From the Influencers
This Month’s Key Quotes from Leaders in Cybersecurity
"The use of third parties has risen over the past few years. Not only has it become easier and cost-effective to outsource certain business functions and apps to third parties, newer companies that are 'born in the cloud' often have minimal assets or functions in-house, with the majority of functions and infrastructure outsourced to third parties. With this larger reliance, it is a given that the number of breaches at third parties will increase."
avvad Malik, security advocate at AlienVault, on the news that 59% of companies have experienced a data breach via a third party
"The decision by the State of California to ban simple passwords that are easy to guess was a great first step in tackling the issue of online fraud. However, a secure password alone will not have a dramatic impact on the reduction of the problem. In order to stop fraudsters in their tracks we must go beyond passwords and biometric security to the next stage, Intelligence Driven Authentication (IDA), which will be the panacea for protecting identities and defending against data breaches."
Yogesh Patel, Chief Data Scientist at Callsign, predicts the end of traditional passwords in the wake of California's IoT password law
"Managing the cyber risks associated with the security and welfare of the country’s democracy, economic interests, and services to citizens needs to be a core priority for government. Policy and legislation, technical insights and threat intelligence alone are only parts of driving change inside Critical National Infrastructure (CNI) operators. The comments from the Joint Committee on the National Security Strategy suggest that existing UK government defence and security organisations with cyber remits may not be best placed to drive change within CNI operators."
Matt Walmsley, EMEA Director at Vectra, on the UK governmentJoint Committee on the National Security Strategy's findings that the UK needs to take more action on cybersecurity and appoint a dedicated Cabinet minister
"This latest study from the World Economic Forum is somewhat bittersweet. While it’s a concern that cyberattacks are common and dangerous enough to top business leaders’ list of concerns, it’s undoubtedly a step in the right direction that his is at least being acknowledged. This means however that business leaders can no longer plead ignorance; they need to take appropriate measures to move beyond the traditional models of cybersecurity protection and account access if they hope to keep their businesses and customers safe."
Lisa Baergen, director at NuData Security, on a major study by the World Economic Forum, which found that cybersecurity and cyberattacks pose the biggest threat to North American and European businesses
"One of the most troubling aspects of this breach is that the house has been effectively locked, but the keys left under the doormat. Whilst it’s good to see steps had been put in place to protect the sensitive data, encryption is only effective if its keys are correctly stored. This situation could easily have been avoided by managing and storing the encryption keys securely in hardware either on premise or as a cloud-based service."
Jason Hart, CTO of Data Protection at Gemalto on the Marriott breach, which saw the personal details of 500 million customers exposed over gour years, and which may have included the theft of both encrypted card details and the encryption keys