Story image

Tighter data regimes demand action: four steps to cyber security

14 Mar 2018

Article written by AT&T regional security director for Greater China Sharon Chan.

As China and the European Union (EU) strengthen their data protection and privacy regimes, Asia-based companies that do business across borders need to reassess their cyber security readiness.

Tougher data regulation in major markets 

When China’s new national standard on personal information protection comes into effect this May, it will put strict checks on how companies manage and share user data. The new regulation is very comprehensive, applying to a wide range of sensitive personal information. It is also very exacting. Companies will need to follow specific security testing processes and other procedures, including gaining user consent to share data.

The long-awaited General Data Protection Regulation (GDPR) also begins in May, to give individuals in the EU more control over how personal data, like IP addresses, may be collected, used and stored. With heavy penalties for GDRP violations, the new law demands that entities implement measures to provide for data protection, as well as disclose personal data breaches to regulators within 72 hours of awareness.

International companies will need to comply with the new systems if they want to have access to China’s 1.4 billion consumers or the EU market of 500 million people. And while the two systems have their differences, they both demand that companies do more to protect customer data.

Checklist to reassess security readiness

To safeguard your business for the long term now is the ideal time to reassess your readiness to help protect your data and meet increasingly strict regulations with this four-point checklist.

1. Conduct a cyber security risk audit

A cyber risk audit helps you to determine how to best apply your current and future cyber security investments. It is important to conduct risk assessments specific to the threats that could impact the business most and to include an evaluation of the cyber security posture of emerging technologies, such as the Internet of Things, mobility and cloud security. A gap analysis is also useful to help you understand where you are compared to where you want to be.

Regular assessments are key. Two-thirds of the organizations surveyed for the 2017 AT&T Global State of Cybersecurity review admitted they did not conduct ongoing cyber risk assessments.

2. Set up a threat alert platform

In today’s distributed networks, every end-point – be it an IoT device, employee mobile device or drone – is a potential new entry point, but each has different security implications. The key lies in designing an integrated platform for all end-points with a built-in, always-on security approach, and using overarching threat analytics to study the overall ecosystem.

Automated threat detection and response processes on this platform are going to be increasingly important for meeting auditing and compliance requirements. Ideally, you will create a feedback loop between your internal cyber security operations and a flexible risk management strategy that evolves based on daily threat activity and response.

3. Get support from your service providers

To help to protect sensitive data and apps that reside on your network and move between devices, users and networks, you need to work with your service providers. You should have full visibility into your network traffic and be able to authenticate and authorize legitimate users while blocking suspicious activity.

More companies today are using artificial intelligence (AI) and blockchain technologies to support their customers. AI tools can detect anomalous behaviour and zero-day attacks and help you overcome the challenge of limited security resources. Blockchain helps you to build a trusted digital network with a high level of data integrity and operational transparency.

4. Organize ongoing staff training

People are still the weakest cyber security link. The 2017 AT&T Global State of Cybersecurity report found that a cyber security attack had negatively affected nearly 80% of surveyed organisations in the past year, but only 61% mandated security training for staff.

Every member of your team needs to be aware of new types of security threats and what to do to meet tighter regulations. Cyber security training ought to be a regular occurrence: once a year at a minimum. Building a security culture takes time and effort and this sort of ongoing conversation with a top-down approach is essential.

At the same time, threats are getting more sophisticated. From casual intruders to well-funded criminal organisations, hackers are increasingly using big data analytics to search for vulnerabilities and using AI for social engineering attacks, such as phishing, to steal sensitive data and credentials. 

Daily cyber security events now number in the millions, and we should expect ransomware, malware and other attacks to continue to escalate. The focus has to be on changing user behaviour.

Five things MSPs need to keep in mind in 2019
A Datto APAC channel exec outlines the most important factors for MSP to being paying attention to in the coming year.
Survey: IT pros nostalgic over on-prem data centre visibility
There are significant security and monitoring challenges faced by IT staff responsible for managing public and private cloud deployments.
61% of CIOs believe employees leak data maliciously
Egress conducted a survey to examine the root causes of employee-driven data breaches, their frequency, and impact.
Opinion: BYOD can be secure with the right measures
Companies that embrace BYOD are giving employees more freedom to work remotely, resulting in increased productivity, cost savings, and talent retention.
Sonatype and HackerOne partner on open source vulnerability reporting
Without a standard for responsible disclosure, even those who want to disclose vulnerabilities responsibly can get frustrated with the process.
OutSystems and Boncode team up for better code analysis
The Boncode and OutSystems alliance aims to help organisations to build fast and feel comfortable that the work they're delivering is at peak quality levels.
Nozomi and RIoT to deliver advanced ICS security solutions to Australia
''As a specialised integrator of robust and resilient ICT and IoT solutions within Australia, we are delighted to be partnering with Nozomi Networks."
Nuance biometrics fight back against fraud
Nuance Communications has crunched the numbers and discovered that it has prevented more than US$1 billion worth of fraud from being passed on to users of its Nuance Security Suite.