Over Half of IT Professionals Don’t Know Where Sensitive Data is Stored: Survey

IT professionals are fixated on perimeter security measures such as firewalls, antivirus protection and content filtering, and are ignoring more important security considerations, suggest the findings of a Gemalto-commissioned survey.

Polling a little over a thousand IT professionals around the world, the survey found that 76 percent had reported that their companies had increased investments in perimeter security, yet 68 percent said that they thought unauthorized users could still gain access to their networks.

Thirty-two percent of the respondents said their organizations don’t encrypt payment data, and 35 percent said they don’t encrypt user data in general. Fifty-five percent said they didn’t know where such data is stored.

The responses paint a dismal portrait of the state of enterprise security at a time when the protection of sensitive data is an increasingly key concern. Just this week, a provider of smart vending machines reported that it had suffered a data breach compromising customer data including biometric credentials.

Meanwhile, the European Union’s General Data Protection Regulation will come into effect next May, with 53 percent of respondents in the Gemalto survey saying that they don’t think their organizations will be compliant in time. That could prove costly for the businesses and, in the event of hack attacks, their customers.

Source: MobileID World

How PCI compliance is the first step in achieving the “CIA Triad”

When it comes to PCI DSS compliance, most organizations consider it as a one-off task, something to complete – often only after the Acquiring Banks ask to do so – and forget about once the compliance has been validated. The problem is that compliance audits only prove best-practice during a snapshot in time, and most organizations fail to maintain best-practice after they have passed the audit. It has been found that most, if not all, organizations that were supposedly PCI DSS compliant were found to no longer be compliant at the moment they were compromised.

See the full article here. 

European eID Schemes Provide Only 69% of ID Information

A new research published by Signicat has shown that European eID schemes provide 69% of ID information needed to digitally apply for financial services.

According to “The Rise of Digital Identities” report, financial institutions are missing a vital link in the digital chain: onboarding. 40% of consumers have abandoned a bank sign up process because of the time and effort needed. This combined with the upcoming eIDAS regulation means that financial institutions need to be able to onboard customers 100% digitally.

In Belgium, for example, the eID covers all the necessary attributes but the scheme is only relevant in a consumer-to-government context. In The Netherlands, the bank-operated scheme offers the right coverage but, on its own, will not satisfy Know Your Customer (KYC) requirements.

To fully verify a customer’s identity, financial institutions must supplement eID information from a variety of sources including national ID schemes, various digital assets and traditional ID documents such as passports. To succeed, institutions must plug the gaps and ensure they have access to the right information in the right geographies.

The paper was developed with research from Innopay, the payments, digital identity and e-business consultant. Innopay surveyed the onboarding landscape across Austria, Belgium, Germany, Luxembourg, The Netherlands, Switzerland and the UK to look at KYC/AML requirements and how available eID schemes map to these requirements.

Banks Warned Over Misuse of Personal Information

Businesses including banks and financial services institutions must build public confidence in their ability to store and protect Australian citizens’ personal information, according to the latest Unisys Security Index.

The research found that 58 per cent of Australians are extremely or very concerned about unauthorised access to or misuse of personal information, while a further 55 per cent are extremely or very concerned about other people obtaining or using their credit/debit card details.

The Unisys Security Index is a global study that measures the attitudes of Australians on a wide range of issues related to national, personal, financial and Internet security, and showed that many consumers are still concerned over identity and financial theft.

“In an era where data breaches have become part of the daily news cycle, consumer confidence in the ability of organisations, including banks and retail businesses, to protect their personal and financial data has eroded away,” says John Kendall, director for national and border security programs, Unisys.

UK experience

Research indertaken by RFi Group based on the UK experience of open banking found almost 60 per cent of UK consumers agreed that their privacy was more important to them than accessing better products and services.

“Here the banks have an advantage; on any given Sunday a consumer trusts their bank to hold and maintain the privacy and security of their personal information better than any other organisation,” RFi Group managing director of consulting Alan Shields said.

Closer to home, RFi Group research found that Australian banks are the most trusted institutions in terms of data security and privacy regardless of age – with banks outranking technology and even government agencies when it came to trust and privacy issues.

Shields acknowledged that banks with foresight are already preparing to operate in an open banking environment, with open APIs.

“On the consumer front, if we solve privacy and security concerns, then account aggregation is clearly an attractive driver of consent among younger consumers and it is here that the banks must carefully choose their positioning,” he said.

Data breach

However, there are plenty of examples of companies getting it wrong and less than 12 months ago Australia recorded its largest ever data breach when the Red Cross Blood Service lost over half a million personal and medical files of Australian citizens.

“High-profile security breaches have rattled the Australian public and highlighted the vulnerabilities in business implemented technology. Security breaches don’t just impact an organisation’s ability to deliver services, the negative repercussions of a data breach can change the way customers think about or trust the business,” added Kendall.

Previous Unisys research from 2011 revealed 85 per cent of Australians said that they would stop dealing with an organisation if their data was compromised.

“Banks, retailers and governments wanting to move more of their transactions online can use innovative security measures, such as multi-factor identification or biometric technology, as a point of difference and position themselves as safe organisations to do business with and regain consumer trust,” concluded Kendall.