Category: International

Gemalto has recently released the latest findings of the Breach Level Index, a global database of public data breaches, revealing 918 data breaches led to 1.9 billion data records being compromised worldwide in the first half of 2017. Compared to the last six months of 2016, the number of lost, stolen or compromised records increased by a staggering 164%. A large portion came from the 22 largest data breaches, each involving more than one million compromised records. Of the 918 data breaches more than 500 (59% of all breaches) had an unknown or unaccounted number of compromised data records. The Breach Level Index is a global database that tracks data breaches and measures their severity based on multiple dimensions, including the number of records compromised, the type of data, the source of the breach, how the data was used, and whether or not the data was encrypted. By assigning a severity score to each breach, the Breach Level Index provides a comparative list of breaches, distinguishing data breaches that are not serious versus those that are truly impactful. According to the Breach Level Index, more than 9 billion data records have been exposed since 2013 when the index began benchmarking publicly disclosed data breaches. During the first six months of 2017, more than ten million records were compromised or exposed every day, or one hundred and twenty-two records every second, including medical, credit card and/ or financial data or personally identifiable information. This is particularly concerning, since less than 1% of the stolen, lost or compromised data used encryption to render the information useless, a 4% drop compared to the last six months of 2016. “IT consultant CGI and Oxford Economics recently issued a study, using data from the Breach Level Index and found that two-thirds of firms breached had their share price negatively impacted. Out of the 65 companies evaluated the breach cost shareholders over $52.40 billion,” said Jason Hart, Vice President and Chief Technology Officer for Data Protection at Gemalto, “We can expect that number to grow significantly, especially as government regulations in the U.S., Europe and elsewhere enact laws to protect the privacy and data of their constituents by associating a monetary value to improperly securing data. Security is no longer a reactive measure but an expectation from companies and consumers.” Primary sources of data breaches Malicious outsiders made up the largest percentage of data breaches (74%), an increase of 23%. However, this source accounted for only 13% of all stolen, compromised or lost records. While malicious insider attacks only made up 8% of all breaches, the amount of records compromised was 20 million up from 500,000, an increase of over 4,114% from the previous six months. Leading types of data breaches For the first six months of 2017, identity theft was the leading type of data breach in terms of incident, accounting for 74% of all data breaches, up 49% from the previous semester. The number of records compromised in identity theft breaches increased by 255%. The most significant shift was the nuisance category of data breaches representing 81% of all lost, stolen or compromised records. However, in terms of the number of incidents, nuisance type attacks were only slightly over 1% of all data breaches. The number of compromised records from account access attacks declined by 46%, after a significant spike in the 2016 BLI full year report. Biggest industries affected by data breaches Most of the industries the Breach Level Index tracks had more than a 100% increase in the number of compromised, stolen or lost records. Education witnessed one of the largest increases in breaches up by 103% with an increase of over 4,000% in the number of records. This is the result of a malicious insider attack compromising millions of records from one of China’s largest comprehensive private educational companies. Healthcare had a relatively similar amount of breaches compared to the last six months of 2016, but stolen, lost or compromised records increased 423%. The U.K’s National Health Service was one of the top five breaches in the first half with over 26 million compromised records. Financial services, government and entertainment were also industries that experienced a significant jump in the number of breached records, with entertainment breach incidents increasing 220% in the first six months of 2017. Geographic distribution of data breaches North America still makes up the majority of all breaches and the number of compromised records, both above 86%. The number of breaches in North America increased by 23% with the number of records compromised skyrocketing by 201%. Traditionally, North America has always had the largest number of publicly disclosed breaches and associated record numbers, although this is poised to change in 2018 when global data privacy regulations like the European General Data Protection Regulation (GDPR) and Australia’s Privacy Amendment (Notifiable Data Breaches) Act are enforced. Europe currently only had 49 reported data breaches (5% of all breaches), which is a 35% decline from the previous six months.

Silicon Valley analytic software firm FICO has been named a category leader in financial crime risk management solutions by research firm Chartis Research. Their report Financial Crime Risk Management Solutions: Market Update 2017 discusses the increased reporting requirements for financial institutions and the need to use analytics to map out increasingly complex relationships. “For FIs, managing these efficiently and effectively can be costly and complex,” the report states, “Alongside pressure from regulators, and financial crime itself, processing the increasing volume, variety and velocity of the data FIs need requires customized, cutting-edge technology.” “The Chartis report calls out the priority for using advanced analytics and artificial intelligence to map out relationships between entities and to perform transaction-level analysis,” said Bob Shiflet, Vice President for fraud and financial crime solutions at FICO, “We have been pioneering the use of AI in fraud detection for 25 years, and have recently applied it to entity resolution, AML and cybersecurity. Nobody in the market knows better how to apply AI and machine learning to get results in financial crime risk management.” FICO’s portfolio of enterprise fraud solutions includes the FICO® Falcon® Platform, which protects 2.6 billion payment cards worldwide, and the FICO® TONBELLER® Siron® Anti-Financial Crime Suite. FICO has introduced AI models for AML and KYC to better detect money laundering and more efficiently operationalize teams to stop this activity.

By now, it’s a familiar story! A company puts massive amounts of data on a remote cloud server – then someone finds a way in, gaining access to sensitive business documents or the personal information of millions of people. It happened to Verizon; it happened to WWE; and it happened to the political data company Deep Root Analytics. Most recently it happened to the accounting firm Deloitte. According to a news report, hackers tapped into the company’s email system simply by logging on as an administrator. And it will keep happening, experts say, especially when companies neglect data security in their eagerness to convert to the cloud. “They inherently believe they get all these magical properties of security by moving (to the cloud), and it just doesn’t happen,” said Josh Douglas, Raytheon’s Chief Strategy Officer for Cyber Services. Cloud computing is an increasingly popular option for businesses. The cloud-services market could generate as much as $236 billion in revenue by the year 2020, according to Forrester Research. The reasons are clear – the cloud cuts the cost of hosting and maintaining on-site servers, it allows employees to work seamlessly from anywhere, and it adjusts to the size of the organization. “But just like any other connection to the internet, it creates ample opportunities for cybercriminals to attack,” Douglas continued, “As we tell our clients, cloud computing puts your information on someone else’s computer. So it’s vital to protect the cloud exactly as you would your own servers.” The Verizon, WWE and Deep Root Analytics breaches, all appear to stem from improper cloud-security settings. Media reports on all three incidents said the databases were accessible to anyone who had the URL. In the Deloitte breach, news reports said the attackers signed onto a server that required only a login and password – less protection than many people have on their social media pages. A common measure known as ‘two-factor authentication’ would require both a login/ password combination and another means of verifying identity such as a fingerprint or PIN code that appears on a secondary device. “It is a basic part of cyber hygiene, and while it might not have prevented the intrusion altogether, it would have at least slowed the attackers and forced them to use more sophisticated methods,” Douglas said. He also mentioned other common mistakes in converting to the cloud that include failure to scan old code for vulnerabilities, failure to segregate systems and forgoing ‘red-teaming,’ also known as adversary emulation testing, where security consultants play the role of hackers and attempt to breach systems critical to the business. “But data security in the era of cloud computing isn’t just about setting things up correctly. It’s also about the behaviour of employees,” said Matt Moynahan, CEO of Forcepoint, a cybersecurity company jointly owned by Raytheon, “Using technology to monitor employee activity, identify possible errors and sniff out malicious intent can help reduce risk.” “Regardless of whether organizations are securing data using on-premises or cloud-based technology… organizations need to balance protecting privacy and understanding how their employees interact with critical business data and intellectual property,” Moynahan concluded. Even with all the risks cloud computing can present, businesses shouldn’t fear conversion to the cloud. Companies often over-correct after cybersecurity problems, with security measures so strict they impede the growth of business. That, Douglas said, is also a mistake. “If the pendulum swings too far to the right, security puts a standstill to the innovation and technology,” he said, “It’s important to adopt things like clouds, because that innovation is what helps our society grow.”

HID Global® has recently introduced new standards-based identity and access management (IAM) solution for government agencies to more easily comply with the mandate to improve physical access and digital identity security. At the heart of this IAM solution is the new HID Crescendo® temporary access card, which gives visitors a more secure credential to enter government buildings. HID developed this temporary access card to provide a visitor credential that has the same level of security as the standard government-issued PIV and PIV-I cards used by all U.S. government employees. The new HID Crescendo temporary access card creates a PIV-like access experience for people who, unlike a full-time government employee, only need temporary access. Because visitors to U.S. government agency buildings are not eligible to receive a government-issued PIV card for access, government agencies have been using traditional physical access technology for visitor IDs, thereby creating an unnecessarily higher risk of intruders trying to gain entry, likely from badges being cloned. A call within the U.S. federal government to start moving away from traditional visitor management based on proximity-based technology cards has intensified with rising concerns about potential vulnerabilities to government buildings. This follows the U.S. Office of Management and Budget (OMB) mandate through OMB M11-11 for U.S. federal government agencies to move to PIV cards for access to facilities. “The U.S. government has recognized the need to make sure that visitors to government agency buildings are using the most secure credentials available and can be trusted,” said Brad Jarvis, Vice President and Managing Director of the Identity & Access Management Solutions (IAMS) business within HID Global, “No other access card technology on the market today can do what our new HID Crescendo temporary access card can do with a digital identity certificate for a PIV-like experience to increase security of visitor access.” The HID Crescendo temporary access card is based on public key infrastructure (PKI) technology, which means a digital certificate is embedded on each visitor ID access card, providing an extra layer of trust that the card holder is authorized to access a building. Federal government building managers are moving to ‘PKI-at-the-door’ based on mandates to discontinue using traditional physical access credentials. New-generation technologies are needed. However, most government agencies have limited resources to deploy a full PKI/ credential management system solution on their own. This is why HID’s new IAM solution is significant and timely, delivering a simplified, cost-effective way for agencies to deploy a ‘PIV-like’ PKI-at-the-door experience right away to address today’s potential vulnerabilities. The HID Crescendo Temporary Access Card uses HID’s advanced credential management, which is particularly beneficial for government agencies that do not have their own credential management system. The solution can be deployed seamlessly onto FIPS 201-compliant physical access systems at any government building and does not require the installation of complex software.

ASSA ABLOY has signed an agreement to acquire Mercury Security, a leading OEM supplier of controllers for physical access control. “Mercury Security is a strategic technological addition to the ASSA ABLOY Group. The company reinforces our current offering, where Mercury Security considerably enhances the Group´s position within physical access control and will provide complementary growth opportunities,” says Johan Molin, President and CEO of ASSA ABLOY. “The acquisition of Mercury Security will advance HID’s global leadership in the physical access control industry, adding Mercury Security’s high-quality controllers to HID’s product portfolio while extending HID’s installed base of millions of users beyond the readers and smart cards that we are already well known for,” says Stefan Widing, President and CEO of HID Global. Mercury Security was founded in 1992. It is headquartered in Long Beach, California and has some 45 employees. Sales for 2017 are expected to reach USD 60 million (approx. SEK 500 million) with a good EBIT margin. The acquisition will be accretive to EPS from start. The transaction is conditional upon regulatory approval and satisfaction of customary closing conditions and is expected to close during the fourth quarter of 2017.

Enables customers to receive full threat analysis and prevention within Asia-pacific borders while benefiting from global threat prevention. Palo Alto Networks® has unveiled its APAC WildFire™ cloud, located in Singapore. The service allows customers in the region to benefit from Palo Alto Networks WildFire cloud-delivered threat analysis and prevention capabilities, while addressing customer’s data privacy concerns, via an APAC-based cloud. WildFire is now available with regional-specific clouds in Asia-Pacific (APAC), the European Union, Japan, and North America. As cyberattacks grow in complexity and sophistication, threat prevention has become more difficult, time-consuming and expensive, especially when done in isolation. Today, this is not a fight any one organisation can win alone. A global, cloud-delivered, community-driven approach to aggregated threat analysis is crucial to achieving the best possible threat intelligence and prevention, to effectively defend against a community of attackers who share information, attack methods, and techniques. However, recent developments in data regulation – both globally and in the region – have heightened concerns about data transfer, protection and sovereignty. By offering customers the ability to submit their unknown content to the APAC WildFire cloud for analysis and verdict, customers will have more control and certainty over the location of their data, in order to better comply with their data sovereignty and privacy requirements, while continuing to capitalise on the benefits of globally shared threat data. Additionally, with the APAC WildFire cloud, security teams across the region can accelerate threat hunting, analytics, and response efforts, with globally correlated intelligence from the entire WildFire community, made directly accessible through the Palo Alto Networks AutoFocus™ contextual threat intelligence service. The launch of the APAC WildFire cloud is part of Palo Alto Networks commitment to customers in Singapore and the wider APAC region, following the opening of its new APAC headquarters in Singapore earlier this year. The investments made in Singapore into local cloud infrastructure, and an on-site threat intelligence team – Unit 42 – will provide customers in the region, and globally, the opportunity for increased protection against advanced cyberattacks. As businesses in Asia-Pacific continue to grow at a rapid pace and modern networks evolve, so too will the threat of cyberattacks. Our APAC WildFire cloud allows organisations to tap into global prevention capabilities and counter increasingly sophisticated threats, while addressing their data sovereignty and privacy concerns – Simon Green Senior Vice President, Asia-Pacific, Palo Alto Networks  

Thales closes the acquisition of US company Guavus, a pioneer in real-time big data analytics. Headquartered in San Mateo, California, in the Silicon valley, Guavus employs 250 people, of which 140 are based in Gurgaon (India), 60 in California and 50 in Montreal (Canada). Guavus is perfectly suited to help Thales address the growing needs of an increasingly connected global ecosystem. The company has built a recognised industrial ‘big data’ platform particularly adapted to real-time analytics and designed to be easily implemented across any number of new markets. Its revenues are expected to exceed US$30 million for the current fiscal year. The impact of this acquisition on Thales’s 2017 EBIT should be non-material. This business will be assigned to the defence & security operating segment. Thanks to this acquisition, Thales strengthens its positioning in one of the key technologies at the heart of digital transformation of its customers. Patrice Caine, Thales’s Chairman and CEO, commented, “Thales is very excited that this acquisition has now closed and welcomes Guavus’s talents as part of its family. Combined with our established expertise in other key digital technologies, the acquisition of Guavus represents a tremendous accelerator of our digital strategy for the benefit of all our customers, whether in aeronautics, space, rail signaling, defense or security.”

Gemalto advanced ePassport technologies are now being used in over 30 different countries. Thanks to their outstanding security and the faster, more convenient border crossings they facilitate, the company’s solutions help authorities strengthen homeland protection and improve the traveller experience. Gemalto’s leading position has been built on the supply of complete travel documents and key components such as polycarbonate data pages, visible and hidden document security features, electronic passport covers, and ICAO-compliant embedded software. In addition, the company’s secure embedded software has consistently outperformed the competition in international tests on speed over the last decade. Gemalto is also making an active contribution to the definition of international ePassport standards. Introduced in 2005, the ePassport – which now represents 57% of passports in circulation – delivers enhanced fraud protection by incorporating a secure microprocessor that stores the holder’s personal data and digital photo. Electronic passports include a standardized electronic portrait of the holder for facial recognition, which opens the door to a comprehensive range of automated, self-service airport services for passengers. This extends from check-in through to immigration control and boarding, resulting in an enhanced experience on arrival and departure. The future ePassport A new generation of ePassport will digitally store travel information such as eVisas and entry/ exit stamps to support even more efficient immigration control. The key trends in travel documentation identified by Gemalto include: Swift migration to tamper-proof polycarbonate data pages, which dramatically reduce the risk of fraud. Rapid growth in secure digital identity credentials. Sensitive ePassport data is stored on the holder’s smartphone to create a secure companion to the physical passport, making life easier for travellers. Smart borders/ smart airports to emerge at a faster pace. Combined with the hundreds of millions of ePassports now in circulation and a strong push behind biometrics (particularly facial recognition), they offer travellers quick and secure cross-border movement.