Profile

Cover photo
Ulf Mattsson
Works at Protegrity
Attended Chalmers University of Technology
Lives in Connecticut, USA
76 followers|4,029 views
AboutPostsPhotosVideos

Stream

Ulf Mattsson

Shared publicly  - 
 
With the exponential growth of data generation and collection stemming from new business models fueled by Big Data, cloud computing and the Internet of Things, we are potentially creating a cybercriminal's paradise where there are more opportunities than ever for that data to end up in the wrong hands. The biggest challenge in this interconnected world is merging data security with data value and productivity. If we are to realize the benefits promised by these new ways of doing business, we urgently need a data-centric strategy to protect the sensitive data flowing through these digital business systems. In this webinar, Ulf Mattsson explores these issues and provides solutions to bring together data insight and security to safely unlock the power of digital business.
With the exponential growth of data generation and collection stemming from new business models fueled by Big Data, cloud computing and the Internet of Things, we are potentially creating a cybercriminal's paradise where there are more opportunities than ever for that data to end up in the wrong hands. The biggest challenge in this interconnected world is merging data security with data value and productivity. If we are to realize the benefits pr...
1
Add a comment...

Ulf Mattsson

Shared publicly  - 
 

I agree that “data encryption is the safest way to satisfy most regulations out there, so your company should definitely look into a cloud encryption solution when using a cloud service."  

A report “Data Breach: The Cloud Multiplier Effect” by the Ponemon Institute reveals that 66 percent of respondents say their organization’s use of cloud resources diminishes its ability to protect confidential or sensitive information and 64 percent believe it makes it difficult to secure business-critical applications.

Ponemon asked “Can a data breach in the cloud result in a larger and more costly incident?” and found that an average data breach cost of $2.37 million it could be as much as $5.32 million if the data is in the cloud. A data breach in the cloud can be 2x more costly.
In a recent study, a shocking 88 percent of organizations that adopted cloud computing ran into at the very least one challenge they hadn’t expected.
1
Add a comment...

Ulf Mattsson

Shared publicly  - 
 

You are asking relevant and critical questions by saying “Is there a way for the app industries to have a common agreement about what can be shared,what is a reasonable life expectancy for personal data, how and to what extent personal data can be actually anonymized, and how data destruction can be audited to even a private detective's satisfaction?” I've seen two very interesting approaches to address basic privacy and security issues.
The ability to access Dropcam video footage in the cloud is indicative of a broader trend in cloud computing that is eating away at privacy.
1
Add a comment...

Ulf Mattsson

Shared publicly  - 
 
I agree that over the past year, companies and organizations “have been struck by separate cyberattacks leading to the loss of millions of customer and employee records -- including sensitive data, credit cards and personal information which could be used in identity theft.”

I think it time to neutralize sensitive data to reduce its value to hackers and administrators. We need to re-think our security approach and be more data-centric.
Summary:FireEye's Mandiant M-Trends report says impersonation and social engineering are now key tactics used by cybercriminals targeting corporations.
1
Add a comment...

Ulf Mattsson

Shared publicly  - 
 

I think it is very concerning that even if malware is detected it could be hard to notice in all the noise from different detection systems. This picture is not improving according to the two most recent Verizon reports. Analytics based on data lakes may not help any time soon.
It can take up to six months for antivirus software vendors to catch a zero-day exploit, letting malware slip by en masse.
1
Add a comment...

Ulf Mattsson

Shared publicly  - 
 
I agree that "You need to do a good job of following through on all the blips that come through in the night.” Some people think that it was likely that the Target security team received a large volume of security alerts on a daily basis, which would have made it tough to have singled out that threat as being particularly malicious.

The latest published Data Breach Investigations Report from Verizon reported that most breaches were detected by external parties with whom the victim has no business relationship specific to detection services. Only 13% of breaches where detected by internal means.

There is a lack of effective means of detecting a breach internally. This tells me that we need to proactively secure sensitive data itself and not rely on monitoring systems to catch an attacker. We know that “The Anthem attack targeted network administrators. They have more network rights and permissions than the typical worker. Sometimes they also have the ability to get through firewalls, data encryption or other embedded network protection.”

According to the survey database security was recommended by 49% of respondents, but the study found that organizations continue to allocate the bulk of their budget (40%) to network security and only 19% to database security. Ponemon concluded that “This is often because organizations have traditionally spent money on network security and so it is earmarked in the budget and requires no further justification.”
1
Add a comment...
In his circles
18 people
Have him in circles
76 people
Igor Edelman's profile photo
joy jenny's profile photo
Steven Blinn's profile photo
Leo Hauguel's profile photo
Thue Tau Du Lich's profile photo
Adrian Rogers's profile photo
kousik chinna's profile photo
Maarten Krijgsman's profile photo
Michael Helman's profile photo

Communities

Ulf Mattsson

Shared publicly  - 
 
I agree that "Security of cloud services remains a top priority," and security is rapidly improving for public cloud applications. A recent report "Data Breach: The Cloud Multiplier Effect" by the Ponemon Institute reveals that 66 percent of respondents say their organization's use of cloud resources diminishes its ability to protect confidential or sensitive information and 64 percent believe it makes it difficult to secure business-critical applications.
1
Add a comment...

Ulf Mattsson

Shared publicly  - 
 
I agree that “A common weakness among retailers that were hacked, for example, was a failure to implement two-factor authentication.” But not even the largest banks, like JP Morgan Chase, could avoid simple configuration errors.

I think that we need to rethink our layers of security to prepare for future attacks. There are so many different ways savvy hackers can attack our data flow.
The nature of cybersecurity threats continued to evolve in 2014, with attackers using an array of tricks to evade detection, according to FireEye's latest "M-Trends" report. Released Tuesday, the annual report details the cyber · Relevant Products/Services -threats uncovered over the past year ...
1
Add a comment...
 
I think that current Healthcare Regulatory Mandates are “Harming the Industry,“ and my view is different. Anthem lost the Social Security numbers of 80 million customers and stored the information without encryption. HIPAA does not require encrypted databases.
I think that data should be neutralized to reduce its value to hackers.
1
Add a comment...

Ulf Mattsson

Shared publicly  - 
 
I agree that “there are lots of changes occurring in addition to the roll-out of EMV chip cards,” and we know that fraud is attacking at other points, including mobile, where EMV chip cards are not used.

I agree that “biometric authentication - involving voice, facial recognition and fingerprints,” can be a great idea but what should I do if my biometric data is stolen? I know how I can change my password when needed, but how can I get another voice, face or other biometric? We still have that problem to solve. I like payments with the new Visa technology that in “effect will empower a customer’s smartphone to track his location,” and those who “don’t want to be tracked, even for good reasons, can say no thanks.”

The new EMV chip and improved authentication approaches might help a little, but we urgently need to protect the flow of sensitive data. Also for data that can be used for identity theft.
Computer chips, location tracking, biometrics and more with credit cards in 2015.
1
Add a comment...
 
I agree that “Just because you can collect data doesn’t mean you should.” But how can you know the answer to the question “do we need this?” We know that information will increasingly give you a competitive advantage.
I suggest that we keep the information and put it in a secure place.
1
Add a comment...

Ulf Mattsson

Shared publicly  - 
 
I agree that “When pooling all of the data in one place, CIOs need to keep in mind that applications and users will require different access to the same data sets, which means incorporating tools such as data-masking capabilities.” I recently read the Gartner Report "Big Data Needs a Data-Centric Security Focus" concluding "In order to avoid security chaos, Chief Information Security Officers (CISOs) need to approach big data through a data-centric approach. The report suggests that new data-centric audit and protection solutions and management approaches are required.
1
Add a comment...
People
In his circles
18 people
Have him in circles
76 people
Igor Edelman's profile photo
joy jenny's profile photo
Steven Blinn's profile photo
Leo Hauguel's profile photo
Thue Tau Du Lich's profile photo
Adrian Rogers's profile photo
kousik chinna's profile photo
Maarten Krijgsman's profile photo
Michael Helman's profile photo
Communities
Education
  • Chalmers University of Technology
  • IBM Management School
  • Stockholm University
  • Polhem Institute of Technology
  • Kungsladugardsskolan
  • Skytteskolan
Basic Information
Gender
Male
Story
Introduction
I created vault-less data tokenization and the architecture of Protegrity's data centric security technology. Prior to joining Protegrity, I worked 20 years at IBM in software development and as a consulting resource to IBM's Research organization, specialized in the areas of IT Architecture and IT Security. I received my US Green Card of class 'EB 11 - Individual of Extraordinary Ability' after endorsement by IBM Research in 2004.
I am the inventor of more than 20 patents in the areas of Encryption Key Management, Policy Driven Data Encryption, Internal Threat Protection, Data Usage Control and Intrusion Prevention. One line of my research during the last 15 years is in the area of managing and enforcing policies (security, encryption, audit) for databases, including more than 10 joint projects with research and development teams at IBM, Microsoft, Hewlett-Packard, Oracle, Sybase, Informix, Teradata, and RSA.
I am a research member of the International Federation for Information Processing (IFIP) WG 11.3 Data and Application Security, ANSI X9 and IEEE. Leading journals and professions magazines, including IEEE Xplore and IBM Journals, have published more than 100 of my in-depth professional articles and papers.
I received Industry's 2008 Most Valuable Performers (MVP) award together with technology leaders from IBM, Cisco Systems., Ingres, Google and other leading companies. I have given a series of presentations at leading security and database conferences in US, Europe and ASIA, and frequent tutorials at the Information Systems Security Association (ISSA) and Information Systems Audit and Control Association (ISACA). I received a master's degree in physics in 1979 from Chalmers University of Technology in Sweden, and degrees in electrical engineering and finance.
Bragging rights
Invented vault-less data tokenization
Work
Occupation
Chief Technology Officer
Employment
  • Protegrity
    Chief Technology Officer, present
  • IBM
Places
Map of the places this user has livedMap of the places this user has livedMap of the places this user has lived
Currently
Connecticut, USA
Previously
Sweden - Stockholm, Gothenburg
Contact Information
Home
Email
Work
Email