Any business that stores, transmits, or processes payment card data has a responsibility to ensure...
What Do WalMart and Airbus Have in Common? Cybersecurity
A group of prominent investors aims to improve cybersecurity by building companies around new technologies for protecting data.
Team8, a venture capital firm and cybersecurity startup builder, has raised $85 million from a coalition of corporate partners to develop eight security companies over the next five years. The investors include Walmart, Scotiabank, SoftBank, Moody’s, Airbus, Munich Re, and Dimension Data.
This signals a continued shift toward major corporations placing a greater emphasis on cybersecurity. One of the reasons for this is the added responsibilities for data privacy that organizations have under the European Union's new General Data Protection Regulation.
Major breaches are announced regularly—for example, the recent news that as many as 500 million guests who stayed at Marriott Starwood hotels may have had their information compromised.
The costs of breaches continue to escalate, now averaging $3.62 million per incident, according to a 2017 Data Breach Study by Ponemon.
In announcing the new fund, Team8 stated, “The synergy and insight from leaders in retail, aerospace, insurance, financial services and technology combined with our unrivaled attacker perspective and data expertise at Team8 will enable companies to adopt new data-driven methods of working, ensuring they can retain their competitive advantage and thrive, in spite of cyber threats.”
Team8 may be a company to watch for advances in cybersecurity, but you can protect your data now by applying some of these best practices.
1) Require multi-factor authentication
Multi-factor authentication requires a user to provide more than one form of evidence that they are the intended user before they are granted access to data. This involves asking for verification only the user would be able to provide, such as:
-
Something you know. This utilizes knowledge of something such as a password, PIN, or phrase.
-
Something you have. This may involve an RSA token device, smart card, key fob, or cellular device with mobile authentication.
-
Something you are. This involves biometric measures, such as a fingerprint or retina scan, facial or voice recognition, or other unique physical identification.
2) Encrypt data in flight
End-to-end encryption prevents data from being accessed while it is transmitted. Data is translated into another form so that if an unauthorized user intercepts or steals it, they cannot read it without a decryption key or password. So, even if cybercriminals were to penetrate your organization’s defenses, they would not be able to use confidential data because they would lack the means to decipher the information.
3) Encrypt data at rest
Encryption of data that is stored on a device, as opposed to in flight between destinations, provides similar protection. Organizations often can improve their cybersecurity by enabling such protection for data stored in the cloud. In studying cloud security controls, RedLock’s Cloud Infrastructure Security team found that 82 percent of databases in the public cloud are not encrypted and that misconfiguration has allowed exposure of at least one public cloud service in 40 percent of organizations. Such improperly configured cloud environments have contributed to large data breaches.
4) Centralize key management
Controlling encryption keys is crucial for ensuring that information is not compromised. IT configuration files and access keys are similarly important, as is the need to control personally identifiable information (PII) that HR keeps on employees.
5) Adopt blockchain
When feasible, blockchain can be great for log management. Creating a decentralized database through a blockchain that distributes a copy of a ledger of transactional data among computers in a peer-to-peer network can help you prevent a single point of failure. Lucas Mearian of Computerworld recently reported that companies are increasingly deploying blockchain ledgers for business automation and transaction efficiency. Thousands of respondents to surveys are running blockchain projects, and as many as one in three already have it in production.
So, as Team8 and its heavyweight counterparts find new ways to improve cybersecurity, you can maintain compliance and grow your business by implementing some of these best practices for securing your data and protecting against breaches.