Over Half of IT Professionals Don’t Know Where Sensitive Data is Stored: Survey

IT professionals are fixated on perimeter security measures such as firewalls, antivirus protection and content filtering, and are ignoring more important security considerations, suggest the findings of a Gemalto-commissioned survey.

Polling a little over a thousand IT professionals around the world, the survey found that 76 percent had reported that their companies had increased investments in perimeter security, yet 68 percent said that they thought unauthorized users could still gain access to their networks.

Thirty-two percent of the respondents said their organizations don’t encrypt payment data, and 35 percent said they don’t encrypt user data in general. Fifty-five percent said they didn’t know where such data is stored.

The responses paint a dismal portrait of the state of enterprise security at a time when the protection of sensitive data is an increasingly key concern. Just this week, a provider of smart vending machines reported that it had suffered a data breach compromising customer data including biometric credentials.

Meanwhile, the European Union’s General Data Protection Regulation will come into effect next May, with 53 percent of respondents in the Gemalto survey saying that they don’t think their organizations will be compliant in time. That could prove costly for the businesses and, in the event of hack attacks, their customers.

Source: MobileID World

Extreme Cyber-Attack Could Dwarf Natural Disaster Costs

A major global cyber-attack has the potential to trigger up to US$53 billion of economic losses – greater than some of Australia’s worst natural disasters combined.

The equivalent cost is more than five times the economic losses recorded for the devastating 2011 Queensland floods, one of the most damaging natural disasters recorded at an estimated cost of A$14.1 billion or US$10.7 billion.

The joint research undertaken by Lloyd’s and cybersecurity advisor Cyence examined the potential economic impact of two global scenarios:

A malicious hack that takes down a cloud service provider with estimated losses of up to US$53 billion; and
Attacks on computer operating systems run by a large number of businesses around the world, which could cause losses of US$28.7 billion.
The research acknowledged that economic losses could be much lower or higher than the average in the scenarios because of the uncertainty around cyber aggregation.

For example, while average losses in the cloud service disruption scenario are US$53 billion for an extreme event, they could be as high as US$121 billion or as low as US$15 billion, depending on factors such as the different organisations involved and how long the cloud service disruption lasts for.

The findings also revealed that, while the global demand for cyber insurance is on the rise, the majority of losses are not currently insured, leaving an insurance gap of tens of billions of dollars.

Cyber risk exposures
Asked about the implications for Australia, Lloyd’s general representative in Australia, Chris Mackinnon, said the implications were huge for local businesses of all sizes and across all sectors.

“Businesses today are interconnected by digital technology and services, meaning a single cyber event can cause a severe impact across an economy, triggering multiple claims and dramatically increasing insurers’ claims costs,” he said.

“This report gives us a real sense of the extent of damage a single, extreme cyber-attack could cause. An attack of that magnitude could create losses bigger than of some of Australia’s worst natural disasters combined.”

Putting that into perspective, the 2009 Black Saturday bushfires in Victoria cost an estimated A$7 billion; the 2011 Queensland floods cost A$14.1 billion and the 1989 Newcastle earthquake cost A$18.7 billion.

“Where a decade ago people would talk about preventing a cyber-attack, the reality today is that any business with proprietary information worth protecting is vulnerable to attack. The issue is how you mitigate against that risk,” Mackinnon said.

“These scenarios are designed to help both businesses and insurers gain a better understanding of their cyber risk exposures and better manage these complex and rising risks.”

Since its inception in 2014, there have been over 114,000 reports of cybercrime registered with the Australian Cybercrime Online Reporting Network (ACORN). Notably, 23,700 of these have been reported over the last six months, highlighting a growing occurrence of cyber-criminal activity.

Source: RFi Group

How PCI compliance is the first step in achieving the “CIA Triad”

When it comes to PCI DSS compliance, most organizations consider it as a one-off task, something to complete – often only after the Acquiring Banks ask to do so – and forget about once the compliance has been validated. The problem is that compliance audits only prove best-practice during a snapshot in time, and most organizations fail to maintain best-practice after they have passed the audit. It has been found that most, if not all, organizations that were supposedly PCI DSS compliant were found to no longer be compliant at the moment they were compromised.

See the full article here. 

Report: CEE Region Undergoes Fast Digitilisation

Erste Group’s latest report has revealed that The Central and Eastern European (CEE) region is close to Western Europe’s level of digitalization.

Although the region fares well in terms of digital infrastructure, lack of digital public services is a major drawback for many countries, the report shows. However, countries can develop eGovernment services by building on their own digital infrastructure.

Although the level of digitalization and online access is almost on par with that of Western Europe, the CEE countries’ average GDP per capita in absolute terms is at the level seen in Western Europe in the mid-1980s and investment in areas requiring a lot of physical capital (such as road infrastructure) is taking much longer.

The report’s authors recommend more financial incentives for developing CEE workers’ digital skills and more investment in ICT solutions by CEE businesses.

When it comes to digitalization, CEE countries have made important progress in catching up with Western Europe. The gap for household internet access between the two regions is only four years and when it comes to mobile broadband access, the gap is only two years.

Furthermore, mainly low online reach into rural areas make contribute to the differences in digitalization between Eastern and Western Europe. When it comes to the urban environment, both regions have an almost identical level of internet and mobile broadband access.

Finally, Erste’s report highlights that there is still room for improvement, especially when it comes to the digitalization of public services. Few CEE countries (with the exception of Slovenia and Slovakia) have taken active steps in developing an eGovernment platform.

Banks Warned Over Misuse of Personal Information

Data

Businesses including banks and financial services institutions must build public confidence in their ability to store and protect Australian citizens’ personal information, according to the latest Unisys Security Index.

The research found that 58 per cent of Australians are extremely or very concerned about unauthorised access to or misuse of personal information, while a further 55 per cent are extremely or very concerned about other people obtaining or using their credit/debit card details.

The Unisys Security Index is a global study that measures the attitudes of Australians on a wide range of issues related to national, personal, financial and Internet security, and showed that many consumers are still concerned over identity and financial theft.

“In an era where data breaches have become part of the daily news cycle, consumer confidence in the ability of organisations, including banks and retail businesses, to protect their personal and financial data has eroded away,” says John Kendall, director for national and border security programs, Unisys.

UK experience

Research indertaken by RFi Group based on the UK experience of open banking found almost 60 per cent of UK consumers agreed that their privacy was more important to them than accessing better products and services.

“Here the banks have an advantage; on any given Sunday a consumer trusts their bank to hold and maintain the privacy and security of their personal information better than any other organisation,” RFi Group managing director of consulting Alan Shields said.

Closer to home, RFi Group research found that Australian banks are the most trusted institutions in terms of data security and privacy regardless of age – with banks outranking technology and even government agencies when it came to trust and privacy issues.

Shields acknowledged that banks with foresight are already preparing to operate in an open banking environment, with open APIs.

“On the consumer front, if we solve privacy and security concerns, then account aggregation is clearly an attractive driver of consent among younger consumers and it is here that the banks must carefully choose their positioning,” he said.

Data breach

However, there are plenty of examples of companies getting it wrong and less than 12 months ago Australia recorded its largest ever data breach when the Red Cross Blood Service lost over half a million personal and medical files of Australian citizens.

“High-profile security breaches have rattled the Australian public and highlighted the vulnerabilities in business implemented technology. Security breaches don’t just impact an organisation’s ability to deliver services, the negative repercussions of a data breach can change the way customers think about or trust the business,” added Kendall.

Previous Unisys research from 2011 revealed 85 per cent of Australians said that they would stop dealing with an organisation if their data was compromised.

“Banks, retailers and governments wanting to move more of their transactions online can use innovative security measures, such as multi-factor identification or biometric technology, as a point of difference and position themselves as safe organisations to do business with and regain consumer trust,” concluded Kendall.