Story image

For businesses, data is the new currency, but it’s vulnerable

With more data being created in the last two years than all previous years combined, it’s no surprise that businesses are now storing more data than ever before. 

To add to this, the adoption of IoT devices will have a massive impact on the amount of data being produced. The value data holds for a business and its impact on the bottom line has grown, as data now holds the key to understanding market trends and customer demand.

The value of data has increased so much in recent years that most businesses (85%) believe it now holds the same value as currency for solving business challenges. The data that organisations hold is becoming their unique selling point and, in an increasingly competitive market, any data that sets a business aside from its competitors is worth a great deal. 

However, this data is only valuable if the integrity of the data is maintained. If it’s changed by a hacker, it could lead to companies making decisions based on inaccurate data, which could have catastrophic effects. 

Consequently, hackers are constantly looking for ways to leverage this data for their own benefit, by selling it to competitors or manipulating it to disrupt a business.  With almost half (45%) of Australian organisations reporting that their entire network can be accessed by unauthorised users, there are significant risks ahead.

Data is valuable to businesses, and hackers

As data grows in value to businesses, cybercriminals actively monitor businesses to understand exactly what data they collect and store. This is then analysed to predict what would make them the most money if it could be acquired. As cybercriminals develop this intelligence, businesses must make sure they know the true value of the data they hold as well. 

Typically, the data which holds the most value is customer information, or personally identifiable information (PII). PII helps businesses personalise their offerings, and predict market trends. Through information such as dates of birth and payment details, customers and other affiliated individuals can be identified and their financial and other personal data compromised. 

Alternatively, they could use data such as recent purchases to target customers with social engineering. With this information, a hacker could pose as a trusted organisation, such as a bank, to convince targets to part with further personal information. 

Businesses that do not encrypt PII held with them risk it being stolen, sold to competitors or exposed publicly. Despite this, our research found that over a third of Australian organisations still do not encrypt valuable data such as customer (33%) or payment (44%) information. 

Historically, businesses have relied on cybersecurity measures which protect their networks and perimeters to secure themselves. This failure to encrypt PII may stem from the reason that the vast majority (99%) of Australian organisations considering their perimeter security systems effective at keeping unauthorised users out of the network. 

This indicates that there is a lack of understanding of the difference between securing the network and securing data. 

Misplaced priorities

With new data protection regulations implemented earlier this year, cybersecurity requirements under law have changed drastically in the Australian market. Businesses that have been pouring their investment into perimeter security have found that they have failed to do the most important thing: protect their data at its source. 

This is where the most risks are for businesses and where they need to focus their efforts on security. By failing to introduce fundamental security measures such as encryption and two-factor authentication, businesses are effectively leaving their data unprotected and easy to steal or manipulate. 

The gap in understanding of the most effective cybersecurity solutions is preventing businesses from complying with data protection laws. Since the introduction of the Notifiable Data Breach legislation in February, businesses that don’t improve their cybersecurity are facing severe legal, financial and reputational consequences. 

Perimeter security does not provide enough protection against threats, and businesses must introduce the correct security protocols in order to secure data at its source and keep valuable information safe.

Article by Gemalto A/NZ Regional Director Graeme Pyper

Aerohive launches guide to cloud-managed network access control
NAC for Dummies teaches the key aspects of network access control within enterprise IT networks and how you can secure all devices on the network.
Sungard AS named DRaaS leader by Forrester
It was noted for its disaster-recovery-as-a-service solution’s ability to “serve client needs at all stages of their need for business continuity.”
Gartner: The five priorities of privacy executives
The priorities highlight the need for strategic approaches to engage with shifting regulatory, technology, customer and third-party risk trends.
emt Distribution adds risk intelligence vendor
Flashpoint has signed emt Distribution to provide channel partners in Oceania and South East Asia a solution for illicit threat actor communities.
CrowdStrike: Improving network security with cloud computing solutions
Australian spending on public cloud services is expected to reach $6.5 billion this year according to Gartner
Thycotic debunks top Privileged Access Management myths
Privileged Access encompasses access to computers, networks and network devices, software applications, digital documents and other digital assets.
Veeam reports double-digit Q1 growth
We are now focussed on an aggressive strategy to help businesses transition to cloud with Backup and Cloud Data Management solutions.
Paving the road to self-sovereign identity using blockchain
Internet users are often required to input personal information and highly-valuable data from contact numbers to email addresses to make use of the various platforms and services available online.