Data has become the lifeblood of modern life as everything from room temperatures and health records to banking details and WhatsApp messages are collected and stored.
The rapid digital transformation of businesses and services has created an unprecedented amount of data. This data has become so valuable that there are hacking syndicates and lone-wolf hackers who do nothing else but try to steal it.
In South Africa, data breaches cost a company an average of R28,6-million, says Dr Aleksandar Valjarevic, head of professional services at LAWtrust, citing research by the Ponemon Institute.
This cost is a cumulative loss based on downtime, loss of revenue and customers, and reputation damage, Valjarevic says.
A look at the past 11 years of research of more than 2 000 companies worldwide, shows that data breaches are a part of doing business, as the number of breaches has remained fairly constant over that period.
“What this tells us is that data breaches are a permanent cost of doing business,” Valjarevic says.
Part of the solution to managing this is to have a strategy in place to recover your data by ensuring that it is backed up, and that it is protected through some degree of encryption so that even if it is stolen, it is not useful to the thief.
The Ponemon research shows that South African companies are anticipating a 24% probability of data breach within the next 24-month period.
“Data breaches are a reality – they will happen. It doesn’t really matter over what period … the systems will be breached. What is most important then is that data must be protected,” Valjarevic says.
“The data that is taken must not be valuable to the one who wants to steal it, but it must remain valuable to you. The good news is that this can be managed with any number of strong cryptographic solutions.”
This approach to mask or encrypt data can also be used to minimise the impact of ransomware attacks, where a business is held to ransom by a hacker stealing its data or locking the company out of access to its data until a ransom is paid.
With new regulations coming into use to ensure that personal information is protected and that forces companies to disclose breaches, it is likely to show just how vulnerable companies are to attacks as they become visible to the public.
“We are not hearing so much about breaches, but when the new personal information protection regulations come into force, companies will be forced to disclose their breaches,” Valjarevic says.
LAWtrust recently partnered with global specialists in digital security Thales e-Security to deepen its security solutions offerings to meet growing demand both locally and globally.
According to the Thales Data Threat Report 2017 published last month, which surveyed 1 100 IT executives, spending on cybersecurity solutions has been increasing. But the Thales study shows that the type of spending is not matching the changing nature of the threats.
Jon Geater, chief technology officer at Thales e-Security, says this phenomenon can in large part be explained by the fact that investment decisions about new technologies are increasingly being made by “people in the business development parts of the businesses, while the IT and security people have moved further away from the buying decision”.
The Thales Data Threat Report 2017 also found that while companies are recognising the increased threat from cyberattacks and are responding by investing more to protect themselves, the same companies are spending money on the same technology solutions; they are not keeping up with the speed at which threats are morphing into new threats.
Geater says there is also a mismatch in the timing of what companies are buying.
Almost two-thirds of the executives surveyed admitted that their companies are deploying new technologies within their organisations “in advance of having appropriate levels of data security in place”.
This is because business development executives are driven by different incentives, and deploying the latest technology is often decision that is made to create a competitive advantage over competitors.
“Change is constant in the digital space, and just as soon as you have a new solution, there are moves being made to improve how your system can be compromised,” Valjarevic explains.
“It is vital for all companies to ensure they have strategy in place to address the risks where it is possible to do so.”