. To demonstrate compliance with mandates or internal data protection policies, the solution offers IT administrators a single pane of glass to simplify the auditing processes. All key state changes are monitored through a centralised logging system, which immediately alerts a company’s security administrator to any key modifications or attempted breaches. This real-time information allows the security team to quickly address the situation and inform stakeholders saving valuable time.

SafeNet KeySecure provides flexibility across physical, virtualized and public cloud environments, so customers can choose the deployment model that works best for them. The solution also integrates with a broad ecosystem of cloud service providers in addition to interoperability partners using the OASIS KMIP standard. Depending on what the customer needs, Gemalto’s SafeNet KeySecure and encryption and key management products support multiple encryption use cases in one single platform helping IT administrators reduce operating expenses and workloads.

“The Cybersecurity Excellence Awards is an annual competition honouring individuals, products and companies that demonstrate excellence, innovation and leadership in information security,” said Holger Schulze, founder of the 300,000-member Information Security Community on LinkedIn. “Every year we receive hundreds of entries and only the very best-in-class cybersecurity products make the cut in our selection and voting process.”

“The vote of excellence from our peers in the information security community recognises our commitment to providing customers with easy-to-use, business-driven security solutions,” said Todd Moore, Senior Vice President of Encryption Products at Gemalto. “Organisations suffer hefty consequences if their data is lost, stolen or compromised. Integrating Gemalto’s SafeNet KeySecure for encryption and key management helps companies secure their data mitigating the risks associated with data breaches.”

Related Resources

Charting your Path to Enterprise Key Management
Own and Manage your Own Encryption Keys
SafeNet KeySecure Product Brief

Gemalto releases findings of 2016 Breach Level Index

Thursday, March 30th, 2017

Almost 1.4 billion data records compromised in 2016 as hackers targeted large-scale databases across industries

Gemalto, the world leader in digital security, today released the findings of the Breach Level Index revealing that 1,792 data breaches led to almost 1.4 billion data records being compromised worldwide during 2016, an increase of 86% compared to 2015. Identity theft was the leading type of data breach in 2016, accounting for 59% of all data breaches. In addition, 52% of the data breaches in 2016 did not disclose the number of compromised records at the time they were reported.

The Breach Level Index is a global database that tracks data breaches and measures their severity based on multiple dimensions, including the number of records compromised, the type of data, the source of the breach, how the data was used, and whether or not the data was encrypted. By assigning a severity score to each breach, the Breach Level Index provides a comparative list of breaches, distinguishing data breaches that are a not serious versus those that are truly impactful (scores run 1-10). According to the Breach Level Index, more than 7 billion data records have been exposed since 2013 when the index began benchmarking publicly disclosed data breaches. Breaking it down that is over 3 million records compromised every day or roughly 44 records every second.

Last year, the account access based attack on AdultFriend Finder exposing 400 million records scored a 10 in terms of severity on the Breach Level Index. Other notable breaches in 2016 included Fling (BLI: 9.8), Philippines’ Commission on Elections (COMELEC) (BLI: 9.8), 17 Media (BLI: 9.7) and Dailymotion (BLI: 9.5). In fact, the top 10 breaches in terms of severity accounted for over half of all compromised records. In 2016, Yahoo! reported two major data breaches involving 1.5 billion user accounts, but are not accounted for in the BLI’s 2016 numbers since they occurred in 2013 and 2014.

“The Breach Level Index highlights four major cybercriminal trends over the past year. Hackers are casting a wider net and are using easily-attainable account and identity information as a starting point for high-value targets. Clearly, fraudsters are also shifting from attacks targeted at financial organisations to infiltrating large databases such as entertainment and social media sites. Lastly, fraudsters have been using encryption to make breached data unreadable, then hold it for ransom and decrypting once they are paid”, said Jason Hart, Vice President and Chief Technology Officer for Data Protection at Gemalto.

Data Breaches by Type

In 2016, identity theft was the leading type of data breach, accounting for 59% of all data breaches, up by 5% from 2015. The second most prevalent type of breach in 2016 is account access based breaches. While the incidence of this type of data breach decreased by 3%, it made up 54 % of all breached records, which is an increase of 336% from the previous year. This highlights the cybercriminal trend from financial information attacks to bigger databases with large volumes of personally identifiable information. Another notable data point is the nuisance category with an increase of 101% accounting for 18% of all breached records up 1474% since 2015.

Data Breaches by Source

Malicious outsiders were the leading source of data breaches, accounting for 68% of breaches, up from 13% in 2015. The number of records breached in malicious outsider attacks increased by 286% from 2015. Hacktivist data breaches also increased in 2016 by 31%, but only account for 3% of all breaches that occurred last year.

Data Breaches by Industry

Across industries, the technology sector had the largest increase in data breaches in 2016. Breaches rose 55%, but only accounted for 11% of all breaches last year. Almost 80% of the breaches in this sector were account access and identity theft related. They also represented 28% of compromised records in 2016, an increase of 278% from 2015.

The healthcare industry accounted for 28% of data breaches, rising 11% compared to 2015. However, the number of compromised data records in healthcare decreased by 75% since 2015. Education saw a 5% decrease in data breaches between 2015 and 2016 and a drop of 78% in compromised data records. Government accounted for 15% of all data breaches in 2016. However, the number of compromised data records increased 27% from 2015. Financial services companies accounted for 12% of all data breaches, a 23% decline compared to the previous year.

All industries listed in the ‘Other’ category represented 13% of data breaches and 36% of compromised data records. In this category, the overall number of data breaches decreased by 29%, while the number of compromised records jumped by 300% since 2015. Social media and entertainment industry related data breaches made up the majority.

Last year 4.2% of the total number of breach incidents involved data that had been encrypted in part or in full, compared to 4% in 2015. In some of these instances, the password was encrypted, but other information was left unencrypted. However, of the almost 1.4 billion records compromised, lost or stolen in 2016, only 6% were encrypted partially or in full (compared to 2% in 2015).

“Knowing exactly where their data resides and who has access to it will help enterprises outline security strategies based on data categories that make the most sense for their organisations. Encryption and authentication are no longer ‘best practices’ but necessities. This is especially true with new and updated government mandates like the upcoming General Data Protection Regulation (GDPR) in Europe, U.S state-based and APAC country-based breach disclosure laws. But it’s also about protecting your business’ data integrity, so the right decisions can be made based on accurate information, therefore protecting your reputation and your profits.”​

​Additional Resources:

  • For a full summary of data breach incidents by industry, source, type and geographic region, download the 2016
    Breach Le​​vel Index Re​port
  • Download the infographic here.
  • Visit the BLI website here.​
  • So you want an EMM Strategy?

    Wednesday, March 22nd, 2017

    Given the prevalence of mobile devices in the workplace, a lot of enterprises have embraced an EMM strategy. But if you are looking to get your feet wet in this domain you might get confused with the barrage of acronyms and options you have there. So let us help you navigate the waters:

    BYOD (Bring Your Own Device): Is basically when employees can use their personal devices for business tasks.

    COPE (Corporate Owned, Personally Enabled): The counterpart to BYOD, where the enterprise owns the devices and the employees configure the device to suit their needs.

    MDM (Mobile Device Management): This was the first solution to the ‘infiltration’ of mobile into the workspace. As the name suggests, with this solution employers would have the power to manage and control the entire device. Common examples would be to force a passcode for the device or to remotely wipe all the data from a lost device. While an MDM solution might work for a COPE scenario, it was highly unpopular with employees that embraced the BYOD use case. This was because employers now had the power to delete both work and personal data on a mobile device.

    Clearly a better solution was required to manage the growing number of mobile devices in the workplace. Enter EMM!

    EMM (Enterprise Mobility Management): This is a solution or suite, which includes MDM, but adds other capabilities to the mix. The essential components of EMM are:

    MDM: Which we just covered above.

    MAM (Mobile Application Management): Here the controls are provided at an application level. An example could be to force an app to use a particular VPN. MAM can be achieved by app wrapping, through enterprise stores or through containerization. Note that the containerization can happen at an app level or device level.

    MCM (Mobile Content Management): The controls here are provided at the content level. Using policies you can manage access to repositories as well as what you can do with data- for instance copy/paste restrictions. As part of MCM, you can also push data to devices. Containers can help you achieve this aspect as well.

    You can pick and choose from the above capabilities to suit your particular deployment. Device containers are getting increasingly popular where you can manage the entire ‘work profile’ while having no control over the employee’s ‘personal profile’, an example of which is enabled by Google’s Android Enterprise (previously referred to as Android For Work) solution.

    Do checkout the Workspace Product provided by Pulse to see how it can solve your mobility problems.

    View original article by Pulse Secure.

    Cyber Security Importance Doesn’t Always Translate in Business

    Wednesday, March 22nd, 2017

    We hear a lot about cyber security these days, both in the business world and in the public sector, where governments bemoan their less than total control of IT systems. We feel, collectively, that as new crowds of professional and amateur hackers and black hat individuals come out of the woodwork, business and government systems are becoming more vulnerable and fragile than ever before.

    However, this doesn’t always correlate with the actions of individuals or businesses. People tend to act more recklessly than they feel when it comes to cyber security importance and the vulnerability of online systems.

    In the Head Office

    Statistics on cyber security make CEOs, CTOs and others pay attention to the real risks of data breaches and cyberattacks. Coming from various research sources, they show attacks and security incidents rising in number every year. Ponemon estimates that data breaches cost companies over $150 per record, which has generated its own share of concern in the business world.

    According to the U.S. Department of Health and Human Services Office for Civil Rights, most breaches in 2016 “didn’t occur because of malicious IT hacking, instead, theft, loss improper disposal and unauthorised email access or disclosure were behind the largest incidents in 2016.” This has led to a furor of discussion around the idea of insider threats. Not to mention that the Snowden saga didn’t help either. The bottom line? It’s pivotal for companies to start investing in cyber security.

    What, Me Worry?

    At the same time, many companies seem to be sitting relatively still when it comes to guarding their IT systems against attack. In the 2016 Deloitte-NASCIO Cybersecurity Study, 80% of respondents stated that inadequate funding is one of the top barriers to effectively addressing cybersecurity threats, while 51% stated that inadequate availability of cybersecurity professionals was the driving factor.

    It’s also possible to see some of the danger in statistics around personal security behaviour. A January 2017 report from Security Magazine talks about the average consumer’s personal experience with cybercrime, and their responses.

    • 64% of respondents had experienced a major data breach in their lifetimes, with nearly half of them feeling that data is less safe now than ever before
    • 41% were willing to share a personal password with others
    • While 39% admitted to using similar passwords for different platforms
    • And 25% admitted using oversimplified passwords that are extremely easy to hack

    By applying these behaviours to the behaviours of a typical company employee, it’s easy to see how hard it is for human resource offices to promote strong passwords on a company network. No security system will be bulletproof if the human users aren’t doing their part to maintain only authorised access to the system.

    What Can Be Done?

    In the eyes of many experts, it has to be an “all hands on deck” type of solution. It has to start with public awareness on strong passwords, and then followed by a lot of training within the company to enforce authorised use of systems.

    In the eyes of many experts, it has to be an “all hands on deck” type of solution. It has to start with public awareness on strong passwords, and then followed by a lot of training within the company to enforce authorised use of systems.

    For more information on what should be prioritised within your cyber security, check out our latest interview with Jeremiah Grossman, which highlights what your IT security priorities should be.

    This report was created by Sarah Vanier at SentinelOne. View the original article.