Government, retail get low cybersecurity marks in survey
Many Americans have lost confidence in the ability of the nation’s largest institutions — government agencies, retail outlets and telecommunications providers — to protect their personal data from compromise, according to a new survey by Unisys Corp.
From the massive 2013 credit card breach at Target to the recent compromise at the federal Office of Personnel Management — perhaps the largest and most significant data breach in the history of government — an increasing number of Americans feel it is likely that the personal data collected and stored by the government and retail outlets will be compromised in the next 12 months.
“Concern about unauthorized access in retail is high, as consumers seem to be less trusting of retailers owing to recent high profile data breaches at several retail chains,” the Unisys Security Insights survey states. “The perceived threat of a data breach in the next 12 months is also relatively high among government agencies, most likely a result of recently reported cyberattacks.”
Although hackers continue to target banks and health care organizations, the perceived threat of data breaches in those sectors is low, possibly reflecting traditional high levels of trust in the security of these organizations, according to Unisys.
“Organizations that hold consumers’ personal data have a major challenge maintaining public confidence that they safely protect private information,” Dave Frymier, vice president and chief information security officer at Unisys, said. “While hackers will always find their way into an organization’s network, enterprises can protect high-value data through basic precautions like patching and sharing threat intelligence as well as using advanced security technologies like micro-segmentation.”
According to Unisys, the traditional mechanisms to protect sensitive personal data against advanced attacks are proving to be insufficient, leading to a significant erosion of trust. To regain the trust of consumers, Unisys recommends government, retail and telecom organizations enlist the following approaches to improve security:
- Converged physical and logical security approach — As logical and physical security measures are converging, leading enterprises across the world should seek ways to solve critical challenges at the point of convergence. Such measures help integrate sensors, consolidate data, provide central or dispersed command and control, use the identity information and support real time as well as offline analytics. Converged security provides seamless monitoring from the door to the desk and to the data.
- Biometrics for superior authentication — A robust security strategy incorporates multifactor authentication methods that provide assurance. The authentication can be provided via various biometric techniques like face recognition, DNA matching, fingerprints, voice recognition and vein structure in hands. Like organizations, mobile devices too allow for advanced authentication techniques to prevent intrusions and information theft. The opportunity for organizations is to grow in tandem with consumer preferences while ensuring highest levels of protection.
- Isolation and compartmentalization for data protection — Protecting sensitive information from unauthorized access is the core objective for any security strategy. This typically involves two key activities of identifying the scope of data protection task, and isolating the people, processes and technologies that interact with the sensitive data. Data isolation is achieved by using access controls and encryption to ensure only authorized systems and users can access sensitive information. In addition, compartmentalization of user groups also results in minimizing the threat.
- Comprehensive security strategy — Maintaining superior security monitoring, awareness and reporting capabilities within a holistic cybersecurity framework helps protect data and networks from internal and external threats. An all-encompassing security strategy would encompass predictive, preventive, detective and retrospective capabilities.