Mitigating IT Risks in ePayments

Ruchin KumarBusiness Head – Govt. & Defense , Gemalto Security

Security

TODAY…. WELL NOT SO MUCH…

THE WORLD AROUND IS CHANGING

Lets put things in perspective

Trust. Every day.5

OUR DATA IS NOT THE SAME

3 mai 2023Trust. Every day.6

Internet of Things

Telemetry, Location-Based, etc.

Non-Enterprise

Structured inRelational Databases

Managed, Unmanaged

& Unstructured

OUR NETWORK IS NOT THE SAME

3 mai 2023Trust. Every day.7

OUR ENVIRONMENT IS NOT THE SAME

3 mai 2023Trust. Every day.8

OUR WORKFORCE IS NOT THE SAME

3 mai 2023Trust. Every day.9

IS THERE A REAL DANGER?

The Reality: Data Breaches 2016

1,023,108,267RECORDS EXPOSED

… as the result of 1,541 data breaches globally

breaches.per week.

breaches.. per day..

breachesper month128 32 5

>95% of all breaches involved data that was NOT ENCRYPTED

http://breachlevelindex.com/11 Introduction to Identity Data Protection 3 mai 2023

While we were asleep

Footer, 20xx-xx-xx12

WHY THE NUMBER IS SO HIGH?

In more places…

(Volumes or Shares)

(Data-in-Motion)

(Drives and Tapes)

Storage

Networks

Media

(Files, Databases, and Virtual Machines)

ServersOn-premises/Cloud/Virtual

Facing more threats…More data…

Credit Card Numbers

Social Security Numbers

Customer Personal Identifiable Information (PII)

Sensitive Corporate Information

Data Encryption & Transaction Keys

Transaction History

Account Numbers

Employee Records

Identity Theft

Fraud

BYOD

Social Engineering

Our Digital World is Changing…

14 Introduction to Identity Data Protection 3 mai 2023

Security Requirement

3 mai 2023Trust. Every day.15

Security Compliance

Trust. Every day.16

Encryption

Contextual security

Cloud-ready

Biometry

Convenience

Privilege management

Key Management

RBA

How can you protect yourself from tomorrow’s attack with yesterday’s

technology.

17 Introduction to Identity Data Protection 3 mai 2023

Accept the Breach

1

Protect What Matters, Where It Matters

2

Secure the Breach

3

Perimeter security alone is no longer enough.

Data is the new perimeter.

Attach security to the data and applications. Insider threat is greater than ever.

Breaches will happen – we must prepare!

A New Mindset is Needed…

18 Introduction to Identity Data Protection 3 mai 2023

Remember……Anyone can encrypt…

Trust. Every day.19

ENCRYPT THE DATA AND MANAGE THE KEYS

Key Management PlatformEnterprise Key Management, Encryption and Tokenization

Trust. Every day.21

ApplicationConnector

Tokenization Service

Database Connector File & Directory

Connector

Virtual Image & Volume(AWS / VMware)

Data Center

3rd Party Key Management(Tape / Disk / KMIP)

KeySecure® Platform

ProtectToken

ProtectV

ProtectAPPProtectDB ProtectFile

Ecosystem

Transform Utility

Batch File(Positional / Delimited)

PROTECT THE ACCESS

Trusted Credentials

23

Gartner magic Quadrant

Introduction - Widest Choice of Tokens, including Token less & 3rd Party

Authenticators for every user type – and an increasing focus on commoditization

Authenticators that: Don’t expire Seed keys can be owned by the subscriber Can be easily re-assigned to new users Easy deployment saves cost and time A token can be included in the service charge

H/W SMSBlackBerry iOS Android Microsoft Java

Multi Platform

USB GridMicrosoftOSx

Examples in Smart Cities

25

Scary Stuff: Threats to Medical Devices

“….drug infusion pumps–for delivering morphine drips, chemotherapy and antibiotics–that can be remotely manipulated to change the dosage doled out to patients; Bluetooth-enabled defibrillators that can be manipulated to deliver random shocks to a patient’s heart or prevent a medically needed shock from occurring; X-rays that can be accessed by outsiders lurking on a hospital’s network; temperature settings on refrigerators storing blood and drugs that can be reset, causing spoilage…”

Scary Stuff: Remotely Opening Prison Cells

“Researchers have demonstrated a vulnerability in the computer systems used to control facilities at federal prisons that could allow an outsider to remotely take them over, doing everything from opening and overloading cell door mechanisms to shutting down internal communications systems.”

Scary Stuff: Manipulation of Connected Cars“Many sensors currently transmit data in clear text, with little or no cryptographic verification of source. Stopping cars dead can create traffic jams on command, cause dangerous accidents, lose critical transport conduits, or be part of a more coordinated attack.

Criminals can snoop on moving cars simply by driving nearby, attaching to the car’s Bluetooth network and injecting malware commands, such as “activate built-in microphone.” When manufacturers connect more vital devices to the car’s network, even more will be exposed.”

Scary Stuff: The Dangers of the Smart Grid Another day, another cybersecurity flaw revealed in the IT systems that run the world’s critical infrastructure -- and this time, the Department of Homeland Security is getting involved.

The latest bad smart grid security news is for RuggedCom, the hardened grid and industrial router company bought by Siemens for $381 million last year. DHS said in a Tuesday alert (PDF) that it is investigating a flaw that could be used to decrypt RuggedCom’s data traffic between an end user and the router.

Secure capture and flow of credentials inUnified Payment Interface (UPI)

3 mai 2023Trust. Every day.30

Settlement Flow in BBPS

31

QUESTIONS???