Trending Now

Virginia and Baltimore Companies Unite to Solve Shipping…

New Articles

Sensitive Data Exposure – What Does It Mean For Your Business And How To Avoid It

sensitive
Global Trade Daily, Technology

Sensitive Data Exposure – What Does It Mean For Your Business And How To Avoid It

Leave a comment

In the modern global data ecosystem, businesses collect and hold a lot of sensitive consumer data. Company databases store sensitive information such as credit card numbers, passwords, house addresses, phone numbers, social security numbers, and email addresses. Although this data is an asset for most companies, it becomes a risk in case of a data breach.

Sensitive data needs to be protected against all unauthorized access to prevent exposure to potential hackers and fraudulent activities. When unauthorized individuals access consumer data, it can be quite costly. Statistics show that the cost of a data breach in 2022 stood at $4.24 million per breach. It also compromises privacy and can lead to stolen identities and fraud. Therefore, if this happens to your business, the consequences could be severe enough to affect your operations.

In this article we’ll explain how does sensitive data exposure happen and how to avoid it?

What is sensitive data exposure?

Sensitive data exposure occurs when unauthorized people access personal information or company data. It usually happens when a company accidentally exposes sensitive information due to inefficient security measures, poor encryption, misconfigurations, and inappropriate data systems. 

Data exposure leads to unlawful destruction, alteration, and loss of sensitive data. Here are some of the attacks that expose sensitive data.

  • SQL injection attacks — they occur when an attacker introduces malicious queries into your system to extract sensitive user information with a simple command.
  • Insider attacks — they happen when a current or former employee with authorized access breaks into your system to steal data.
  • Phishing — designed to mislead users to get them to offer sensitive information via text messages or emails.

How does data exposure happen?

Most organizations have invested heavily in complex IT systems to boost their data security. Despite that, sensitive data is still vulnerable to exposure either through employee errors or poor data control systems. To effectively protect your data, you need to know the different methods of data exposure.  

Data in transit

Data is always traversing through networks, servers, or people. For instance, when you send an email, the information moves from on-premise to the cloud. As data is being exchanged between application programming interfaces (APIs) and servers, it’s at risk of interception. 

Cybercriminals exploit any security flaws between two applications or servers to get the data. Sensitive data is exposed during transit due to a lack of encryption, poor data control policies, or when employees use insecure connections. 

Data at rest

As of 2022, 60% of all corporate data was stored in the cloud. While this helps companies with data management, they face dangerous cloud data risks. In an average company, 157,000 sensitive records are at risk of being exposed through various channels, representing $28 million in data-breach risk.

The security of stored data depends on the protocols in place to protect it. The information is prone to SQL injections and other attacks when there’s no proper encryption on company files and databases. Additionally, sensitive data at rest can be exposed if there are misconfiguration errors, such as having private information available on the internet for anyone to access. 

How to avoid sensitive data exposure

Exposure of sensitive data can be prevented by taking the right steps to mitigate the risk and quickly detect potential breaches. Here are some of the steps you should take.

Classify your data

To avoid sensitive data exposure in your business, you first need to know where all your sensitive data is. For instance, you should know which files and databases contain customer information and which ones hold important passwords. This way, you can devise better ways to secure the data.

In order to avoid sensitive data exposure, create an automated classification system that gives a clear picture of the location, owners, type of security, and governance measures your business has.

Improve your access control

Some data attacks happen due to poor sensitive data visibility. For example, you’ll find that some businesses don’t know which files or databases contain sensitive information, and where the data — like passwords, and customer information like Social Security numbers — is stored. When your business has poor visibility and classification, you can’t track and secure all the data.

One of the ways to boost your data security is by improving and automating your data access service. This determines who can access files and the networks in your business and for how long. Develop an automated access management policy that determines the privilege of every user that does not rely on manual granting and accessing of sensitive data. With proper access controls, only the intended individuals can view and alter sensitive data.

Regular testing

Attackers use different vulnerabilities to gain access to sensitive data. For instance, if your system is not properly encrypted, it becomes easier to penetrate and get this information. However, with regular penetration testing, you can detect weaknesses and strengthen security measures.

Penetration testing simulates how real-world attackers use your vulnerabilities to gain access to your data. Conducting these tests regularly provides insights into your defenses. You can hire a data expert to launch these penetration tests if you process sensitive information on a larger scale. Once you have the results, you can add extra layers of security to protect your business from potential data breaches.   

Summary

Businesses must keep sensitive data unexposed. While sensitive data is at risk when in transit or at rest, you can protect your business by ensuring that you conduct regular testing, classify the data, and improve your access control measures. Additionally, you can safeguard data by using tokenization which protects social security numbers, credit cards and other well-defined databases.

It’s important to pay attention to your data, especially due to the emergence of for-profit attackers who are looking to re-sell sensitive information or hold businesses for ransom. 

Author’s bio

Ben is an experienced tech leader and book author with a background in endpoint security, analytics, and application & data security. Ben filled roles such as the CTO of Cynet, and Director of Threat Research at Imperva. Ben is the Chief Scientist for Satori, the DataSecOps platform, as well as VP of Marketing.

 

cybercrime cyber
Global Trade Daily, Technology

First-Generation American Finds His Niche In Cybersecurity

Leave a comment

Three years ago Cybercrime Magazine reported that Cybersecurity Ventures expected cybercrime costs to grow by 15 percent annually, reaching US$10.5 trillion globally by 2025.Already, the cost of cybercrime had risen from $3 trillion in 2015 to a projected $6 trillion in 2021.

If measured as a country, cybercrime would be the world’s third largest economy after the U.S. and China.

Theft from cybercrime represents the greatest transfer of economic wealth in world history. Profits from cybercrime are greater than the global trade of all major illegal drugs combined.

Data breaches, often connected to cybercrime but sometimes just the result of incompetence or hacker curiosity, have become everyday events in the cyber century. In just the first three months of 2023, major data breaches were reported by Yum Brands (KFC, Taco Bell, Pizza Hut), Chick Fil-A, Activision, Google Fi, T-Mobile, Mail Chimp, Norton LifeLock, and even ChatGPT.

One of the largest data breaches occurred in 2018, affecting 2 billion Facebook (now Meta) users; the company was also breached in 2021, affecting “only” half a billion users.

Yahoo, Amazon, Twitter, Microsoft, Uber, AOL, Dropbox, eBay, and many other 21st Century giants have also suffered the indignities caused by hackers.

There are three leading reasons why company data can get hacked – One is old vulnerabilities – hackers who breach once leave a secret window to enable repeat attacks; human error by employees ranging from weak passwords to clicking on malicious links and visiting phishing sites; and the third is malicious software used by hackers – viruses, ransomware, Trojans, spyware, adware, and other traps that enable would-be criminals to steal confidential information.

Cybersecurity expert Melvin Ejiogu says he founded VeeMost Technologies in 2002 after realizing that most of the key players in the industry at that time focused more on billing their customers and responding to current attacks than on building and managing a secure cyber environment to protect those customers over the long term.

Ejiogu said he was motivated – despite a lack of capital at the time – to provide a variety of services to ensure the security of customer data rather than rely on gimmicks. His focus was on long-term maintenance protection rather than quick fixes over and over again. But, he admits, though he was a technology expert and had the financial background, he did not understand how to grow what is today a great company.

To learn those ingredients, Ejiogu, whose college days were at the University of Akron in Ohio, first partnered with companies in Cleveland Ohio to provide networking and security services for state and local government accounts and private enterprise accounts.

But Ejiogu wanted more than just a successful small company, so he relocated to New Jersey to begin a 10-year partnership with AT&T Labs.

There, he designed, implemented, and secured network infrastructures and solutions for much larger government entities and enterprise customers. His experience, along with his teammates, was critical to landing and executing a multibillion-dollar contract with the Department of Defense.

And then, Melvin muses, he began to learn “…how the big boys do business.”

The “big boys” were not afraid to invest in people, processes, and tools – the keys to growing a business that already provides high-quality services. Ejiogu decided to leave AT&T and take VeeMost “off autopilot.”

To do that, Ejiogu opted to go public. “Free advertising,” Ejiogu says. “Shareholders become your first-line customers and your first sales force.”

VeeMost, which has specialized in architecting, deploying, and managing secure digital solutions and platforms to accelerate and enhance business efficiencies for increased profitability, also expanded into India and West Africa, looking to gain some market share there as well.

It launched its own cloud services and solutions and today provides full life-cycle management for companies’ digital transformation journey to the cloud – from initial consultation and assessment to full migration and cloud management. They launched a tool called VeeShield Cloud Security, which is a suite of cloud-delivered products to protect customers from malicious content, malware, and other attacks.

At about the same time, VeeMost launched an innovation Hub Center that focuses on researching and developing new solutions to enhance its partner companies’ products and services. Those partnerships are strategic alliances with Palo Alto Networks, Cisco Systems, Splunk, and most of the other industry-leading security vendors.

While VeeMost has recently become an attractive target for acquisition, Ejiogu remains far more interested in increasing value for his shareholders through business expansion and multiple acquisitions.

Maybe it’s the thought that others might not operate the businesses he has grown according to the same moral code – or maybe it’s just because he’s not done growing.

integrate
Archives, Education, Global Trade Daily

5 Commercial Building Security Trends You Must Adopt

Leave a comment

FBI statistics show that 60% of burglaries occur outside of working hours. This is when staff are typically less equipped to respond quickly, or even notice the incident.

By implementing modern cloud-based solutions in your commercial buildings, you can ensure your property managers and security staff can receive real-time data and monitor your building’s security while off-site. 

Keep reading for the top commercial building security trends and how to implement and integrate these technologies for maximum efficiency.

Converging Physical And Cyber Security

Physical and cyber security are no longer distinct concepts. The increased adoption of cloud-based security technologies makes protecting security systems from cyber interception essential.

Cloud-based access control and security technologies are becoming increasingly popular. They allow security staff, system administrators, and property managers to remotely operate security features using a mobile application or cloud-based control center. Since property managers and those responsible for building security have many other tasks to oversee, traveling to a location and manually opening doors for visitors and occupants can be frustrating and time-consuming. Using remote access control, property managers can lock and unlock doors in their building while on the go or performing other duties.

However, the convenience of a cloud-based security system does come with the drawback of being exposed to cyber threats. If an unauthorized party intercepts your system, they will be able to remotely operate your security system, which could lead to a security incident. To prevent this from happening, it’s ideal to combine physical and cyber security by using cybersecurity software to protect your security system. This will strengthen your security system and ensure there are no vulnerabilities.

Integrating Technologies

Physical access control is an excellent base for building integrations and ensuring a seamless and user-friendly security system. You might consider integrating the following tools with your access control system:

  • Video intercom systems – when integrated with access control, video intercom systems provide a more straightforward method for your security personnel to verify the identity of visitors and occupants before granting access.
  • Visitor management – visitor management software allows visitors to log their details into a registration form. Administrators will have more accurate visitor logs, and this technology can eliminate the need to assign a receptionist to your doors.

If you integrate these technologies on one platform, your property managers, system administrators, and security staff will have an easier time accessing security information. With all information available on one user-friendly interface, your team will be able to view real-time data and operate security installations with ease.

Automating Building Management Triggers

You can integrate physical access control with building management triggers to help you reduce your monthly overheads and provide a more eco-conscious building for your tenant. When a room is unoccupied, your system will turn off electricity, devices, and heating to ensure there is no energy waste in your building. When an individual enters a room in your building, the space will come to life, and the amenities will be switched on. This is a money and energy-saving technology solution for your commercial building.

Integrating Video Cameras With Access Control

One of the vulnerabilities of any access control system is the potential misappropriation of access credentials. By integrating your office security system with access control, you can remotely view access logs and video feeds on one interface, allowing you to verify the user’s identity quickly. Without integrating these technologies, your admin or security staff would have to correlate data from two different sources, which can be tricky and lengthy.

Touchless And Hygiene-Based Technology

Access control is just one example of a touchless technology that reduces the number of touchpoints your employees must come into contact with daily. By using touchless technologies in your retail store, you are prioritizing your customer and staff’s safety. 

In addition to using touchless technologies, you can use antimicrobial materials for the surfaces in your building. Using antimicrobial materials ensures that the handrails, door handles, and surfaces your tenants must touch daily are free from germs. 

Putting health and safety at the forefront will show your tenants that you care for their well-being and will help to create a positive impression of your business. Thus, you will be more likely to retain tenants.

Summary

When it comes to commercial building security, you need solutions that will help your property managers, security staff, and administrators to maximize their productivity. Tenants will be impressed with the convenience of a modern and sophisticated security system, and you will be more likely to retain tenants with an integrated and user-friendly system.

automotive cybersecurity
Archives, Global Trade Daily, News

Automotive Cybersecurity Market to Cross USD 837 Mn by 2024

Leave a comment

The automotive cybersecurity market is set to grow from its current market value of more than $187 Mn to over $837 Mn by 2024, as reported in the latest study by Global Market Insights, Inc.

In an era where connected cars are deemed to mark the future of mobility, the market is indeed set to occupy a pivotal stance in smart and sustainable tech space. The cyber threats or security breaches in connected cars enable external access to the vehicle’s network and not just compromise the driver’s data privacy but can also pose serious threats to the driver’s physical safety and car’s operation. With data security breaches becoming intensely sophisticated, the automotive cybersecurity industry has turned out to be an inevitable investment spot that would aid the automotive sector’s continued roadmap toward connectivity without risk.

Speaking of competitive trends, strategic collaborations and partnerships have emerged as two of the top-notch measures adopted by the automotive cybersecurity market giants. One of the recent trends in this regard has been the JVs established between the automotive companies and technology conglomerates, in a bid to understand and resolve the security complexities in modern or connected vehicles.

The compulsion of connected services in vehicles for offering features like improved comfort, convenience, road safety and assisted parking will greatly benefit the automotive cybersecurity market, which apportioned revenues of over USD 187 million in 2017. With the mounting probability of a vehicle being hacked, a number of IT companies are partnering with automakers to develop security features and enhance vehicle safety measures. The  industry caters to every type of vehicle, from average passenger and luxury cars to heavy-duty trucks. Estimates suggest that close to 70 million connected vehicles will be running on the roads by 2020, a significant surge in comparison with the 2016 figure of 28 million. These statistics represent the vast amount of electronic control units (ECUs) that would be required in order to enhance the vehicles, instigating the market.

The network security dominates the automotive cybersecurity market and is projected to generate a market revenue of USD 236.4 million over the forecast timescale. The in-vehicle networks carry a variety of personal and operational identifiable information such as microphone recording, location, and call and navigation history, due to which protecting the data and messages over the network bus is important for privacy and operational security. Moreover, network protocols, such as Local Interconnect Network (LIN), Controller Area Network (CAN), automotive Ethernet, FlexRay, Wi-Fi, 5G network, Bluetooth, and Dedicated Short-Range Communication (DSRC), also aggravate cybersecurity threats. Therefore, it is important to adopt improved security techniques by interacting with security-enhanced network protocols to provide authenticity, integrity, and reliability of transmitted data.

One of the recent instances that validates the growing stance of collaborations & JVs as prominent growth tactics has been the partnership between SafeRide, one of the formidable automotive cybersecurity market players and Netherland based digital platform security giant, Irdeto. Under the terms of the recently inked partnership, SafeRide in collaboration with Irdeto is claimed to provide the OEMs and tier -1 automotive suppliers with a holistic cybersecurity solution for autonomous and connected vehicles.  Allegedly, SafeRide’s flagship vSentry solution would be integrated with Irdeto’s famous Connected Transport solution, Cloakware, to offer a multi-layered approach in protecting the platforms against tampering, automated attacks, and reverse engineering.

Europe’s automotive cybersecurity market is witnessing a fast growth rate and is projected to reach USD 224 million by 2024. Germany dominates the European automotive cybersecurity industry as it is the home to some of the leading automobile manufacturers including Ford, Volkswagen, BMZ, Audi, Mercedes-Benz, Opel, and Porsche. These companies are working with various software cybersecurity providers to increase the security offering aimed at maintaining passenger safety while traveling. For instance, in 2016, Volkswagen collaborated with three Israeli cybersecurity experts to establish an automotive cybersecurity company aimed at making vehicles and their ecosystem highly secured against cyber-attacks.

The companies functioning in the automotive cybersecurity market are investing in research and development strategies aimed at bringing about innovations in the automotive cybersecurity solutions. Some of the major vendors operating in the automotive cybersecurity industry are Audi, BMW, Ford, Honda, Nissan, General Motors, Volvo Car Group, Volkswagen, BT Security, Cisco Systems, Lear Corporation, Symantec Corporation, Argus Cyber Security Ltd., Intel Security, Arilou Technologies Ltd., Continental AG, and Karamba Security.

Source: https://www.gminsights.com/industry-analysis/automotive-cybersecurity-market