Stephen SequeiraMar 13, 2019 12:15:59 IST
The challenge to protect one’s personal data in a seamless digital world is a deep concern of every Indian today. Business tycoons and journalists have had their email passwords compromised and social media accounts are no longer secure as they continue to record significant data security breaches.
As Indians get digitally robust with fintech adoption rates higher than global averages, they have become vulnerable to data and identity thefts. In an IDC Asia Pacific 2018 survey, security and privacy concerns were one of the significant challenges cited by decision makers in organisations. Banking institutions which are ramping up their digital transformation efforts are grappling with a host of sophisticated cyber attacks from deceptively legit looking documents. Website cloning to cyberstalking — privacy is truly at stake here.
The threat of data breaches continues to haunt corporate organisations as well, as they try to keep pace with a digitised and mobile environment. As organisations grapple with new IT architectures, it is crucial to incorporate a security model that aligns with the new reality. It is not a concern that companies can easily brush aside or install firewalls to foil. These threats are getting more ingenious and it is difficult for IT sleuths to figure out where a breach would pop up next. The top security breaches that played out last year showed us more than ever that threats to data security are increasingly getting complex.
Enterprises are exposing themselves to new vulnerabilities as they embrace Artificial Intelligence and connected technologies that are not yet understood well enough. Cloud platforms, apps, voice-activated smart speakers and connected devices are vulnerable for intrusion somewhere and somehow. Last year, hackers got a foothold into a casino’s network through an IoT thermometer fixed inside a seemingly innocuous fish tank in the premises. The casino’s high-roller database was found and then pulled back across the network, and out through the thermostat and up to the cloud.
These attacks are innovative and fast. Consider the records: 57 percent of global 1,000 companies have had a security breach in the last 12 months (EY Global Information Security Survey 2018-19). 4,949 data records are lost or stolen every minute and these numbers are growing year on year (Gemalto Data Breach Level Index 2017). The situation is such that threats start even before you acquire the technology and span the lifecycle even through disposal. Platforms and algorithms that had promised to improve our lives are delving deep into data to cull personal information moving into the realm of abuse of user’s data and their trust. There can be no compromise when it comes to the protection of users’ data.
The impact of data breach
Data breaches can result in sensitive data loss, server outages, costly legal liabilities, client dissatisfaction and negative press for companies. Hackers have breached networks and compromised billions of data records, not just resulting in revenue losses but severely impacting brand equities as well. Also, CEOs know today that the stakes have gone up to ensure data privacy and security. Privacy has never come tagged with such hefty fines for companies as it does now.
The stiff penalty imposed by Europe’s watchdog, the General Data Protection Regulation (GDPR) for a data breach keeps companies on their toes. The onus has clearly shifted on the companies to stem the leaks. As future of work needs to be more intelligent, contemporary and secure, the IDC Future of Work 2019 predictions clearly state that IT departments should begin playing a more strategic role, shifting their IT policy approach from command and control to partnering and influencing.
Data security has become the central cynosure for all businesses as they gear up to protect themselves from multi-dimensional intelligent hacks.
According to an EY Global Information Survey 2018-19, organisations are spending more on cybersecurity, devoting increasing resources to improve their defences and work harder to embed security by design but they still need to do more. The survey felt that protections are patchy, relatively few organisations are prioritising advanced capabilities, and cybersecurity often remains isolated. Deploying resilient data protection practices at all levels to prevent risks is a necessity now. As digital transformation unfolds at a rapid pace, cybersecurity must be an enabling function rather than a hindrance to innovation and change.
Governments are also actively involving themselves in data security measures by setting up regulatory bodies to impose policies that monitor and control data at different touchpoints. They are laying down newer and higher standards of cyber security to create a safer environment to manage confidential information. Strict legislation is being enacted, and mandatory industry standards are in place to protect massive volumes of business sensitive information and to facilitate customer privacy.
India is building a data protection framework as well, as the country seems particularly vulnerable with 75 percent of enterprises reporting breaches compared with just 67 per cent globally (Thales Data Threat Report 2018). Therefore, you see companies in India being conscious about monitoring data usage and storage today. Awareness on GDPR is high as they make efforts to understand data compliance and invest in introducing the best practices in security.
Tackling the challenges of data security
While developing intelligent solutions for data security challenges, it is best to first classify them under four key areas — data, identity, online and device.
How can personal data be continuously monitored in a way that you get alerts if someone is trying to use it? That is the basic level of protection that has become essential today. Securing data through passwords is no longer sufficient to prevent unauthorised access, disclosure or damage to your data. Data on the go in a digital world is exposed to security threats all the time. However, encryption and access control at all points can help mitigate and manage risks to protect data leakage at all times.
Identity theft is one of the most common types of data breach. Identity clearance through layers of authentication, safer password-free logins, fingerprint scanners are new ways to ensure user identity security without complexity. In fact, the IDC report on Intelligent Transformation and Rethinking Security for the Industry 4.0, emphasises that identity management and protection will be one of the key points which will have to be addressed by companies as they embark on the DX (digital transformation) journey.
Online protection meanwhile needs solutions that can detect threats and notify users when they are about to connect to unsafe wireless networks. It is vital to isolate online threats with sandboxing to avoid infecting the entire organisation. And, you need to ensure safe connections to avoid online identity theft, off-device hacks, malware and phishing.
In the case of device security, you have to start with monitoring for supply chain attacks to fitting in features to disable lost or stolen devices. Intelligent features can be built in like camera shutters as well to allow users to decide visibility. It is critical to secure data even after a product’s lifespan ends.
Shielding data in the new age requires an all-encompassing and scalable security solution to stay ahead of criminals in the cyberspace. As enterprises push intelligent technologies, which is changing the way we live and do things, they need to equally address data security to stay ahead in a volatile market and be competitive.
The author is the Director of Commercial Named Account Business for Lenovo India.
Tech2 is now on WhatsApp. For all the buzz on the latest tech and science, sign up for our WhatsApp services. Just go to Tech2.com/Whatsapp and hit the Subscribe button.