Tag: Gemalto

Gemalto finds bigger breaches on the rise

hqdefaultSecurity vendor Gemalto claims that more data was stolen in the first half of this year than in the entirety of 2016, but the number of reported European breaches dropped 35 percent.

According to Gemalto research, over 1.9 million data records were nicked compared to just under 1.4 million in all of 2016, representing an increase of 164 percent.

The report said that the numbers of data records pinched will grow significantly, especially as government regulations in the US, Europe and elsewhere enact laws to protect the privacy and data of their constituents by associating a monetary value to improperly securing data.

“Security is no longer a reactive measure but an expectation from companies and consumers”, the report said.

Gemalto’s research found identity theft to be the leading type of data breach, accounting for 74 percent of all breaches in the first six months of this year. The number of records exposed as a result of identity theft jumped 255 percent.

North America maintained its position as the number one attack target, making up over 86 percent of both total breaches and total records stolen.

Gemalto said that North America has always seen the most declared data breaches, but said it expects that to change once the General Data Protection Regulation comes into effect next year.

In the first of half of this year European companies reported 49 data breaches, reflecting just five percent of the global total and a decline of 35 percent on the previous six months, Gemalto said.

IT professionals have outdated view about security

galleryreconstructiondrawinghadrianswallwalltowncragsj940488Despite the increasing number of data breaches and nearly 1.4 billion data records being lost or stolen in 2016 the vast majority of IT professionals still believe perimeter security is effective at keeping unauthorised users out of their networks. However, companies are under investing in technology that adequately protects their business.

According to the findings of the fourth-annual Data Security Confidence Index released today by Gemalto businesses feel that perimeter security is keeping them safe, with most (94 percent) believing that it is quite effective at keeping unauthorized users out of their network. However, 65 percent are not extremely confident their data would be protected, should their perimeter be breached, a slight decrease on last year (69 percent). Despite this, nearly six in 10 (59 percent) organisations report that they believe all their sensitive data is secure.

Many businesses are continuing to prioritise perimeter security without realising it is largely ineffective against sophisticated cyberattacks. According to the research findings, 76 percent  said their organisation had increased investment in perimeter security technologies such as firewalls, IDPS, antivirus, content filtering and anomaly detection to protect against external attackers. Despite this investment, two thirds (68 percent) believe that unauthorised users could access their network, rendering their perimeter security ineffective.

These findings suggest a lack of confidence in the solutions used, especially when over a quarter (28 percent) of organizations have suffered perimeter security breaches in the past 12 months. The reality of the situation worsens when considering that, on average, only eight percent of data breached was encrypted.

Businesses’ confidence is further undermined by over half of respondents (55 percent) not knowing where their sensitive data is stored. In addition, over a third of businesses do not encrypt valuable information such as payment (32 percent) or customer (35 percent) data. This means that, should the data be stolen, a hacker would have full access to this information, and can use it for crimes including identify theft, financial fraud or ransomware.

Gemalto’s  , Vice President and Chief Technology Officer for Data Protection Jason Hart said that it is clear that there is a divide between organizations’ perceptions of the effectiveness of perimeter security and the reality.

“By believing that their data is already secure, businesses are failing to prioritize the measures necessary to protect their data. Businesses need to be aware that hackers are after a company’s most valuable asset – data. It’s important to focus on protecting this resource, otherwise reality will inevitably bite those that fail to do so.”

With the General Data Protection Regulation (GDPR) becoming enforceable in May 2018, businesses must understand how to comply by properly securing personal data to avoid the risk of administrative fines and reputational damage. However, over half of respondents (53 percent) say they do not believe they will be fully compliant with GDPR by May next year. With less than a year to go, businesses must begin introducing the correct security protocols in their journey to reaching GDPR compliance, including encryption, two-factor authentication and key management strategies.

Hart said, “Investing in cybersecurity has clearly become more of a focus for businesses in the last 12 months. However, what is of concern is that so few are adequately securing the most vulnerable and crucial data they hold, or even understand where it is stored. This is standing in the way of GDPR compliance, and before long the businesses that don’t improve their cybersecurity will face severe legal, financial and reputational consequences.”

 

Gemalto teams up with Enfuce in Nordic alliance

Screen-Shot-2017-03-11-at-6.59.36-PMDigital security Gemalto has signed a deal with the Finnish-based financial services provider Enfuce.

The idea is to offer enterprises a rapid and cost-efficient deployment of convenient and strong customer authentication using mobile devices.

Enfuce has launched its cloud-based ‘authentication as a service’ solution, designed to make it simple for financial institutions, retailers and fintechs to secure their mobile applications.

It is built on Gemalto’s Mobile Protector Software Development Kit (SDK) and Confirm Authentication Server (CAS).  Users can decide to be authenticated for the transactions using a PIN code, fingerprint or facial recognition,

Using its Mobile Protector SDK, Enfuce’s customers can deploy secured mobile applications in a matter of weeks, helping them to comply with PSD2 banking regulations.

Gemalto Mobile Protector SDK provides Enfuce’s customers with APIs, needed to embed security into their mobile applications, without requiring developers to master security principles.

Initially targeting the Nordics, where it has already been sold, Enfuce plans to extend the service across Europe.

Enfuce CEO for Monika Liikamaa said: “The introduction of this ground-breaking ‘authentication as a service’ solution reflects our commitment to enable profound changes in the payment industry. By combining our extensive knowledge of the financial sector with Gemalto’s authentication capabilities, we can offer a ‘plug and play’ service that leaves clients free to focus on core activities.”

Gemalto gives Mercs smartphone keys

4550a36b2d1a5bc005e1abbfeafa461cDigital security outfit Gemalto is providing its Trusted Services Hub (TSH) to support Daimler AG’s new smartphone-based ‘digital vehicle key’ for the Mercedes-Benz E-Class range.

The premium car maker’s “innovative solution” gives drivers the freedom to lock/unlock and start their vehicles using their NFC smartphone. Gemalto’s TSH enables seamless and secure over-the-air deployment of the digital keys to any type of phone that supports the solution.

Drivers can lock/unlock their cars by simply placing the smartphone against the door handle. The engine can also be turned on with the phone in the charging tray of the dashboard and pressing the start button. It works even if the phone battery is drained and means you don’t need keys – unless your phone is out of battery, or stolen.

The Secure Element is a tamper resistant hardware platform, capable of securely hosting applications and storing confidential and cryptographic data. It can be found in a SIM provided by a Mobile Network Operator and/or an eSE (embedded Secure Element) built into phone handset by OEMs, the company claims.

The idea is part of the ‘Mercedes me connect’ programme.

Christine Caviglioli, vice president New Mobility Solutions at Gemalto said that digitalisation demands that companies harness their expertise to make friends and influence people with all stakeholders within the connected car ecosystems.

“For Daimler AG, this aim is supported by our solutions, which enable it to offer customers innovative services through their preferred device, without compromising security.”

Gemalto suffers from poor US sales

USmilitaryOUTSecurity outfit  Gemalto expects its revenue for first quarter to be lower by seven percent to nine percent at constant exchange rates compared to the same period of 2016. This is mainly due to lower than expected Payment business revenue in the United States.

The Gemalto Payment business revenue for the full year 2017 is estimated to be around €100 million lower than its initial expectation. This update primarily reflects a double digit decline in its assumption for the payment cards total available market in the United States due to EMV card inventory levels at its customers in the first semester. This situation also leads to a lower contribution from personalization services.

Looking ahead, taking into account the first quarter trend, Gemalto now expects its 2017 profit from operations outlook to be at a similar level to 2016. Gemalto is currently reviewing its action plan to minimize the impact.

The company will provide further details when it publishes its first quarter revenue on April 28, 2017.

Customers will blame companies for data breaches

affiche.Blame.51335Customers believe that outfits who hold their data are responsible for any data breaches and will not see themselves as responsible in anyway.

A new report created by digital security outfit Gemalto said that customers put any responsibility for protecting their personal data firmly at the hands of the organizations holding their data – and not themselves.

Of the 9,000 customers surveyed worldwide, 70 percent of the responsibility for protecting and securing customer data lies with companies and only 30 percent of the responsibility with themselves.

Less than a third of customers believe companies are taking protection of their personal data very seriously. This comes as customers are becoming increasingly fearful of their data being stolen, with 58 percent believing it will happen to them in the future. More than 4.8 billion data records have been exposed since 2013 with identity theft being the leading type of data breach accounting for 64 percent of all data breaches.

Despite becoming more aware of the threats posed to them online, only one in ten believe there are no apps or websites out there that pose the greatest risk to them and consumers are not changing behavior as a result:

• 80 per cent use social media, despite 59 percent believing these networks pose a great risk
• 87 per cent use online or mobile banking, with 34 percent believing they leave them vulnerable to cybercriminals
• Consumers are also more likely to shop online during busy commercial periods such as Black Friday and Christmas (2 percent increase online versus -2 per cent decrease in store), despite 21 percent admitting
the threat of cybercrime increases a lot during these periods

Nearly 60 per cent believe they will be a victim of a breach at some point, and organizations need to be prepared for the loss of business such incidents may cause. Most consumers who currently use the following, say they would stop using a retailer (60 per cent), bank (58 percent) or social media site (56 percent) if it suffered a breach, while 66 per cent say they would be unlikely to do business with an organisation that experienced a breach where their financial and sensitive information was stolen.

The lack of consumer confidence could be due to the lack of strong security measures being implemented by businesses. Within online banking, passwords are still the most common authentication methods – used by 84 per cent for online and 82 per cent for mobile banking, and more advanced transaction security the next highest for both. Solutions like two-factor authentication (43 per cent online and 42 per cent mobile) and data encryption (31 percent online and 27 percent mobile) trail behind.

Similar results can be seen in both the retail space, with only 25 percent of respondents that use online retail accounts claiming two-factor authentication is used on all their apps and websites, and in social media, with only 21 percent using the authentication for all platforms. Only 16 per cent of all respondents admitted to having a complete understanding of what data encryption is and does.

Jason Hart, CTO, Data Protection at Gemalto said that customers have clearly made the decision that they are prepared to take risks when it comes to their security, but should anything go wrong they put the blame with the business.

“The modern-day consumer is all about convenience and they expect businesses to provide this, while also keeping their data safe. With the impending threats of consumers taking legal action against companies, an education process is clearly needed to show consumers the steps they are taking to protect their data. Implementing and educating about advanced protocols like two-factor authentication and encryption solutions, should show consumers that the protection of their personal data is being taken very seriously.”

Security breaches are the kiss of death for companies

wargames-hackerCustomers are walking away from companies who have experienced a data loss due to hacking, according to a new survey.

Data security outfit Gemalto said that more than 64 per cent of consumers surveyed worldwide say they are unlikely to shop or do business again with a company that had experienced a breach where financial information was stolen.

Almost half – 49 per cent – had the same opinion when it came to data breaches where personal information was stolen.

Gemalto surveyed 5,750 consumers in Australia, Brazil, France, Germany, Japan, United Kingdom and United States.

It found that 60 percent of consumers thought that threats to their personal information increases during the festive season, and nearly 20 percent believe that they are likely to be a victim of a breach during the holiday season.

Only a quarter of all respondents feel that companies take the protection and security of customer data very seriously. More than twice as many respondents feel that the responsibility of protecting and securing customer data falls on the company (69 percent) versus the customer (31 percent). Of the employed respondents, only around two fifths (38 percent) feel that their employer takes the protection and security of employee data seriously.

A third of respondents have already been affected by data breach in the past. Around 40 percent were though visiting a fraudulent website (42 percent), phishing attacks (40 percent) or clicking a fraudulent web link (37 percent).

The survey found that customers were getting increasingly impatient with breached companies.

Around a quarter who have been a victim of a data breach, either have, or would, consider taking legal action against the breached company involved in exposing their personal information. Almost half of respondents said they would take or would consider taking legal action against any of the parties involved in exposing their personal information.

British and US spooks stole SIM card keys

james_bond_movie_poster_006Spies from the US and the UK hacked into the internal computer network of the largest manufacturer of SIM cards in the world and stole encryption keys used to protect the privacy of mobile phones.

According to the latest release from the Edward Snowden cache, the hack was perpetrated by a joint unit consisting of operatives from the NSA and its British counterpart Government Communications Headquarters, or GCHQ.

It all happened in 2010 when GCHQ document, gave the surveillance agencies the potential to secretly monitor a large portion of the world’s mobiles, including both voice and data.

Gemalto, a multinational firm incorporated in the Netherlands, makes chips used in mobile phones and next-generation credit cards. Among its clients are AT&T, T-Mobile, Verizon, Sprint and some 450 wireless network providers around the world.

It makes two billion SIM cards a year and with the stolen encryption keys, intelligence agencies could monitor mobile communications without seeking or receiving approval from telecom companies and foreign governments.

British spies mined the private communications of unwitting engineers and other company employees in multiple countries.

Apparently, Gemalto did not notice and still cannot work out how it was done.

According to one secret GCHQ slide, the British intelligence agency penetrated Gemalto’s internal networks, planting malware on several computers, giving GCHQ access.