Authored by: Dato’ Ts. Dr. Haji Amirudin Bin Abdul Wahab FASc
In the near future, the world’s most valuable resource may no longer be oil but data. If harnessed and analysed, data can drive good decision-making and result in revenue opportunities, cost savings and efficient operations. Moreover, companies can gain crucial insights into their customers’ preferences, purchasing behaviour and interests.
It is no wonder cybercriminals are highly motivated to ‘acquire’ data, especially personally identifiable information (PII). PII can be considered as any information that can be used to identify a person from name, IC number, date of birth, contact details to banking information and healthcare records. With such massive amounts of sensitive data being stored in the cloud today, data breaches are almost inevitable. Data breach incidents which involved sensitive information such as medical information may threaten the security and economic wellbeing of users.
Failing to ensure adequate data protection may result in a data breach incident. If an organisation becomes a victim of a cyberattack, not only is the personal data of customers, employees and business partners are at risk but also confidential files and trade secrets may be affected too.
For the first time ever, cyber incidents have been ranked as the most important business risk globally in Allianz Risk Barometer 2020. Experts believe the number of cyber-attacks and intrusion victims is higher as many companies and organisations do not report them because this may eventually affect their company’s image and reputation. Malaysia recorded 10,772 cybersecurity incidences in 2019 with almost 14% (1,463 cases) being intrusions or attempted intrusions. While some incidences were caused by out-dated security patches, a few cited weak cybersecurity protection and disgruntled former employees as reasons for the data theft. Malaysia was ranked fifth-worst in privacy protection among 47 countries studied by Comparitech.com, a UK-based technology firm.
The most prevalent data breach today is through malicious activities perpetuated by cybercriminals or from within the organisation. Aside from computer hardware or software issues, human error is another likely route for data breach to happen. Improper control of data circulation involving third parties such as vendors and developers, insider threats and weak system configuration are among the most common causes for data breach. To counter the rising cases of system hacking and intrusions, a heavier penalty is required. The penalty should not just apply to data breach offenders, but also include companies that failed to safeguard customers’ data.
Prioritise Data Protection and Compliance
Companies are advised to practice necessary security process in managing their information among others are to conduct risk assessment periodically, have policies or procedures in information classification and handling, implement necessary countermeasures as results of risk assessment, monitor the effectiveness of these countermeasures and establish incident management. The organisations can apply data masking techniques such as encryption, anonymisation and pseudonymisation before sending any data to the cloud. Additionally, a secured and trusted network such as Virtual Private Network (VPN) should be used for data in transit and at rest. Besides, security control measures such as two-factor authentication must be put in place to ensure confidentiality and integrity of data is preserved.
Data breach can happen to anyone, anytime, and anywhere. Undoubtedly, data will continue to be the most precious commodity in the business world. It is crucial for organisations in Malaysia to improve data protection and compliance. They must be vigilant in maintaining high levels of awareness and engagement with employees to ensure that best practices for managing data security are adopted.