Data has become the lifeblood of modern life as everything from room temperatures and health records to banking details and WhatsApp messages are collected and stored.
The rapid digital transformation of businesses and services has created an unprecedented amount of data. This data has become so valuable that there are hacking syndicates and lone-wolf hackers who do nothing else but try to steal it.
In South Africa, data breaches cost a company an average of R28.6-million, said Dr Aleksandar Valjarevic, head of professional services at LAWtrust - Africa’s leading digital security company, speaking at the LAWtrust Thales Trust Symposium in Johannesburg on Tuesday night. He was citing research done by the Ponemon Institute.
This cost is a cumulative loss based on downtime, loss of revenue and customers, and reputation damage, Valjarevic said.
A look at the past 11 years of research of more than 2 000 companies worldwide, shows that data breaches are a part of doing business, as the number of breaches has remained fairly constant over that period.
“What this tells us is that data breaches are a permanent cost of doing business,” Valjarevic said.
Part of the solution to managing this is to have a strategy in place to recover your data by ensuring that it is backed up, and that it is protected through some degree of encryption so that even if it is stolen, it is not useful to the thief.
The Ponemon research shows that South African companies are anticipating a 24% probability of data breach within the next 24-month period.
“Data breaches are a reality – they will happen. It doesn’t really matter over what period … the systems will be breached. What is most important then is that data must be protected,” Valjarevic said.
“The data that is taken must not be valuable to the one who wants to steal it, but it must remain valuable to you. The good news is that this can be managed with any number of strong cryptographic solutions.”
This approach to mask or encrypt data can also be used to minimise the impact of ransomware attacks, where a business is held to ransom by a hacker stealing its data or locking the company out of access to its data until a ransom is paid.
With new regulations coming into use to ensure that personal information is protected and that forces companies to disclose breaches, it is likely to show just how vulnerable companies are to attacks as they become visible to the public.
“We are not hearing so much about breaches, but when the new personal information protection regulations come into force, companies will be forced to disclose their breaches,” Valjarevic said.
LAWtrust recently partnered with global specialists in digital security Thales e-Security to deepen its security solutions offerings to meet growing demand both locally and globally.
According to the Thales Data Threat Report 2017 published last month, which surveyed 1 100 IT executives, spending on cybersecurity solutions has been increasing. But the Thales study shows that the type of spending is not matching the changing nature of the threats.
Jon Geater, chief technology officer at Thales e-Security, said this phenomenon can in large part be explained by the fact that investment decisions about new technologies are increasingly being made by “people in the business development parts of the businesses, while the IT and security people have moved further away from the buying decision”.
The Thales Data Threat Report 2017 also found that while companies are recognising the increased threat from cyberattacks and are responding by investing more to protect themselves, the same companies are spending money on the same technology solutions; they are not keeping up with the speed at which threats are morphing into new threats.
Geater said there is also a mismatch in the timing of what companies are buying. Almost two-thirds of the executives surveyed admitted that their companies are deploying new technologies within their organisations “in advance of having appropriate levels of data security in place”
This is because business development executives are driven by different incentives, and deploying the latest technology is often decision that is made to create a competitive advantage over competitors
“Change is constant in the digital space, and just as soon as you have a new solution, there are moves being made to improve how your system can be compromised,” Valjarevic said
“It is vital for all companies to ensure they have strategy in place to address the risks where it is possible to do so.
For media enquiries or more information, please contact Nicky Smith on 011 440 4841 or 082 338 5088, or at firstname.lastname@example.org; or Edwin Reichel on 011 440 4841 or 082 558 3645, or at email@example.com
LAWtrust is the leader in identity-based security in Africa. The firm, founded in 2006, became the first certificate authority to be accredited under the Electronic Communications and Transactions Act, allowing it to provide advanced electronic signatures. It is a trusted business partner for South Africa’s largest financial institutions and critical government departments. It is implementing a digital identity programme for the Department of Home Affairs, creating encrypted identities for 55-million South Africans. LAWtrust is able to design, implement, integrate and customise solutions that address a full suite of security needs for any organisation. LAWtrust is a leader in strong authenticated identities and encryption. www.lawtrust.co.za
About Thales e-Security
Thales e-Security is the leader in advanced data security solutions and services, delivering trust wherever information is created, shared or stored. We ensure that company and government data is secure and trusted in any environment – on premise, in the cloud, in data centres and in big data environments – without sacrificing business agility. Security doesn’t just reduce risk, it’s an enabler of the digital initiatives that now permeate our daily lives – digital money, e-identities, healthcare, connected cars and with the internet of things (IoT) even household devices. Thales provides everything an organization needs to protect and manage its data, identities and intellectual property and meet regulatory compliance – through encryption, advanced key management, tokenization, privileged user control and meeting the highest standards of certification for high assurance solutions. Security professionals around the globe rely on Thales to confidently accelerate their organization’s digital transformation. Thales e-Security is part of Thales Group. www.thales-esecurity.com