SecurityBrief Asia - Technology news for CISOs & cybersecurity decision-makers
Story image
Cybersecurity experts offer critical advice on eve of Data Protection Day
Sat, 27th Jan 2018
FYI, this story is more than a year old

Data Protection Day is fast approaching with the annual event due to be recognised on Sunday the 28th of January.

The day is acknowledged in the US, Canada and 47 European countries, and has been upheld for more than 10 years. It's main purpose is to raise awareness and promote privacy and data protection – particularly among businesses.

This year the occasion has a special significance as in less than six months, businesses around the world are due to be rocked to the foundations when the EU's General Data Protection Regulation (GDPR) comes into force.

The UK government is also reviewing the Data Protection Bill, designed to bring the UK's data protection laws in line with the landmark EU Regulation.

In light of this, we have gathered insights from various experts to offer advice on what organisations need to prioritise and consider when it comes to keeping data safe.

Aeriandi CPO and co-founder Tom Harwood

"It is estimated that between 30 and 50 percent of all fraud incidents are initiated with a phone call. Telephone agents in contact centres are particularly vulnerable to social engineering and manipulation.

Web based security measures have evolved much faster than those for voice and telephone in recent years.  For the web there's always the option of multi-factor authentication.

There's also behavioural monitoring as a preventative measure and identity based management – all improving degrees of data security. The same is not true however for phone-based contact, which is still a poor relation to online."

Bitglass CEO Rich Campagna

“Data Protection Day is the perfect time to remind organisations about protecting data that moves beyond the network perimeter.

Organisations have a responsibility to safeguard customer data, wherever it might reside. Anyone with a credit card can now purchase and deploy cloud apps, so IT leaders must look for ways to continue to protect data in light of this new reality.

Being able to identify rogue cloud application usage is just one piece of the puzzle – acting on this information is often more challenging. Businesses need to rethink their approach to data protection in the case of cloud applications – if you're not able to control the application, make sure that you have measures in place to track and manage the traffic and data itself.

In a similar vein, too many companies focus on prevention, malware detection and remediation capabilities instead of properly securing the data itself. If companies have the appropriate data protection technology installed in their environment, it can prevent data from being accessed or leaked by malicious attackers."

Nexsan CTO and founder Gary Watson

"With fraudsters increasingly looking for ways to exploit telephone contact centre agents, and regulations like GDPR coming into play, organisations must use events such as Data Protection Day to give voice security the attention it deserves.

Secure phone payment solutions can completely eliminate the need for sensitive payment information to enter the contact centre environment in the first place, making them a far less appealing target for criminals and removing the associated risks to the organisation.

Whether for analytics, training purposes, compliance adherence or other business processes, the volume of call recordings being generated today is growing at an exponential rate.

Organisations that fail to take securing this data seriously are not only risking the safety of their customers' most sensitive information, but also gambling with their own reputation."

Cloudhouse CEO, CTO and founder Mat Clothier

“An element to data protection that is often overlooked is the need to run up-to-date operating systems.

Security best practice will always advise organisations to move away from legacy, unpatched versions that are vulnerable to data theft or loss – users of Windows XP, Server 2003 and, soon enough, Windows 7, all face this challenge.

However, it's easier said than done; organisations of all industries often find themselves having to rewrite legacy apps not built for modern platforms, which can be both time-consuming and costly.

Thankfully, compatibility containers can now help any business looking to take a comprehensive approach to data protection in 2018, enabling the mobility of mission-critical, legacy apps to the safety of a support OS."

Zerto EMEA VP Peter Godden

"We are less than one month into 2018, and already it's becoming difficult to overstate the threat that an out-of-date approach to data protection poses.

The recent discovery of two major security flaws, Meltdown and Spectre, as well details of the Equifax and Wannacry data breaches in the past twelve months, have proved that the whole world is vulnerable to data loss of theft.

We need to assume that complex attacks will happen, and unfortunately, sometimes succeed; although it may not be the direct fault of a CEO or CIO, it is still their responsibility to be prepared for and deal with its aftermath.

Having an up-to-date, rigorous IT resiliency plan in place can prevent any lasting damage that could occur. The challenge when an unavoidable attack hits is less the intrusion itself, but rather the protection against valuable data loss and the ability to recover immediately.

Ultimately, the end goal is to maintain regular business operations so that customers and end-users alike will not experience any interruption to their services and data."