Data Security Breach Scare Spreads Like Wildfire

Jay Decenella, IT audit expert
February 27, 2012 /

Concerns about data security and protection have intensified with recent reports of data breaches to major companies within the UK and abroad.

There have been apprehensions of late that any business can be the next target, with Visa, Mastercard, Google, the CIA, the NHS, Sony and Citibank having been a few of the organisations to become recent victims of cyber attacks.

Finding possible data leakages and ensuring internal procedures with clear definitions are in place, will reduce your business’ risk of becoming a victim of data loss, consulting firm KPMG said.

Policies and controls should be continually reviewed due to changes in technologies, processes and personnel, it added.

Incidents of data loss pose a serious threat to organisations of all sizes and across every business sector. The impact on brand reputation is high and customer trust can be seriously damaged.

Malcolm Marshall, UK Head of Information Protection at KPMG said: “No longer limited to fraudsters in search of instant financial returns, the dark side of the digital economy now boasts a diverse list of players ranging from governments, intelligence agencies, and organised crime syndicates through to geographically dispersed ‘hacktivists’ who share common social, political or ideological beliefs.

“As attacks from all quarters become more frequent and more sophisticated, organisations must prepare for an ever broadening spectrum of impacts arising from a compromise including loss of operational capability and adverse media publicity due to the publication of information that aims to destroy reputation.

“Cyber crime is no longer driven by profit alone – the evolution of the criminal hacker into state-sponsored attackers and politically motivated hacktivists means that money is often no longer the only target.

“This raises the stakes significantly and means that simply defending systems against attack is not a sufficient strategy for today’s threat environment.”

The European Union is to enforce new rules making it the obligation of every business to inform customers should their data security be compromised.

Viviane Reding, Vice President of the European Commission and Commissioner for Justice, Fundamental Rights and Citizenship said: “Only recently, we witnessed a massive security theft in online gaming services affecting millions of users around the world. This incident highlights why companies need to reinforce the security of the information they hold. Frequent incidents of data security breaches risk undermining consumers’ trust in the online economy.

“Companies should beef up their precautions against identity theft and better protect consumers’ personal data. They should immediately notify breaches of data security and confidentiality.

“I intend to introduce a mandatory requirement to notify data security breaches – for all sectors. It would create a stronger incentive for business to conduct serious risk assessments to protect personal data and to implement the appropriate security measures protecting the confidentiality, the integrity and the availability of personal data.

“I welcome the proactive attitude of the United Kingdom’s government on privacy and personal data protection. This appears to reflect the public mood.

“I agree with those businesses arguing that regulation would be feasible if we make them more accountable. This is why I am considering the inclusion of the ‘accountability principle’ in my reform so that data of citizens exported to third countries is always exported with their rights attached.”

Recent and widely reported incidents of data theft, targeted attacks against public and private sector organisations, and suspected state sponsored intrusions breaching enterprise systems have clearly demonstrated the need for organisations to stress test their defences and readiness to respond to many different types of attack.

Behind the news headlines, rapid shifts are taking place in the background of the cyber threat eco-system. The driving forces behind its evolution are increasingly varied. So too are their motivations and aims, the resources or finances they have at their disposal, and their capabilities.

Security risks involving data loss are an unpalatable risk of life; as and when they are breached, companies and individuals alike, must act swiftly, appropriately and decisively to limit the potential damage to their customers, their assets and their reputation.

The current favourite target of ‘hacktivists’ is sensitive corporate information – a critical asset for all businesses, which needs to be carefully protected at all times. If confidential business information is compromised reputations may be impacted, customer confidence may decrease and business partners may lose trust.

Senior business executives will be held accountable when personal data is lost. They risk breaching legislation and regulations, both of which can result in significant financial penalties.

Despite best efforts to maintain a tight security posture across networks and systems, data security incidents, including cyber attacks do occur. Security is a process and not a solution, and as such safeguarding IT networks and sensitive data from electronic attack and exposure, both from the Internet and internally at organisations is a constant endeavour.

 

Share your opinion