Criminals are getting aggressive when using mobile apps to compromise consumer accounts, and that's causing headaches for execs who bear responsibility for data security.
More than half of data security executives told researchers they're worried about mobile payments crime such as account takeover and using credentials to create fraudulent accounts. The 2019 Thales Global Threat report also found about half of data executives are worried about personally identifiable information or payment card info.
Card information and personal data have always worried data security executives, but in the digital age these threats have expanded and are joined by other forms of digitally-focused crime.
On behalf of San Jose, Calif.-based Thales, research firm IDC surveyed 1,200 executives with responsibility or influence over IT and data security at organizations from the U.S., U.K., Australia, Germany, India, Japan, the Netherlands and New Zealand. Executives were asked about their views on the digital transformation and how their companies were positioned to handle the security aspects involved in the process.
The supporting technology is also a concern, as the complexity of executing a digital data transformation in the cloud is perceived by many organizations as a major barrier to establishing proper data security.
Forty-four percent of organizations cited those complexities, rating it as a bigger concern than staff needs, budget restraints or securing an organizational buy-in, according to
Nearly all organizations surveyed (97 percent) reported that their companies were already underway with some level of digital transformation and confirmed they are using and exposing sensitive data in those environments.
Even though these types of aggressive digital transformations for payments or personal data put companies at a 28 percent higher likelihood for data breaches, only 30 percent said they were using encryption within those environments. The study also cited areas in which encryption adoption and usage were above average — Internet of Things at 42 percent; data containers at 47 percent; and Big Data at 45 percent.
"Organizations need to take a fresh look at how they implement a data security and encryption strategy in support of their transition to the cloud and meeting regulatory and compliance mandates," Tina Stewart, vice president of marketing strategy at Thales eSecurity, said in a Tuesday press release.
Globally, 60 percent of organizations say they have suffered breached at some point in their history, with 30 percent experiencing a breach within the past year alone, the report noted. In a year in which breach headlines appeared regularly, the U.S. had the highest number of breaches in the last three years at 65 percent, as well in the last year at 36 percent.
In looking at future developments, 34 percent cited as a top concern that attacks on IoT could potentially impact critical operations, while about 33 percent cited the lack of security frameworks and controls within the IoT environment.
In assessing blockchain technology, 35 percent of respondents were most concerned about the threat of cryptojacking, while 32 percent felt uneasy about potential exposure of private data because of improper public ledger controls.
Overall, the survey showed a shift of the past few years from fears about internal actors being the greatest threat, whether from malicious acts or careless security habits, to more concern about the damage that external actors could inflict.
More than 60 percent cited cyber criminals and cyber terrorists as main concerns, and nearly 60 percent said they most feared hacktivists with political goals.
Thales eSecurity provides data security solutions and services in aiding companies through conversion to a digital environment.
