Archive for April, 2018

More than 2.5 billion records stolen or compromised in 2017

Wednesday, April 11th, 2018

Gemalto, the world leader in digital security, today released the latest findings of the Breach Level Index, revealing that 2.6 billion records were stolen, lost or exposed worldwide in 2017, an 88% increase from 2016. While data breach incidents decreased by 11%, 2017 was the first year publicly disclosed breaches surpassed more than two billion compromised data records since the Breach Level Index began tracking data breaches in 2013.

To learn more about the 2017 statistics and trends, register for the upcoming webinar “New Data Breach Findings: The Year of Internal Threats and Misplaced data”

Over the past five years, nearly 10 billion records have been lost, stolen or exposed, with an average of five million records compromised every day. Of the 1,765 data breach incidents in 2017, identity theft represented the leading type of data breach, accounting for 69% of all data breaches. Malicious outsiders remained the number one cybersecurity threat last year at 72% of all breach incidents. Companies in the healthcare, financial services and retail sectors were the primary targets for breaches last year. However, government and educational institutions were not immune to cyber risks in 2017, making up 22% of all breaches.

The Breach Level Index* serves as a global database that tracks and analyzes data breaches, the type of data compromised and how it was accessed, lost or stolen. Based on data breach reports collected in the Breach Level Index, the major 2017 highlights include:

  • Human error a major risk management and security issue: Accidental loss, consisting of improper disposal of records, misconfigured databases and other unintended security issues, caused 1.9 billion records to be exposed. A dramatic 580% increase in the number of compromised records from 2016.
  • Identity theft is still the number one type of data breach: Identity theft was 69% of all data breach incidents. Over 600 million records were impacted resulting in a 73% increase from 2016.
    Internal threats are increasing: The number of malicious insider incidents decreased slightly. However, the amount of records stolen increased to 30 million, a 117% increase from 2016.
  • What a nuisance: The number of records breached in nuisance type attacks increased by 560% from 2016. The Breach Level Index defines a data breach as a nuisance when the compromised data includes basic information such as name, address and/or phone number. The larger ramification of this type of breach is often unknown, as hackers use this data to orchestrate other attacks.

“The manipulation of data or data integrity attacks pose an arguably more unknown threat for organizations to combat than simple data theft, as it can allow hackers to alter anything from sales numbers to intellectual property. By nature, data integrity breaches are often difficult to identify and in many cases, where this type of attack has occurred, we have yet to see the real impact,” said Jason Hart, Vice President and Chief Technology Officer for Data Protection at Gemalto. In the event that the confidentiality, or privacy, of the data is breached, an organization must have controls, such as encryption, key management and user access management, in place to ensure that integrity of the data isn’t tampered with and it can still be trusted. Regardless of any concerns around manipulation, these controls would protect the data in situ and render it useless the moment it’s stolen.”

Data Breaches by Type

Identity theft was the leading type of data breach, accounting for 69% of all incidents constituting 26% of breached data in 2017. The second most prevalent type of breach was access to financial data (16%). The number of lost, stolen or compromised records increased the most for nuisance type of data breaches (560%) which constituted 61% of all compromised data. Account access and existential type breaches decreased both in incidents and records from 2016.

Data Breaches by Industry

In 2017, the industries that experienced the largest number of data breach incidents were healthcare (27%), financial services (12%), education (11%) and government (11%). In terms of the amount of records lost, stolen or compromised, the most targeted sectors were government (18%), financial services (9.1%) and technology (16%).

Data Breaches by Source

Malicious outsiders were the leading source of data breaches, accounting for 72% of breaches, however making up only 23% of all compromised data. While accidental loss was the cause of 18% of data breaches, it accounted for 76% of all compromised records, an increase of 580% from 2016. Malicious insider breaches were 9% of the total number of incidents, however this breach source experienced a dramatic increase (117%) in the number of compromised or stolen records from 2016.

“Companies can mitigate the risks surrounding a breach through a ‘security by design’ approach, building in security protocols and architecture at the beginning,” said Jason Hart, Vice President and Chief Technology Officer for Data Protection at Gemalto. “This will be especially important, considering in 2018 new government regulations like Europe’s General Data Protection Regulation (GDPR) and the Australian Privacy Act (APA) go into effect. These regulations require companies to adapt a new mindset towards security, protecting not only their sensitive data but the privacy of the customer data they store or manage.”

*The Breach Level Index is a global database that tracks data breaches and measures their severity based on multiple dimensions, including the number of records compromised, the type of data, the source of the breach, how the data was used, and whether or not the data was encrypted. By assigning a severity score to each breach, the Breach Level Index provides a comparative list of breaches, distinguishing data breaches that are a not serious versus those that are truly impactful (scores run 1-10).

Breach Level Index Resources:

View the original post published by Gemalto.

Intelligent Security Considerations for Smarter Buildings

Tuesday, April 10th, 2018

In 2017 we saw a growing interest in ‘intelligent security systems’ and applications which add value beyond access control and video surveillance. As the industry continues to move towards preventative security measures (as opposed to just capturing an event after it has happened), the role of intelligent security systems and the gathering of data and analytics from multiple building systems is becoming increasingly profound.

These trends will continue in 2018 with building security deployments not only needing to pay for themselves but deliver much more than just physical security by adding measurable and strategic value to businesses. Many businesses will continue to ask, ’How can we use our access control system to reduce operational costs and improve business efficiencies?

One Albert Quay, Johnson Controls’ global headquarters in Cork, is an key example of how critical building systems including lighting, heating, power, access control, video, fire detection and fire suppression are utilized and connected to create one of Ireland’s smartest building.

One Albert Quay, one of Ireland’s smartest buildings deploys CEM Systems emerald intelligent access terminals in the reception area

Johnson Controls’ CEM Systems AC2000 security management solution supported by CEM Systems emerald intelligent access terminals provides One Albert Quay a solution that goes beyond access control to help improve operational efficiency. emerald provides a reader and controller in a single device to control access to doors and car parks with the added benefit of a built-in Voice over IP (VoIP) intercom and remote applications that enable additional functionality such as time and attendance, room booking, displaying company/site information, personalised messaging, entry checklists and more.

The smart lift system at One Albert Quay is centrally controlled with AC2000 access control and emerald terminals, and integrated with Schindler Lifts. When an employee or visitor swipes their access control card on the emerald terminal, this buttonless lift system uses automatic location choice depending on the users’ access control privileges. The smart lift system then automatically brings the card holder to the floor where they are working. This is a fast and efficient system, with zero latency between systems and enables energy harvesting for added efficiency.

For other organizations seeking to undertake a smart building development with an intelligent security system that goes beyond access control to reduce costs and enhance operations, the following should be considered:

1) Combine the use of several devices into one multi-functional unit
When deploying your security think about how you can take the functionality of typically numerous security devices and combine them into one powerful terminal for operational and cost savings. Choose intelligent card readers with reader and controller functionality combined into one device. Intelligent readers, such as the CEM Systems emerald intelligent access terminal, also have the added benefit of an internal database which ensure 24/7 access control and prevent throughput congestion and queues. Intelligent access terminals and combined solutions such as combining intercom functionality into the access control solution also take this multi-functional concept to a new level. CEM Systems emerald intelligent access terminals offers combined card reader and controller functionality, fully integrated Voice over IP intercom for bi-directional communication, on-board Power over Ethernet (PoE) technology and a range of remote server-based smart applications all in one single, powerful terminal.


CEM Systems emerald intelligent access terminal with in-built intercom

2) Intelligent smart applications
‘Smart applications’ that allow users to perform tasks such as accessing visitor information, card holder messages or integrated staff time and attendance, without the need for a dedicated client PC, brings intelligence which previously resided on the access control database closer to the door. Using a range of smart applications directly on the CEM Systems emerald terminal, users can perform what was historically client PC application functionality without the need to install dedicated PC software and licenses.

3) Smart room booking
An intelligent access terminal with a room booking interface that allows users to book a room, edit a booking and check room availability all at the door removes the need for a separate room booking interface. Using CEM Systems emerald intelligent access terminals you can conveniently book company meeting rooms at the door with a valid card swipe or through Microsoft Outlook® exchange calendar.


CEM Systems emerald room booking

4)Smart access administration
Applications that provide administrators the autonomy to locally change cardholder privileges at a door terminal, rather than at a workstation or central ID unit, can save time and costs. CEM Systems emerald provides a smart ‘Local Access’ application to solve the operational problem of last minute staff rescheduling and the need to urgently provide out-of-facility, temporary workers with access to restricted areas.

5) Smart operational modes
Intelligent access terminals that provide enhanced security checks such as displaying an image of the card holder on swipe allows for visual verification by security staff to limit card sharing. Terminals that also provide a checklist upon entry or exit can help ensure health and safety policies are adhered to. CEM Systems emerald intelligent terminals feature a range of sophisticated door modes such as an ‘image on swipe’ mode a building ‘entry/exit checklist’ mode that is particularly beneficial within the construction sector as it enables workers to answer a list of pre-defined questions (such as do you have the correct permits, clothing and training, etc.) before access is granted on site.


CEM Systems emerald intelligent terminal ‘entry/exit checklist’ door mode

6) Centralized gathering of building data and analytics
Intelligent security shouldn’t be about capturing the event after it has happened. Using collaborative building data and analytics you can pre-empt vulnerabilities before they happen and optimize total building performance. To enable the centralized gathering of building data and to manage the alarms of various building systems and multiple sites, use one unified security platform. For example the CEM Systems AC2000 Security Hub enables the centralised command and control of integrated building systems and wireless/offline locks via the AC2000 access control system. Using this platform systems can accurately share information and data, which can then be used to optimize total building performance.


CEM Systems AC2000 Security Hub – centralized security management for the real-time monitoring and control of alarms and events

7) Smart portable security
Portable card readers are a great example of a smart solution which continues to solve the customer problem of securing areas with no fixed wall barriers or gates. Harland & Wolff’s engineering facilities in Northern Ireland deployed CEM Systems S3040 portable hand-held card readers at dry dock areas which created measurable efficiency gains by successfully bringing their evacuation drill mustering time from 45 minutes down to 9 minutes.


CEM Systems S3040 portable handheld reader

8) Smart cards and mobile credentials
When choosing a card reader in 2018 opt for readers that offer the highest level of built-in smart card technology. For user convenience also check with your security supplier, if they offer pre-personalised smart cards with encrypted algorithms. Another growing trend in the industry and an example of the access control system is getting smarter for users is the use of mobile phone credentials. Smartphones as a form of credential is now a perfectly viable option. The benefit of the mobile credential is that it saves the operational time and cost of physically sending out an ID card, making it ideal for businesses with remote workers and numerous remote sites.

9) Integrated biometrics
Quite often the option to use biometrics with access control can mean two pieces of software being used in parallel, as well as two separate networks and two separate security devices at the door. When choosing biometrics opt for a fully integrated access control and biometric solution. CEM Systems emerald intelligent fingerprint access terminal AC2000 access control software removes the need for two separate pieces of software. Using one software, one network and one device, creates a quicker biometric read time, less errors at the door and ultimately less lines of throughput traffic at access control points.


CEM Systems emerald intelligent fingerprint terminal

Conclusion

When deploying your security system in 2018, think about your operational pain points and ask the question: “Can my security system be utilized beyond access control to either reduce costs, enhance site operations or to aid the gathering of smart building data and analytics?”

View the original blog at CEM Systems.