Sunday, 12 November 2017
Data Leaks – Is Your Business At Risk?
A convergence of business practices, social media – personal or professional – and existing as well as emergent technologies is resulting in an unprecedented level of threats and vulnerabilities for businesses. An ever expanding number of connected devices, the rapid rise of big data and Cloud Computing as established strategies and the need for connectivity across networks, carriers and platforms have resulted in an environment conducive to attacks and breaches. The situation is further complicated by the relative ease with which attacks can be launched by malafide agents, in terms of the expense and technologies involved.
Until the recent past, businesses in the UAE have typically relied on geo-blocking to control access into the country, followed by network specific security devices and measures to further keep out attacks. However, recent developments underscore just how inadequate such an approach is in the face of the more large scale and sophisticated attacks that hacking and data theft have evolved into. The UAE has one of the largest penetrations of online devices, per capita, in the entire world. Such an environment allows cybercriminals to easily create a botnet local to the ecosystem through the manipulation of the existing provider’s protection.
An often cited, a report released in the fall of 2016 estimated as many as 15000 instances of leaked credentials in the UAE alone – with the largest number of breaches reported from the technology sector. The UAE cyber security picture is further complicated due to practices indulged in by employees and enterprises themselves, representing a risk that established practices are inadequate in addressing. Given the sheer scale of the issue that has come to light, it clearly demands not mere concern, but the establishing of practices and process that address the threat. Clearly the vulnerability can neither be taken lightly nor be expected to subside without active intervention.
Cyber security solutions in UAE, to actively contain the threat and reduce susceptibility, should include:
- Creating and deploying policies to contain the threat and making sure that employees are well versed in executing them: The vast majority of vulnerabilities are best addressed through the implementation of well planned procedures and processes along with features that validate compliance among employees. Such a deployment should be preceded by increasing awareness among employees through the use of training that stresses the risks involved, as well as the fact that adherence to the new processes is critical.
- Advanced threat monitoring must be a critical component of business processes. It is essential, given the risks involved, that enterprises monitor online activity and access pertaining to their accounts and devices. Multiplicity of endpoints means that such monitoring must extend over all the networks that fall under the business’ ambit. Data exchanged with customers, suppliers, partners and service providers should particularly be scanned for instances that can result in vulnerability.
- Enhanced and specific network security is key to ensuring that data leaks can be minimized. The great majority of leaks can be traced to emails and online access. Companies must invest in robust procedures to contain leaks due to employee error and network access that is not sufficiently restricted.
- Sensitive and critical data must be encrypted and access to it must be monitored and audited. While quick access to data is often an easily addressed bottleneck in time based efficiencies, the threats that unwarranted access exposes enterprises to is a greater risk. Slight delays due to verification and authentication are a small price to pay for enhanced protection of data.
- While it may seem only a tiny detail, the adequate disposal of sensitive data that is no longer required can be a critical factor too – legacy data can often contain information that, though not currently in use, can cause vulnerabilities. Curating and keeping up to date must also extend to all aspects and elements of the network, data and protection that the business has deployed.
The rapidly evolving threats to data security requires a continual and painstaking response that a business must commit to and remain vigilant about. The consequences of not doing so are not merely a vulnerability, but they can bring down the entire edifice.