Interview

Gemalto’s Breach Level Index highlights major risk management issues for India: Rana Gupta

Views: 1.0K

Rana Gupta, GemaltoGemalto offers a comprehensive portfolio of data protection solutions that are aligned along its three step Secure-the-Breach approach. These solutions focus on encryption of sensitive data, secure management of cryptographic keys, and secure authentication of authorized users, says Rana Gupta, Vice-President, APAC, Sales and Services,  Identity and Data Protection business, Gemalto, in conversation with Elets News Network (ENN).

Give us a brief about Gemalto’s breach level index.

The Breach Level Index serves as a global database that tracks data breaches and measures their severity based on multiple dimensions, including the number of records compromised, the type of data, the source of the breach, how the data was used, and whether or not the data was encrypted.

As per Gemalto Breach Level Index study 2017 –

Over the past five years, nearly 10 billion records have been lost, stolen or exposed, with an average of five million records compromised globally every day.

Based on data breach reports collected in the Breach Level Index, the major 2017 highlights for India include:

  • Human error a major risk management and security issue: Accidental loss, consisting of improper disposal of records, misconfigured databases and other unintended security issues, caused 3.7 million records to be exposed.
  • Identity theft is still the number one type of data breach: Identity theft was 77% of all data breach incidents.
  • What a nuisance: The number of records breached in nuisance type attacks which were not seen in 2016 have started to happen in 2017.  Such attacks have compromised 200 million records this year.  The Breach Level Index defines a data breach as a nuisance when the compromised data includes basic information such as name, address and/or phone number. The larger ramification of this type of breach is often unknown, as hackers use this data to orchestrate other attacks.

Data Breaches by Type
Identity theft was the leading type of data breach, accounting for 77% of all incidents in 2017. The second most prevalent type of breach was access to government data (28%). The number of malicious outsiders increased the most for nuisance type of data breaches (488%) which constituted 98% of all compromised data.

Data Breaches by Industry
In 2017, the industries that experienced the largest number of data breach incidents were government (28%), retail (21%), education (17%) and healthcare (7%). In terms of the amount of records lost, stolen or compromised, the most targeted sectors were government (62%) and technology (37%)

Data Breaches by Source
Malicious outsiders were the leading source of data breaches, accounting for 52%% of breaches, however making up 98.8% all compromised data. Malicious insider breaches were 14% of the total number of incidents, however this breach source experienced a dramatic increase (33%) in the number of compromised or stolen records from 2016.

What security solutions does Gemalto provide to check breaches?

Gemalto offers a comprehensive portfolio of data protection solutions that are aligned along its three step Secure-the-Breach approach. These solutions focus on encryption of sensitive data, secure management of cryptographic keys, and secure authentication of authorized users.

However, it is important for businesses to understand and accept that breaches are inevitable and their company could be a target. The most important step for them is to shift their security strategy from ‘breach prevention’ to ‘breach acceptance’ and develop an end-to-end security strategy for the protection of data so that even if the data is lost in a breach, it still is rendered useless for an unauthorized user.

By encrypting the sensitive data, managing the encryption keys in tamper-proof hardware, and implementing strong authentication for usage of those encryption keys, companies can ensure that they can check the breaches by denying the ultimate objective of losing the precious data as the unencrypted data doesn’t leave the organization.

What are enterprises’ concern with securing data in the cloud?

Given the aspects of co-hosting, co-location, administration and backups, it is a usual concern for the enterprises to consider where all the snap-shots and backups of data and instances may reside within the cloud service provider’s infrastructure and how long may they be available without anyone within the enterprise knowing about them. Furthermore, it is a concern that were anything to go wrong within Cloud Service Provide, would it lead to any data breach for the enterprise. Lastly, given the accessibility to compute and data over the internet, can the enterprise’ assets be accessed by unauthorized users.

Gemalto’s comprehensive portfolio of data protection solutions easily adapts to cloud environments as it is designed keeping in mind the hybrid environments that the customer would have. Essentially, it is recommended that customers encrypt their data and compute instances that are deployed over the cloud while keeping control of those encryption keys with them. This shall allow them to ensure that irrespective of where the data is, it is always encrypted and no one without their explicit authorization shall be able to make use of it.

How is adoption of futuristic technologies like Blockchain, Robotics, AI, Machine Learning, etc, helping in security checks of enterprises?

Digital transformation is opening the door to completely new business models. The digital era also brings with it new threats as well as data privacy challenges. When it comes to security, Blockchain along with Artificial Intelligence (AI) are two of the evolving technologies with the greatest potential. With proper security to protect communication, devices and users blockchain can evolve as a trusted platform for enterprises to secure transactions and data. For example in the Fintech industry, where AI and blockchain working together in a seamless ecosystem could offer significant improvements in efficiency and security. Many banking applications store digital identities; here blockchain technology can be used to secure these, while AI can be deployed in identity verification. Another challenge today is to simplify security procedures for enterprise customers and this is where machine learning can be effective. For example, in banking sector  machine learning is deployed very effectively to analyses the profile and behavior of customers in real time and only activates additional authentication measures when required, providing a smooth user experience.

Most Popular

To Top