Search

Brian Pennington

A blog about Cyber Security & Compliance

Month

November 2015

Are British Businesses over confident about the threat of data breaches?

Ilex International have launched their Breach Confidence Index. The Index is a benchmark survey created to monitor the level of confidence that British businesses have when it comes to security breaches. The Index shows high confidence levels

  • 24% of IT decision makers surveyed very confident
  • 59% fairly confident that their business is protected against a data security breach

The Breach Confidence Index raises major concerns for British businesses. Businesses are not currently required to report security breaches and in many cases, may not even know that they have experienced one. The survey found that 49% said their business has not experienced a security breach. In comparison to actual statistics shared at the 2015 Cyber Symposium, there is a major gap between the perception and reality of security breaches among businesses.

According to the survey the most common weaknesses resulting in a Data Breach were
22% MALWARE VULNERABILITIES
21% EMAIL SECURITY
15% EMPLOYEE EDUCATION
12% CLOUD APPLICATIONS
12% INSIDER THREATS
8% ACCESS CONTROL
8% BYOD OR MOBILE ACCESS
6% NON-COMPLIANCE TO CURRENT REGULATIONS

Weaknesses relating to identity and access management considerably increase as organisations expand their workforce. Some of the most common issues highlighted by large businesses include:

  • 44% insider threats
  • 42% employee education
  • 26% access control
  • 24% BYOD or mobile access

All figures in the Ilex International Breach Confidence Index, unless otherwise stated, are from YouGov Plc. Total sample size was 530 IT Decision Makers. Fieldwork was undertaken between 6th – 12th August 2015. The survey was carried out online.

DataMotion_IG4_BriefHistoryofHCDataBreaches_092915

500 European Business Leaders attend the PCI Security Standards Council Community Meeting

This week business leaders and security professionals gathered in Nice, France to discuss payment based security and especially PCI DSS and P2Pe. 

Jeremy King PCI Security Standards Council International Director said, The new European Commission Payment Services Directive 2 along with the European Banking Authority Guidelines for Securing Internet Payments have clear and detailed requirements for organisations in protecting cardholder data. Add to that the soon to be released General Data Protection Regulation which covers all data security, and you have a massive increase in data security, which when implemented will impact all organisations in Europe and beyond, 

These regulations will force organisations to take security seriously, and PCI provides the most complete set of data security standards available globally. Establishing good data security takes time and effort. Organisations need to know these regulations are coming and put a plan in place now for ongoing security

With 70% of all card fraud coming from Card-Not-Present (CNP), a figure that surpasses the previous 2008 record which was set during the EMV chip migration, it is a critical time for the industry. 

A significant amount of the conference was spent on new and developing technologies including::

  • Cloud – Daniel Fritsche of Coalfire presented on Virtualisation and the Cloud
  • Mobile – several presentations including the Smart Payments Association
  • Point to Point Encryption (P2PE) – Andrew Barratt of Coalfire delivered a panel discussion
  • Tokenisation – A presentation by Lufthansa Systems 

Jeremy King added. PCI is committed to helping organisations globally improve their data security. Our range of standards, and especially our supporting documents, are designed to help all companies improve and protect their data security. The annual Community Meeting is a big part of our efforts to engage with companies from all sectors, sharing and exchanging information to ensure they have the very best level of security 

We must work together to tackle card-not-present fraud with technologies such as point-to-point encryption and tokenisation that devalue data and make it useless if stolen by criminals.

Attendees included experts from Accor Hotels, , British Telecommunications, Capita, Coalfire Systems Limited, Accor Hotels, Lufthansa, Virgin Trains, Vodat International and hundreds of others.

Create a free website or blog at WordPress.com.

Up ↑

%d bloggers like this: