Data Leakage is becoming increasingly common, with nearly two-third of organisations being affected by it. Today, as Data Breach is inevitable, there is a need to go beyond perimeter security.
As India moves towards digitalization, we progressively become dependent on applications for our day-to-day chores. Using these applications may involve sharing private information such as email IDs, addresses or bank details; which are then stored as data in servers owned by organizations that make these applications.
Such personal data can be a crucial differentiator that an organisation utilises to gain insights and intelligence. These insights ultimately decide an organisation’s potential for success and hence, it is very important for them to collect data and more importantly, protect it to succeed.
The unauthorised transfer of classified information from a computer or data centre to the outside world can be devastating to an organisation and its customers. Such data breaches can aid unauthorised individual(s) to view or steal sensitive, protected or confidential data, that may involve personal health information, personally identifiable information, trade secrets or intellectual property.
A data leakage or data breach can affect an organisation in adverse ways. In an instant, data leakage can cause loss of reputation and can damage the brand value of the company. The necessary legal and infrastructure expenses to deal with the breach may be less, but the hidden costs of the lost or misused information can be huge.
Due to inadequate media coverage on data security, it is often assumed that data leakage or data breach doesn’t affect Indian organisations as much. But according to IBM Security Solutions, the highest number of information breaches occur in India. For instance, in India, 31,225 records were breached in 2015, whereas 29,611 records were breached in the United States. There was a 64% increase in security incidents in India in 2015, as compared to 2014. As per a study by IBM and Ponemon Institute, the average cost of data breach has increased to Rs. 9.73 crores in 2015, as compared to Rs. 8.85 crore in 2014.
In 2016, there was a major breach that compromised around 3.2 million debit cards of Indian banks; out of which, SBI, HDFC, ICICI, Axis and Yes Bank were affected the most. The breach happened in the network of Yes Bank ATMs – managed by Hitachi Payment Services. After a forensic audit conducted by SISA, it was concluded that a malware infection, that took about six weeks to detect, compromised the financial transactions that took place during this period.
But this is not the only major instance of data leakage. Recently, according to the cyber security firm Fallible, McDonald’s India app ‘McDelivery’ was leaking personal data of over 2.2 million users, including information such as user names, email addresses, phone numbers, home addresses, home coordinates and social media links. McDonald’s later asked its users to update their application as a precautionary measure, thus implicitly acknowledging the possibility of a leak. Fallible, the cyber security firm wrote on its posts that it discovered more than 50 instances of data leaks in Indian establishments.
While some people believe that it is the lack of adequate data protection laws in India that result in data leaks, it is important to remember that data leaks occur regularly, even when there are stringent data protection laws, as in the United States and Europe. From such cases, one can assume that data breaches are inevitable.
According to the Vormetric Data Threat Report, nearly 91% of organisations felt vulnerable to data breach. Almost 61% of organisations have had a data breach and 22% of organisations faced data breach in the last year.
Today, the best of technologies are found to be inadequate in dealing with data leakage and data breach. Compliance to law is high in developed nations, yet data breaches occur with regularity. There needs to be a paradigm shift in how organisations worldwide respond to data leakage threats.
The traditional approach to information security has been to build walls around an organisation’s IT infrastructure perimeter and as threats increase, these walls get higher. But attackers are getting creative and they continue to develop new methods to circumvent such preventive measures. The perimeter based approach is necessary, but not sufficient.
There is a need to plan for what happens after these perimeter walls are breached or subverted. According to Pierre Audoin Consultants, firms usually spend around 85% of their cyber security budgets on prevention technologies and 15% of budgets on responses. As data breaches become inevitable, this ratio has to change.
Theft and misuse of data can be avoided with the use of Enterprise Digital Rights Management (EDRM). Whether it’s an intentional transfer of data or information that has been malevolently stolen, EDRM can avert misuse of critical data by unauthorised access, by persistently protecting files wherever and however they are shared.
There is an alarming need to deploy ‘smart technologies’ such as EDRM to ensure that the leaked data is not used by unintended recipients; and organisations can control who accesses information, for what purpose, when and through which medium. This will not only avoid putting an organisation’s reputation at risk, but will also protect it from vulnerable data breach incidents.
(Disclaimer: This is a guest post submitted on Techstory by the mentioned authors. All the contents and images in the article have been provided to Techstory by the authors of the article. Techstory is not responsible or liable for any content in this article.)
Image Source: kaspersky blog
About The Author:
Responsible for driving sales revenue across India, Middle East and Asia at Seclore, Amit Malhotra brings over 20 years of experience in various Sales and Marketing roles in the IT Industry across India and the Asia Pacific region.
He holds a B.T. degree from Regional Engineering College (NIT), Kurukshetra, along with a Management course from Indian Institute of Management, Calcutta (IIMC), and completed the Asian International Executive Program (AIEP) from INSEAD