It’s been a year since the private personal data of almost 60 million South Africans was compromised when a database named ‘masterdeeds’ was leaked publicly online, exposing ID numbers, contact details, addresses, and income estimates. But, have any lessons been learnt by South African organisations? It would appear not.
Back in May this year close to a million records of South African citizens were exposed online, including similar information to the ‘masterdeeds’ expose, but this time with plain text passwords also revealed, it appeared that multiple other breaches had been successfully achieved, that is according to insights from ‘Have I been pwned’ analyst, Troy Hunt.
Given how intelligent data management is growing as a strategic priority, companies must be cognisant of ensuring the security and integrity of systems especially when it comes to defending against cyber attacks. The reality is that these attacks can happen against any business, in any industry, at any geographic location. From small startups all the way through to large multinationals, no company can consider itself safe.
But, not just that. An old proverb goes, ‘Time and tide wait for no man’. Well, I think you can add ‘data protection’ to that line too. The ability to get ahead of would be attackers and fix weaknesses is a never-ending task, it is a business constant. By identifying zero-day vulnerabilities and working with software vendors to ensure that patches are developed and distributed, researchers can help close this gap.
But the pace of acceleration at which attackers are evolving and becoming more sophisticated is troubling the minds of experts at major security firms, like Cisco’s Talos Threat Intelligence Division.
Businesses need to be far more proactive in managing and protecting data and systems and understand that the traditional perimeters they must defend are now much wider. Cloud computing, IoT, mobility technologies, and ‘Shadow IT’, all have eroded previous business security boundaries. But even a humble phone charging cable can be used maliciously without a user consciously being aware of the risk posed. The breadth and depth of recent ransomware attacks alone demonstrate how adept adversaries are at exploiting security gaps and vulnerabilities across devices and networks for maximum impact.
Getting the basics right
One of the most fundamental steps in this regard is to deliver a company-wide employee training programme on data protection and phishing attacks. Human-led errors are still the weakest link in the security chain for a business. No matter who you are or who you work for, this must be right. When the stakes are so high, employees must be more aware of their actions.
From a technology standpoint, implementing intelligent data management tools that can monitor, automatically spot irregularities, and act accordingly is critical. Businesses collect data at an astounding rate. The traditional method of adopting a policy-based mindset of security and data management is no longer enough. Instead, decision-makers need to embrace an automated, behaviour led approach that can spot inaccuracies and obscure patterns in data usage.
For organisations of any scale, the old school way of manually checking and monitoring has become a relic of the past. Yes, it is near impossible to prevent all data leakage and data thefts, but an intelligent data management approach, combined with a strong and versatile incident response process, can help significantly reduce the complaints that naturally would follow.
IBM research shows that beyond reputational damage, there is also a significant financial impact. For example, in the US, the average total cost of a data breach this year has been close to $8 million. Canada, Germany, and France each reported more than $4 million per incident while the UK, Italy, and Japan come in at more than $3 million. Sadly, South Africa is not spared either. The country averages $2.9 million per data breach. Now consider you are a small business owner. Can you realistically survive something as catastrophic as that?
With incidents occurring more frequently, both locally and abroad, companies are waking up to the need to better understand their security priorities. 91 percent of the security professionals said the breaches drove improvements at least to a modest extent, according to the 2017 Cisco Midyear Cybersecurity Report. A breach can offer useful insights into how attackers got into the networks, showing security professionals the chain of entry points—and therefore offering a roadmap of where to place security controls. But this information will quickly be redundant as attackers evolve the sophistication and style of attack.
Taking preventative action is always better than being caught on the back foot and scrambling to recover. Offsite and offline backups not only mitigate the effects of ransomware, but when combined with the right security suite and employee awareness training, can help prevent the problem altogether.
When it comes to security and data backups, however, the reality between what should be done, and what is happening is startling. Veeam research suggests that just under half of IT decision-makers test their backups on a monthly basis. Long gaps between testing can increase the chances of issues being found when data needs to be recovered. For those that do test their backups, a mere 26 percent test more than five percent of their backups.
Data ready? 3-2-1 go!
Despite all the technology innovation happening around us, solid business rules should still apply when it comes to protecting data. In this regard, one of the best strategies is the 3-2-1 rule. This states that organisations must have at least three copies of their data, store the copies on two different types of media, and keep one backup copy offsite.
By following this approach, organisations will always have an available and useable backup of their data and systems. At a time where breaches, attacks, ransomware incidents, and so on, become a daily threat, this is a vital precaution.
Fundamentally, intelligent data management must be viewed in its entirety. In other words, companies cannot only focus on protecting one division or specific elements of their data. Instead, all entry points need to be considered, all databases irrespective whether they are hosted locally or in the cloud need to be protected, and all employees must be continually educated on threats. To do any less, could potentially result in a business having to close its doors for good.
By Kate Mollett, regional manager for Africa South at Veeam