Data privacy is not new. In order to ensure that they remain safe from threats, it must first be ensured that only authorized users are able to access or modify the data. Attacks affecting data integrity jeopardize the security precautions by attempting to access the server in an unauthorized manner, and thus to modify the data. These data hacking activities could become powerful weapons.
This was the case in 2008, when Brazilian logging companies accessed government networks to inflate their operating quotas.
We also remember the Stuxnet worm, which used minor flaws and tried to destroy the Iranian nuclear program in 2010.
In 2013, a Syrian group pirated the Twitter account of the Associated Press stating that President Obama had been injured during explosions at the White House. This tweet caused a drop in the Dow Jones by 147 points.
Cyber-attacks is getting worse
The first generation of cyber-attacks simply try to cut off the access to data. They then evolved by trying to steal the data. Today, we find that the stolen data is changed just before being transferred from one machine to another, thus affecting the chains of operations.
In addition, the explosion of the Internet of Things (IoT) has significantly opened up new possibilities for hackers by offering many new targets, represented by as many connected devices as users.
Take Fitbit as an example; just look at the number of people who have access to the data, from the users and the manufacturer, to the third-party persons who accessed via an API (Application Programing Interface). This creates a proliferation of risks that the IT security market had not previously identified, since they were just objects used by consumers.
The power of data theft
Data theft can have serious consequences because they have the power to knock down a company, or even all of the related entities.
Today’s connected world continuously generates a wealth of data that businesses, professionals and industry analysts use to make decisions, create projections, identify forecast issues and more.
Attacks aimed at compromising the integrity of a company’s data may lead to a complete shutdown of its business. Thus, the stock markets could be attacked and collapsed if their data became defective. On the other hand, the power grid and other IoT systems such as signal lights or drinking water power plants could be severely disrupted if the data were altered.
If you think about it, the biggest threat could come from attacks that go unnoticed for years until their potential for harm is finally revealed. The main issue is trust. The decision-making is at the level of senior officials and business leaders; investors or consumers will be the victims if they cannot rely on the information they have.
What to do to protect the data?
At this point, it would be reasonable to believe that there is no solution for this problem. But actually, this is not the case.
The first question you should ask yourself should be, “What would you protect?” If you do not know what data you are trying to secure, there is no direction to invest time and money to protect data.
This is a simple enough question, but it is difficult to answer. In spite of this, the reflection that must be made is essential for any organization. A 3-step approach to data breach protection was highlighted in a recent blog post (http://www.networkworld.com/article/3135772/security/securing-the-breach-trumps-breach-prevention.html).
“By implementing a three-step approach – 1) encrypting all sensitive data at rest and in motion, 2) securely managing and storing all keys, and 3) controlling access and authentication of users -organizations can effectively prepare for a data breach. This allows us to see through cybersecurity’s reality distortion field and transition from an approach optimized for “reality as it was” – breach prevention – to a strategy optimized for ‘reality as it is’’ – the secure breach strategy.”
One thing is for sure, data thefts will continue to occur. To be convinced of the contrary would be utopian. But even though their complexity and scope are constantly growing, it is not necessary to devote all of its attention to it, as this would result in mobilizing the entire resources of the IT Security team of the organization. In summary, the best starting point is to know what information is important to protect.