Page 44 - Security Today, November/December 2018
P. 44
ENCRYPTED STORAGE
A SUCCESSFUL DATA SECURITY PLAN Security inside and outside the firewall are vital to storage
By Ruben Lugo
We live in a world where computer hack- ing, data breaches, identity theft, and sto- len records of all sizes have become world-
wide events that can happen at any time. Here are a few recent examples of breaches, the financial impact/conse- quence, and a couple of product solu- tions that can help prevent such unde- sired publicity.
According to the Identity Theft Re- source Center, in the United States alone there have been 864 total breaches expos- ing over 34-million records between Jan. 1 and Aug. 31.1 A Thales Security report shows that nearly 50 percent of retailers have been breached in the past year— and 75 percent breached in total. It also highlights two major points: Breach rates in the last year are up 2.5 times from the results in 2017 and lack of perceived need is the top reason for not implementing data security in U.S. retail at 52 percent. Encryption technologies help to solve new privacy requirements and traditional problems with protecting sensitive data.2
Most notably of these, of course, is Facebook, which had a major data breach in 2015 that went unreported until earlier this year. The company owned up to the fact that Cambridge Analytica had been collecting private information from al- most 87-million Facebook users for politi- cal research. An additional breach, which was discovered in October, was the largest in Facebook’s 14-year history compromis- ing 50-million users.
Also, this year, it was revealed that the entire network of Lord & Taylor and 83 Saks Fifth Avenue locations were com- promised between May 2017 and March 2018, affecting over five million custom-
ers. Making matters worse, approximately 125,000 of these records were released for sale on the Dark Web.
Not to belabor the point, but this last example is a doozy. Under Armour’s nu- trition-logging app MyFitnessPal was tar- geted in what is now considered one of the largest cyberattacks of all time—roughly 150 million app users had sensitive data exposed—such as usernames, email ad- dresses, and hashed passwords.
That’s not all. There is a major financial consequence side to greatly consider as well. Such activity costs companies, educa- tional institutions, governments, organi- zations, and even everyday folks millions upon millions of dollars. The cost of a typical data breach can be as much as $3.6 million for some organizations, with the average number of stolen records exceed- ing 20,000 at a cost of $141 per record (to-
taling just over $2.8 million).
According to Ponemon Institute’s June
2017 Cost of Data Breach study, organiza- tions can significantly reduce their costs by using cyber security data protection.3 By staffing an incident response team, organi- zations can save over $400,000 per breach. The report also finds that the extensive use
of encryption can save organizations an additional $385,000.
In the last few years, there has been a rise in breaches, critical amounts of re- cords exposures, theft, and loss of confi- dential company and personal informa- tion. With global regulations, such as the EU GDPR (General Data Protection Regulation) focused on data security, the reality of fines (GDPR can fine organiza- tions up to €20 million or four percent of their annual global turnover, whichever is greater) due to careless loss of data has driven many organizations to effectively secure their everyday business data. Such data is at the heart of every organiza- tion and maintaining effective protection against data security threats to avoid any legal and financial impact is critical.
A firewall is essential in protecting or- ganizations against data security threats from known, unknown, and not trusted networks. Borrowed from the fire-safety industry’s use of the word for a physical barrier that is intended to limit the spread of a fire, a computer firewall is a virtual barrier that is designed to limit the spread or damage of a cyberattack.
One of the keys to a successful data-
NS10
NOVEMBER/DECEMBER 2018 | NETWORKING SECURITY
Tashatuvango/Shutterstock.com