Here are the encryption stories that intrigue us at the moment. We look for the most relevant pieces about encryption and give you a summary of the week’s security events. Stick with us - you might learn something.
In this edition, we uncover the surprising common denominator in last year’s biggest security breaches, establish how to move to cloud safely, and review the missing pins that lead to Wendy’s POS mis-adventure. Keep abreast of industry developments as we pull crucial news off the back shelf and shine coverage on the constantly evolving landscape that is encryption and machine identity protection.
Could you put a dollar amount on the cost of your average “mega breach”?
If you guessed $350 million dollars, you’d be a good guesser. If you guessed $350 million dollars, a generation of public reputation, hard-won consumer trust and nail-biting PR control, you’d be a very good guesser.
2018 saw mega-corps like Google+, Facebook and British Airways take a plunge into the spiraling world of uber-leaks, and the missing parts are just starting to surface for the autopsy. So what was the answer? Human error.
“A recent study revealed that 47% of business leaders blamed human error for their company’s most recent data breach.”
Insufficient automation played an incriminating role, as many errors stem from manual processes that can be mechanized by proper machine identity protection solutions. Read the full article.
If your data is in the cloud, what happens if it rains? Rashi Mittal at SAP recommends a hefty encryption game-plan for any cloud-type migration. Her strategy:
- Gain visibility of data being moved to the cloud
- Decide if you plan to encrypt all data, or sensitive-only data
- Make an encryption plan
- Have a key management strategy
Citing the eminent risk of corporate data breaches, she singles out encryption as “your last line of defense.”Read the full article.
What’s worse than stale fries? How about a $50 million dollar settlement over a three-year-old breach, washed down with a $3.4 million dollar class-action lawsuit.
So, where’s the beef?
With one of Wendy’s’ POS systems, apparently. It was hacked in 2015 and then again in 2016. Both times Wendy’s failed to notify the public.
The public responded by suing the corporation for not properly securing its systems, and the franchise recently reached the non-value menu price of $50 million in settlement charges. Wendy’s implicated “compromised third-party vendor credentials” as the likely culprit. The POS vendor remained unnamed.
Despite added layers of regulation, adding encryption to POS systems may be crucial in mitigating effects. Bob Carr, CEO of Heartland Payment Systems, a formerly-breached POS provider, asserts “without tokenization and end-to-end encryption, payment data will still be vulnerable to attack and compromise.” Read the full article.