Forgotten your password?
Not yet registered? Click here!

LATEST NEWS

  • Suretyships and business rescueRead More
  • Better quality data equals increased profitabilityRead More
  • Major easing of exchange controls announcedRead More
  • Confidence: The key for unlocking your futureRead More
  • Five tips to grow your business in a downturnRead More
  • Disclosure of D & O Policies under Commercial AgreementsRead More
  • Anti-corruption legislation is becoming an international normRead More
  • Certification fraud denting marketRead More
  • Launch of new qualification will fill vital skills gapRead More

SOCIAL MEDIA

Information is the new currency. Is your data adequately protected? - Part 1

Jaroslav Cerny
CEO - RDB Consulting

Over the course of recorded history wealth has been measured by different things, from agriculture and land in the Middle Ages to manufacturing and industry at the beginning of the 19th century and the capitalist economy of 20th century. Towards the latter part of the 20th century, computers began to emerge as a powerful force to be reckoned with, and as the 21st century continues it has become increasingly clear that information has become the new currency and data can be regarded as a measure of wealth in today's world.

With the increased value of data there is a corresponding increase in the type of crime we experience as people, organisations and countries vie for power. In the middle ages the power belonged to those who conquered other lands, expanding their empires. When industry came to the fore, stealing ideas was the criminal's way of getting ahead, and those who had the best ideas first were the most powerful and profitable. Today, however, empires are built on information, and the biggest losses experienced by organisations and even governments revolve around data theft and data loss.

The reality is that criminals will always exploit vulnerabilities in order to make money, and companies' with vulnerabilities within their data security are the latest victims. From national intelligence agencies to the stock market and every organisation in between, adequate data protection has become of utmost importance in a world where wars are now being fought over information.

The on-going Wikileaks scandal is a well-known example of exactly what can happen when information falls into the wrong hands, but this is far from an isolated incident and there have been multiple examples over the years from across the globe. Months before a UK car manufacturer planned to launch their new model car, an identical vehicle appeared in Asia. This incident was the result of plans being stolen from the manufacturer and sold to the highest bidder, and ended up costing the organisation a fortune in lost revenue and position. In Luxembourg, a database administrator at a bank managed to find a way to trace anonymous offshore accounts back to their owners in Germany, and created CDs of this information which he offered to the German government for millions of Euros.

Even South Africa has not escaped this phenomenon, with the recent RICA registration process coming under fire for inadequate security resulting in cell phone users' information being accessed by identity thieves and unscrupulous marketers.

The most frightening similarity between all of these security breaches is the fact that they were perpetrated by internal employees. Hacking, while it still happens and must be prevented, has become out-dated, and security breaches more often than not originate within the organisation itself, where users have no need to hack but simply ask for permission to access. Having central databases to house information makes sense from a business perspective, but this also makes securing the database more important than ever. And while many organisations wait for a breach to happen before they take steps to address vulnerabilities, this reactive approach is often too late and the damage to reputation, profitability and competitiveness has already been done.

The biggest vulnerability within the database is people, since administrators often have access to all of the data contained in the database and controls are not put into place. This is precisely what happened in the Wikileaks incident, where the perpetrator simply copied all of the sensitive information onto disks and walked out with it. Other issues include weak usernames and passwords, unnecessarily extensive user and group privileges and access to features, unpatched databases and unencrypted sensitive data to name but a few.

Some of these security vulnerabilities are a simple matter to solve, particularly the password and username problems, but others require a more sophisticated technique. Measures need to be put into place to control what people can do with information they are permitted to access. It is also important to trace the actions of people who access the data with a system that does not allow for the deletion of log files, so that an audit trail can be created to assist in forensic investigations after a breach has happened.

Read More on: | Information Technology | Administration

RSS
What is RSS?