Story image

For businesses, data is the new currency, but it’s vulnerable

With more data being created in the last two years than all previous years combined, it’s no surprise that businesses are now storing more data than ever before. 

To add to this, the adoption of IoT devices will have a massive impact on the amount of data being produced. The value data holds for a business and its impact on the bottom line has grown, as data now holds the key to understanding market trends and customer demand.

The value of data has increased so much in recent years that most businesses (85%) believe it now holds the same value as currency for solving business challenges. The data that organisations hold is becoming their unique selling point and, in an increasingly competitive market, any data that sets a business aside from its competitors is worth a great deal. 

However, this data is only valuable if the integrity of the data is maintained. If it’s changed by a hacker, it could lead to companies making decisions based on inaccurate data, which could have catastrophic effects. 

Consequently, hackers are constantly looking for ways to leverage this data for their own benefit, by selling it to competitors or manipulating it to disrupt a business.  With almost half (45%) of Australian organisations reporting that their entire network can be accessed by unauthorised users, there are significant risks ahead.

Data is valuable to businesses, and hackers

As data grows in value to businesses, cybercriminals actively monitor businesses to understand exactly what data they collect and store. This is then analysed to predict what would make them the most money if it could be acquired. As cybercriminals develop this intelligence, businesses must make sure they know the true value of the data they hold as well. 

Typically, the data which holds the most value is customer information, or personally identifiable information (PII). PII helps businesses personalise their offerings, and predict market trends. Through information such as dates of birth and payment details, customers and other affiliated individuals can be identified and their financial and other personal data compromised. 

Alternatively, they could use data such as recent purchases to target customers with social engineering. With this information, a hacker could pose as a trusted organisation, such as a bank, to convince targets to part with further personal information. 

Businesses that do not encrypt PII held with them risk it being stolen, sold to competitors or exposed publicly. Despite this, our research found that over a third of Australian organisations still do not encrypt valuable data such as customer (33%) or payment (44%) information. 

Historically, businesses have relied on cybersecurity measures which protect their networks and perimeters to secure themselves. This failure to encrypt PII may stem from the reason that the vast majority (99%) of Australian organisations considering their perimeter security systems effective at keeping unauthorised users out of the network. 

This indicates that there is a lack of understanding of the difference between securing the network and securing data. 

Misplaced priorities

With new data protection regulations implemented earlier this year, cybersecurity requirements under law have changed drastically in the Australian market. Businesses that have been pouring their investment into perimeter security have found that they have failed to do the most important thing: protect their data at its source. 

This is where the most risks are for businesses and where they need to focus their efforts on security. By failing to introduce fundamental security measures such as encryption and two-factor authentication, businesses are effectively leaving their data unprotected and easy to steal or manipulate. 

The gap in understanding of the most effective cybersecurity solutions is preventing businesses from complying with data protection laws. Since the introduction of the Notifiable Data Breach legislation in February, businesses that don’t improve their cybersecurity are facing severe legal, financial and reputational consequences. 

Perimeter security does not provide enough protection against threats, and businesses must introduce the correct security protocols in order to secure data at its source and keep valuable information safe.

Article by Gemalto A/NZ Regional Director Graeme Pyper

Hillstone CTO's 2019 security predictions
Hillstone Networks CTO Tim Liu shares what key developments could be expected in the areas of security compliance, cloud, security, AI and IoT.
Can it be trusted? Huawei’s founder speaks out
Ren Zhengfei spoke candidly in a recent media roundtable about security, 5G, his daughter’s detainment, the USA, and the West’s perception of Huawei.
Oracle Java Card update boosts security for IoT devices
"Java Card 3.1 is very significant to the Internet of Things, bringing interoperability, security and flexibility to a fast-growing market currently lacking high-security and flexible edge security solutions."
Sophos hires ex-McAfee SVP Gavin Struther
After 16 years as the APAC senior vice president and president for McAfee, Struthers is now heading the APJ arm of Sophos.
Security platform provider Deep Instinct expands local presence
The company has made two A/NZ specific leadership hires and formed several partnerships with organisations in the region.
Half of companies unable to detect IoT device breaches
A Gemalto study also shows that the of blockchain technology to help secure IoT data, services and devices has doubled in a year.
Stepping up to sell security services in A/NZ
WatchGuard Technologies A/NZ regional director gives his top tips on how to make a move into the increasingly lucrative cybersecurity services market.
Huawei founder publically denies spying allegations
“After all the evidence is made public, we will rely on the justice system.”