The first ever NCSC report reaffirms the importance of data protection at the heart of security.
The National Cyber Security Centre (NCSC) has now been operating for a year in the UK and has released some of its findings, including that in 2017, 53% of all fraud in the UK took place online. This equates to 1.9 million offenses, making British people twenty times more likely to experience fraud in front of their computers than held up in the street.
To compound the issue, the report has also shown that there are now more devices connected to the internet than there a people in the world. That certainly gives us some perspective on the vastness of the security problem!
Of course, fraud tends to be mitigated by the traditional routes of security technology and systems that aim to keep fraudsters’ prying eyes away from our information. Clearly, these security systems, while necessary, aren’t sufficient on their own in controlling the problem or keeping peoples’ information secure and out of reach from threat actors. And indeed, the NCSC agrees, citing that there is no completely secure system in the world and that threats and cyber attacks of various natures are barraging the UK every day.
There is now doubt that the NCSC is doing much needed work in coordinating cross-government and industry response to the most sever attacks – some thirty occasions in its first year out of over one thousand cyber incidents received in its first year. This is a great addition to the security systems in place to help keep the nation safer.
But in order to truly protect people from fraud and keep important data safe, organizations can help bolster their security defenses by using encryption and tokenization to move away from trying to secure big complex systems – with many routes “in”- to concentrate on the data itself.
If you think of security as being spherical, organizations can either attempt to wrap it around the entire system to protect it or they can wrap each individual piece of sensitive data in a tight bubble by encrypting it – which makes it a much more daunting prospect for hackers to obtain what they want.
With the General Data Protection Regulation coming out in May 2018, EU citizens are afforded more control over their data and privacy and organizations that are found not to be taking this seriously or involved in cases of fraud could find themselves in a precarious situation. The simplest way to avoid any penalties is to prepare now by ensuring the right security and procedures are in place and, in doing so, look for solutions that help protect the data itself.