HOW IMPORTANT IS TOTAL DATA SECURITY?

Published November 6, 2019

WHAT IS DATA SECURITY?

Data security, in simple terms, means the protection of data from breaches and cyber threats—both internal and external. Data security aims to ensure the privacy, integrity, and accessibility of data and data warehouses. Data security is also referred to as cyber security, information security and digital security.

In the corporate setting, data security can be defined as the process of establishing digital privacy measures and technologies for protecting an organisation’s data assets. Only authorised users should have:

1. Access to a company’s database(s)
2. File sharing privileges
3. Access to cloud environments and other data storage platforms

In this age of numerous advancements in Information and Communication Technology (ICT), cyber security attacks are rampant, thus business organisations of all sizes and types should prioritise data security.

Data security and protection aims to prevent the destruction and unauthorised modification of stored data assets. This means disallowing any unwanted access to a company’s computer systems, databases, website(s), and server networks. Unauthorised access, transmission or manipulation of data by unknown users should be the main concern.

Total data security means maintaining the integrity and privacy of the company and its clients’ data at all times. Setting up a physically secure data environment, administrative controls, and other precautions to limit data accessibility precedes the following data security measures:

• Tokenisation
• Data backup
• Data masking
• Data erasure
• User access management and
• Encryption and other key data management technologies

These cyber security standards aim to protect sensitive data across all platforms (e.g. data warehouses, big data platforms, file sharing and cloud environments).

WHAT IS A CYBER SECURITY ATTACK?

A cyber security attack (or cyber attack) is any unauthorised and malicious data breach attempt to purposely access, manipulate, and/or destroy the computer systems and networks of an individual or organisation.

This intentional disruption and exploitation of computer networks usually result in critical consequences that compromise an organisation’s data assets. This leaves any business enterprise vulnerable to cybercrime attacks such as:
 

• Information and identity theft
• Credit card fraud
• Money laundering and other financial crimes
• Ransomware
• Credential harvesting malware

CYBER SECURITY ATTACKS IN AUSTRALIA

According to Webber Insurance Services’ list of Data Breaches in Australia (2018-2019), at least 30 incidents of cyber security attacks or data breaches were recorded since June of this year.

The Australian Bureau of Statistics (ABS) published their findings of their last cyber security survey among Australian businesses. ABS reported that one in ten Australian businesses experienced cyber security breaches in the last financial year (Source: itnews.com.au, June 2019). Their survey findings also reported that almost 18% of businesses did not know whether they have experienced any security breaches from 2017-2018.

According to endpoint security company Carbon Black, cyber security attacks or cyber crimes have been increasing in volume and sophistication (Source: securitybrief.com.au, April 2019).

The documented security breaches in Australian businesses have targeted and impacted 89% of AU organisations surveyed. The survey findings were then consolidated as the results of Carbon Black’s first Australian Threat Report. This includes cyber crime activities in Australia recorded in the past year.

The findings also concluded that malware, Google Drive attacks, ransomware, and phishing attacks—which caused 12% of successful breaches—are the most common strategies of cyber criminals today.

WHY ARE THERE CYBER ATTACKS?

Cyber crime rates continue to increase every year as cyber attackers (also known collectively as hackers) try to benefit from defenseless and the less secure business networks and systems. Recent cyber attacks aimed for illegal financial gains through ransomware. Cyber attacks happen worldwide daily across all industries, especially in the corporate sector.

WHAT ARE THE MOST COMMON CYBER ATTACKS?

1. MALWARE

Malware is any malicious software devised to deliberately breach a network. Malware exploits a system’s vulnerabilities usually brought about when an unsuspecting user opens or click a dangerous link or email attachments. This is followed by the unauthorised installation of harmful, destructive software that targets network components. The types of malware include:

• Ransomware
• Spyware
• Worms and viruses

2. PHISHING

Phishing has arguably become the most common cyber threat in the business world. The rampant practice of phishing involves sending fraudulent emails that appear to be legitimate and coming from a trusted source or sender.

Cyber attackers today continuously set about phishing attempts to steal sensitive company data. This includes company email addresses, user login information, corporate website database credentials, credit card and other financial information. Upon gaining access to the target network(s), the cyber attackers can then install malware on the victim’s computer systems.

3. SQL INJECTION

This type of cyber attack involves the process of injecting malicious code into a vulnerable network server that utilises SQL. The unauthorised insertion of this code then causes the attacked server to reveal sensitive data to the hackers. Website administrators should be cautious when integrating a search box since any skilled cyber attacker could perform harmful SQL injections just by submitting malicious code into the search box.

4. MAN-IN-THE-MIDDLE

Man-in-the-middle (MitM) attacks are eavesdropping attempts executed by cyber attackers that interrupt and sneak into any communication between two parties—any transaction between people or systems. The attacker can then spy, access, filter, and steal an organisation’s data assets. Any unsecure public Wi-Fi network and malware-infected devices are the most common entry points for MitM attacks.

5. DENIAL-OF-SERVICE

A denial-of-service (DOS) attack aims to use up the digital resources and bandwidth of an entity’s computer systems, vulnerable servers and networks. Hackers overwhelm the target network with traffic or flood it with information, therefore resulting in a system crash and denial of service to legitimate users (e.g. employees, account owners, other clients of the attacked server).

WHAT IS THE CYBER KILL CHAIN?

The Cyber Kill Chain basically is the life cycle of most cyber crime activities today. Strategies to address cyber threats and attacks are also discussed below,  highlighting the significance of total data security in this digital age.

The Cyber Kill Chain involves the ff. processes:
 

• Reconnaissance
• Weaponisation
• Delivery
• Exploitation
• Installation
• Command & Control
• Action on Objectives

PHASES OF THE CYBER KILL CHAIN

Phase 1 – Reconnaissance

• Reconnaissance or recon involves the process of identifying the target of the planned cyber attack. The cybercriminal then organises a profile of the target after researching their contact information (e.g. employees’ email addresses, social network login details, and even the company’s IT structure).

Phase 2 – Weaponisation

• The cyber attacker clarifies his objective and prepares his tools for executing the attack. This includes choosing which malware (e.g. WannaCry, Trojans, Petya, Locky) or special encryption tools to use.

Phase 3 – Delivery

• Delivery is the first step executed by the cyber attacker. Utilising the stolen information obtained from the weaponisation phase, the cybercriminal delivers a data storage medium (e.g. USB flash drive, CD-ROM, email links and attachments) to the unsuspecting target. A phishing attack via social media platforms also perpetuates the cyber attack.

Phase 4 – Exploitation

• This is the systematic detection of security errors in the target’s unsecure network. The cybercriminal searches for vulnerabilities and exploits such susceptible areas. Employees who are not well-versed on data security standards are the usual targets of the cyber attack.

Phase 5 – Installation

• Backdoor installation of the malware injected into the target computer system or network is the next crucial step of the cyber attack. The installation of the malicious program into the vulnerable system occurs without the targeted user’s knowledge. Trojans are the most commonly used tools in this infiltration stage.

Phase 6 – Command and Control

• This stage of the attack exploits the vulnerability of the targeted user(s) after the cybercriminal identifies which desktop system is the weakest point and is the easiest for remote access.

Phase 7 – Exfiltration

• Executing the actions on objective is the last stage of the cyber attack. Upon gaining access to the targeted system or network, the cybercriminal can now conduct extensive spying, data theft, and data manipulation to systematically breach and damage the targeted system.

WHAT ARE THE 6 STEPS TO ENSURE CYBER RESILIENCE?

STEP 1 – SYSTEM CLEANUP

• Identify and analyse data assets. Put in place a proactive strategy for regular system cleanup and maintenance.

STEP 2 – SET A PLAN

• Establish a plan for addressing data security issues and identify potential risks. This usually includes the purchase of digital security solutions software for your business.
  

STEP 3 – RISK & PROCEDURE MAPPING

• Analyse patterns of cyber threats and attacks.  Then formulate data protection procedures.
   

STEP 4 – MITIGATE IDENTIFIED RISKS

• Mitigate risks that may jeopardise data security. Set up the recommended controls.
  

STEP 5 – CYBER INSURANCE  

• Ensure a cyber insurance contingency plan in case anticipated threats occur and compromise data security. If you don’t have a dedicated IT staff, upskill and invest in cyber security training for your team.

STEP 6 – IMPLEMENT DATA SECURITY  MEASURES

• Start implementing data security protocols established by you and your team. Managers and executives must establish a data protection strategy for the business, and execute such strategy daily.

WHAT INTOGREAT HAS TO OFFER TO SMALL-MEDIUM ENTERPRISES

Our first class offices in Metro Manila are located in one of the central business districts where we have access to highly qualified talent from top universities in the country. When offshoring with Intogreat, our highly skilled team will ensure total security of your data. We will set up a secure IT environment offshore for your business.

This is a priority of our Business Preparation / Foundations Services. In terms of IT infrastructure and operations, we ensure:

• A secure two-layer network with up-to-date firewall for a client secured environment
• IP-locked network server and multiple redundancies for backup
• All PCs of offshore staff have antimalware programs installed and running
• Malware detection capabilities of all PCs are up-to-date
• Data security preventive measures are in place before onboarding staff
• PCs, laptop terminals, and office applications are password-protected

Below is our current setup showing how our IT infrastructure and protocols ensure total data protection for our organisation and our clients.

Fig. 1. Intogreat’s IT infrastructure

HOW WE MITIGATE CYBER SECURITY RISKS

Controls are implemented in our offices to mitigate data security risks and limit the accessibility of our clients’ data assets.

DATA SECURITY PRECAUTIONS WE IMPLEMENT

ALLOWED

• Our offshore staff adopts videoconferencing abilities of our client to be able to communicate with Australian staff seamlessly and securely.
  
• Security personnel guard our offices 24/7. Work areas are only accessible by use of personal and secured ID badges.
• Our offshore staff make use of the client’s security applications (i.e. Citrix, RDS, password manager).
• We provide clients with our server’s IP address to enable IP locking.
• We restrict emails to and from external addresses by setting up email security policies among offshore staff.

NOT ALLOWED

• Access to external email providers, instant messaging applications, social networking websites, etc.
  
• Use of mobile phones and gadgets in the work areas
  
• USB functionality in workstation desktops or laptop terminals
  
• Data storage outside of client’s storage media / data warehouse
  
• Access to printers