Oct 2 2018
Cybersecurity is an issue that everyone – from enterprises to even private people – should be highly concerned with, as all it takes is one mistake for their safety to be compromised.
Businesses are putting in more importance with preserving their cyber safety, but that’s pretty much the end of the good news. Cyber-attacks are still a real and dangerous threat for any organization, and corporate security isn’t developing fast enough to properly counteract the danger. When it comes to such attacks, data is often the most common target – the right stolen data can severely affect businesses and turn the tide into the attacker’s favor.
In line with this, Microsoft held a DPO Summit last September 19, 2018, at the Shangri-La at the Fort, Manila to discuss how their corporation, businesses, and even customers can be more compliant with the Data Privacy Act (DPA) and EU’s General Data Protection Regulation (GDPR). Joseph Felix “Milo” Pacamarra, the Yondu Data Privacy Officer and InfoSec Analyst, was the speaker in the event, where he showcased the latest threats in the Philippines that are challenging the data privacy capability of companies – from healthcare, financial, corporate, retail, etc.
Cybersecurity: Recognizing You Have a Problem
First, he makes a point to remind everyone that, “The first step to solving a problem is recognizing there is one.” Business owners make the too-often mistake of not noticing the problems they have when it comes to digital security, and this is what cyber attackers prey on. Anything that is connected to the Internet of Things (IoT) – from security cameras to even traffic lights – can be compromised. Even the slightest of changes to their IoT-based routine can affect immediate productivity to overall business analytics.
Say, for example, a hacker managed to tap into a food manufacturing warehouse’s machinery. Even an addition of an extra second to the speed in which a machine operates can affect how many products it can finish making, bringing a decrease into production that would most likely not be noticed as the work of a cyber-attack. Decrease in production means decrease in saleable items, bringing down revenue, and may even require the corporation to replace their machine just to get things back on track.
A Deeper Look into Data Breach
Data breach isn’t as simple as how they present it in movies, Mr. Pacamarra explains. There are five ways that data breach can happen:
- Accidentally published – Human error is one of the biggest reasons for data breach. Incidents such as accidentally posting login credentials or sharing of storage can lead to a breach.
- Hacked/compromised – This is one of the most common perceptions on how data breach happens. Hackers deploy malware or use other means of tapping into systems from the outside.
- Inside job – This can range from corporate espionage, sabotage, extortion, or revenge by a disgruntled employee/executive.
- Lost/stolen devices – When devices such as laptops, phones, flash drives, or any device that contains work-related documents are lost or stolen, and these files are accessed by anyone who can exploit them.
- Poor security – Underdeveloped designs, processes, technologies, focus, and manpower pose serious threats to your company’s security.
Additionally, there are three common reasons why cyber-attacks are carried out:
- To establish the reputation or build the credibility of a newbie hacker,
- Financial gain, or
- Power, which often on the state-level
How can Data Breach Affect Your Business?
Data breach is a serious threat for businesses due to the various repercussions of such an event. If word goes out that a company experienced a breach in security and their data is compromised, the following are the likely effects on the organization:
- Brand damage – Clients and customers will be more unwilling to do business with the brand, as their name will inevitably carry the “hacked” label. They will be less willing to network with a company if there’s a risk that their sensitive data will be exposed.
- Stock price – This goes along with brand damage. The less clients trust your business, the less they’ll be willing to spend on projects alongside your company or avail of your products or services. Stocks plummet as a result.
- Cyber insurance premium – Just like in insurance policies, the higher the risk you face, the higher your premium will be. Once you’ve experienced data breach, this will be strongly considered when cybersecurity companies draft a quotation for you.
- Regulatory fines – the DPA and GDPR have respective fines that must be paid when companies are found to have experienced data breach.
- Loss of customer/business – When word gets out that your company experienced data breach, people naturally become more wary of transacting with your business, thus sales start to suffer.
- Legal and contract liability – Affected clients, individuals, and partner organizations can sue your company for mishandling their information.
- Compensation – You may be required to pay for damages to those who have been compromised due to the data breach.
- Increased security cost – When your system is compromised, you’ll have to pay more to put it back on track and employ a more robust system to prevent the data breach from happening again.
In the worst case scenario, you could lose your business when you experience a data breach and it becomes too late to salvage what has been extracted from you.
How to Stop Cyber-attacks
Cyber-attacks are dangerous, but not unsolvable. However, the underlying danger that most business often fail to consider when it comes to cyber-attacks is the fact that hackers don’t have a system, but they rely on businesses having one. As Mr. Pacamarra said, “There is no playbook for it.” Cybercriminals find every possible opportunity to attack, so it’s every company’s prerogative to establish a cybersecurity system that will continuously monitor and solve cyberattacks as they come.
The first step is, as mentioned, identifying the problem. This can be difficult when you’re not privy to the finer details in your system, like the coding language(s) used or how the system is built. However, that doesn’t mean that you’ve lost all hope – tools such as Yondu’s VA Program searches for vulnerabilities in your website and indicates in an easy-to-understand manner if your website is compromised or prone to it.
Afterwards, steps have to be taken to address these vulnerabilities properly. These solutions may range from simple bug fixes to more complex ground-up solutions depending on how badly-affected your website is. Because the Philippines is just coming into terms with Data Privacy and is only adhering to the Data Privacy Laws of the country, Yondu is creating new, innovative ways for its clients to adhere with Data Privacy through its software development projects.
From then on, it’s just a matter of constant vigilance on your web security to make sure that you catch attacks as early as possible and protect your data before a substantial amount of damage is inflicted.
We’re Here to Help
Yondu, a top IT solutions provider in the Philippines, has various products and services are always ready for your needs. Don’t hesitate to contact us today to learn more!