With consumers required to divulge personal details to access many apps, ensuring the safety of data has become a collective responsibility. NEIL COSSER, Identity and Data Protection Manager for Africa at Gemalto, believes encryption is key to safeguarding data.
As technology continues to shift and shape how we connect with each other and brands, personal data has become a highly valuable and lucrative commodity. With consumers required to divulge personal details to access most of the plethora of apps available, ensuring the safety of data has become a collective responsibility: shared between service providers, app developers and the individual themselves. What does this mean for mobile providers, banks, government and brands, especially as South Africa starts grappling with the Protection of Personal Information (PoPI)? And what does it mean for consumers and corporates doing business across our shores, many of whom are still blissfully unaware of the risks involved?
Driven by relentless news of security breaches and data loss, many governments around the world are considering introducing or are in the process of introducing legislation that will help protect the personal data of their citizens. For example, the European Union has adopted the General Data Protection Regulation (GDPR) in April 2016. There are obvious signs that significant risks lie ahead if companies do nothing to change how they protect data because the new regulation will have major implications for all the ways in which data is collected, stored, accessed and secured. Locally, certain sections of the Protection of Personal Information Act (PoPIA) have already commenced (under proclamation No. R. 25, 2014).
But what does compliance mean for local businesses?
Given the proliferation of technology and what it has come to mean for companies, it is now an imperative for businesses to deploy suitable mechanisms to process personal information of employees, customers or other business stakeholders. This is done with the view to implement organisation-wide privacy initiatives in order to comply with the conditions of the Act. Compliance will have an impact on the processes, technology and manner in which stakeholders – particularly within the employer and employees parameters – handle and process personal information.
According to renowned provider of legal solutions, Michalsons, GDPR’s grace period has been earmarked to end on 24 May 2018 – thus making it legally enforceable from that period onwards. Locally, we can expect PoPI’s grace period to end soon after the GDPR’s. Organisations that have to comply with both the PoPI Act and the GDPR might focus on complying with the GDPR first and then POPI second. Taking this approach could offer prudent lessons for businesses through the compliance of GDPR that can be applied to PoPI.
The writing on the wall
The release of Gemalto’s 2016 Breach Level Index (BLI) report has offered an intriguing backdrop to the issue of data management (particularly where data protection is concerned) in the local context. A key takeout from the 2016 report highlighted that that we cannot argue that we have a growing data security crisis evidenced by the almost 1.4 billion records being compromised during 2016. The sad truth is that this number is actually higher, because most breaches go unreported worldwide. This is particularly worrying given the impact that a data breach can have on an organisation’s reputation and ultimately revenue.
The Ponemon 2016 Cost of Data Breach Study indicates that the average cost of a data breach to a businesses now stands at $4 million (average cost per record $158), with reputation and the loss of customer loyalty most heavily impacting the bottom line. In fact, our research revealed that two thirds (66%) would be unlikely to do business with organizations responsible for exposing financial and sensitive information.
It’s all about action
The debate surrounding data protection vs. impact on reputation and revenue is not a new one but it seems that many executives agree that the issue is of data security is still taken for granted by those businesses with a big user base. This was the sentiment shared by the panelists who formed part of our Gemalto BLI roundtable event hosted on 28 March 2017 in Johannesburg.
Justin Williams, Executive: Group Information Security at MTN reiterated that consumer data is a prized commodity and it cannot and should not be taken for granted. “There is a concerning lack of regulation in Africa. Beyond the strict requirements of the regulations, what companies really need is to shift to a new data security mindset,” he explained. He added that now is the right time for businesses to start taking steps now to prepare for implementation of the new rules.
Williams’ advice begs the question, what should organisations do to limit their risk of breaches and ensuring that consumer data is protected against all odds. The answer to this is simple; securing a breach is the first point of call. Organisations should consider three factors when building a comprehensive data protection strategy. Firstly, we need to analyse where data being stored – is it in a database, file servers, virtual environments or the cloud? Secondly, how and where are encryption keys being secured? Finally, who’s accessing the data and more importantly, how is this access being controlled?
Once these three factors have been understood, this can then be converted into a three-step approach to data protection which includes encrypting all sensitive data, storing and managing encryption keys and lastly, controlling access.
Fail to prepare, prepare to fail
Today’s security strategies are dominated by a singular focus on breach prevention that includes firewalls, antivirus, threat detection and monitoring. But, if history has taught us anything, it is that walls are eventually breached and made obsolete.
The next and last layers of defense need to be around both the data and the individuals that access the data by surrounding them with end-to-end encryption, authentication and access controls that provide the additional measures necessary to protect customer data.
Security professionals will always need to consider the need to perform specific risk analysis in order to implement the organisational and technical measures that are needed to prevent, detect, and block data breaches. Data encryption solutions provide an essential basis for achieving reliable data unintelligibility. When encryption is combined with other measures, such as secure key management and access controls, these mechanisms provide a robust foundation for achieving compliance with applicable EU data protection laws.
The reality is that our world is quickly becoming an Internet of Things where every person, place, thing and organisation is connected to each other through the Internet. The proliferation of the cloud, digital content, mobile device usage, online banking, e-commerce, and social media means that we are creating, accessing and storing data and conducting transactions in more places than ever before. We simply have more to manage and more places of exposure.
For Joe Pindar, Research & Development Director: Identity & Data Protection at Gemalto, transparency is the best paved road to ensuring consumer trust. Security should be a key consideration for all businesses going forward. Telling customers about the security measures your organisation has put in place to protect their data can go a long way in cementing customer loyalty. “If you are doing something better than the rest of the industry, like encrypting data end-to-end, then you might be seen as a trusted innovator.”
As we look towards the future of data management and in order to be ready for upcoming legislative changes, companies need to start taking steps now and change their security mindset about protecting customer data. The signs for taking action are obvious. It’s clear that being breached is not a question of “if” but “when. Companies should move away from the traditional strategy of focusing on breach prevention, and move towards a ‘secure breach’ approach. This means accepting that breaches happen and using best practice data protection to guarantee that data is effectively useless when it falls into unauthorised hands. Traditional approaches to data security do not work anymore, and if companies don’t wake up to this new reality soon, the consumer revolt will come.
Huawei Mate 20 Pro matches camera benchmark record
A benchmark by DxOMark sees the triple-cam handset tie with the P20 Pro for best smartphone camera on the market.
The Huawei Mate 20 Pro has come out top in a camera benchmark test that assesses all aspects of smartphone camera performance.
DxOMark, which conducts rigorous hardware testing and is trusted as an industry standard for image quality measurements, has just released the results of its in-depth analysis of the Huawei Mate 20 Pro smartphone camera.
The Huawei Mate 20 Pro is the Chinese manufacturer’s latest top-end device. Building on the P20 Pro’s camera technology, the Mate 20 Pro comes with a Leica-branded triple-camera setup, but swaps its stable-mate’s monochrome camera for a super-wide-angle module, offering a 35mm-equivalent focal length range from 16 to 80mm—the widest of all current smartphone cameras.
The handset is in direct competition with the Apple iPhone XS Max, the Google Pixel 3 XL, the Samsung Galaxy Note 9, among other. How does it fare?
“With a total photo score of 114, the Huawei Mate 20 Pro ties the record-setting score of its cousin, the P20 Pro,” says DxOMark. “The overall Photo score is calculated from sub-scores in tests that examine different aspects of its performance under different lighting conditions.”
The Huawei Mate 20 Pro achieves a photo score of 114 points. In stills mode, the Mate 20 Pro’s triple camera captures images with good target exposure and a wide dynamic range, recording both good highlight and shadow detail even in difficult high-contrast situations. Noise levels are well under control down to low light levels, and the camera’s white balance system and colour rendering settings produce a pleasant colour response in almost all circumstances.
At 97 points, the Mate 20 Pro is very close to the best for video as well, thanks to a fast and smooth autofocus system with good tracking performance, accurate white balance as well as pleasant colour rendering, and low levels of noise, especially in bright shooting conditions. Our testers also liked the exposure system’s ability to adapt quickly and smoothly to changes in illumination.
It was not all good news. DxOMark also had some criticism for the device.
Click here to read about the drawbacks of the Mate 20 Pro camera, and other positives.
SA car wins
The final stage of Dakar 2019 drew to a close at the bivouac in Pisco, Peru, and saw Toyota Gazoo Racing South Africa’s Nasser Al Attiyah and Mathieu Baumel bring home their South African-built Toyota Hilux for
The Qatari driver ensured his French navigator, who turned 43 years old on Thursday, 17 January, received a great birthday present, when the pair arrived at the final time control of Dakar 2019 with teammates Giniel de Villiers and Dirk von Zitzewitz in close formation. The two Toyota Hilux crews completed the entire stage together, as De Villiers / Von Zitzewitz waited nearly 55 minutes for the leaders to start the stage, in order to shadow them to the finish.
The emotions bubbled over for Team Principal Glyn Hall, who found himself without words as his two crews drove into the media area after the time control. “This victory was long overdue,” he finally managed, before being swamped in a sea of well-wishers.
The winning driver, however, was much more vocal: “We are so happy to win the Dakar – not only for ourselves, but also for Toyota and the entire Toyota Gazoo Racing SA team. Everyone has worked so hard for so long, and really deserve this. Thank you for letting us drive this car.”
Toyota Gazoo Racing SA led Dakar 2019 from the first to the last stage, with Al Attiyah/Baumel drawing first blood, before handing the mantle to De Villiers / Von Zitzewitz during stage 2. But then a disastrous Stage 3 saw the Qatari retake the lead – a lead he didn’t relinquish despite some of the toughest stages yet seen on any South-American Dakar.
“When we first heard that the rally was going to take place only in one country, we were skeptical,” said Hall after regaining composure. “But the organisers made sure that this year’s race will long be remembered as one of the toughest tests in the last decade.”
Al Attiyah / Baumel’s victory at Dakar 2019 means that Toyota Gazoo Racing has now won both of the world’s toughest automotive races – the 24 Hours of Le Mans, and the DakarRally.
Click here to read Glyn Hall’s comment on winning the Dakar Rally, as well as the rankings.