Story image

For businesses, data is the new currency, but it’s vulnerable

With more data being created in the last two years than all previous years combined, it’s no surprise that businesses are now storing more data than ever before. 

To add to this, the adoption of IoT devices will have a massive impact on the amount of data being produced. The value data holds for a business and its impact on the bottom line has grown, as data now holds the key to understanding market trends and customer demand.

The value of data has increased so much in recent years that most businesses (85%) believe it now holds the same value as currency for solving business challenges. The data that organisations hold is becoming their unique selling point and, in an increasingly competitive market, any data that sets a business aside from its competitors is worth a great deal. 

However, this data is only valuable if the integrity of the data is maintained. If it’s changed by a hacker, it could lead to companies making decisions based on inaccurate data, which could have catastrophic effects. 

Consequently, hackers are constantly looking for ways to leverage this data for their own benefit, by selling it to competitors or manipulating it to disrupt a business.  With almost half (45%) of Australian organisations reporting that their entire network can be accessed by unauthorised users, there are significant risks ahead.

Data is valuable to businesses, and hackers

As data grows in value to businesses, cybercriminals actively monitor businesses to understand exactly what data they collect and store. This is then analysed to predict what would make them the most money if it could be acquired. As cybercriminals develop this intelligence, businesses must make sure they know the true value of the data they hold as well. 

Typically, the data which holds the most value is customer information, or personally identifiable information (PII). PII helps businesses personalise their offerings, and predict market trends. Through information such as dates of birth and payment details, customers and other affiliated individuals can be identified and their financial and other personal data compromised. 

Alternatively, they could use data such as recent purchases to target customers with social engineering. With this information, a hacker could pose as a trusted organisation, such as a bank, to convince targets to part with further personal information. 

Businesses that do not encrypt PII held with them risk it being stolen, sold to competitors or exposed publicly. Despite this, our research found that over a third of Australian organisations still do not encrypt valuable data such as customer (33%) or payment (44%) information. 

Historically, businesses have relied on cybersecurity measures which protect their networks and perimeters to secure themselves. This failure to encrypt PII may stem from the reason that the vast majority (99%) of Australian organisations considering their perimeter security systems effective at keeping unauthorised users out of the network. 

This indicates that there is a lack of understanding of the difference between securing the network and securing data. 

Misplaced priorities

With new data protection regulations implemented earlier this year, cybersecurity requirements under law have changed drastically in the Australian market. Businesses that have been pouring their investment into perimeter security have found that they have failed to do the most important thing: protect their data at its source. 

This is where the most risks are for businesses and where they need to focus their efforts on security. By failing to introduce fundamental security measures such as encryption and two-factor authentication, businesses are effectively leaving their data unprotected and easy to steal or manipulate. 

The gap in understanding of the most effective cybersecurity solutions is preventing businesses from complying with data protection laws. Since the introduction of the Notifiable Data Breach legislation in February, businesses that don’t improve their cybersecurity are facing severe legal, financial and reputational consequences. 

Perimeter security does not provide enough protection against threats, and businesses must introduce the correct security protocols in order to secure data at its source and keep valuable information safe.

Article by Gemalto A/NZ Regional Director Graeme Pyper

Tensions on the rise after Huawei CFO arrest
“Recently our corporate CFO, Meng Wanzhou, was provisionally detained by the Canadian authorities on behalf of the United States of America."
Palo Alto Networks integrates RedLock and VM-Series with AWS Security Hub
AWS Security Hub is designed to provide users with a comprehensive view of their high-priority security alerts and compliance status.
Juniper simplifies data integration to improve threat detection
Updates to the Juniper Advanced Threat Prevention Appliances leverage third-party firewalls and security data sources.
Is mobile shopping compromising your enterprise security?
When employees do their holiday shopping on company resources, security teams have a challenge with the surge in browsing and online transactions.
Different approach to malware detection needed – VMware
Security needs to move away from the traditional approach of chasing after arbitrary forms of malware.
Modernising ERP systems can help organisations comply with GDPR
“Organisations need to look for modern ERP systems that are specifically designed with GDPR in mind."
APRA Prudential Standard CPS 234: How to communicate with the board
The Australian Prudential Regulation Authority’s standard, CPS 234, is aimed at minimising the threat of cyber attacks for APRA-regulated entities.
Cyber attacks develop complexity, target Windows sysad tools - report
The report explores changes in the threat landscape over the past year, uncovering trends and how they are expected to impact cybersecurity in 2019.