By Stergios Saltas
Data breaches can be incredibly costly. In fact, a 2017 research report from IBM and the Ponemon Institute found that the average total organisational cost of a data breach in South Africa was R32,360,000.
These breaches are only getting more costly too. According to IBM, an increase of 12% in the total cost of a data breach was recorded compared to 2016, while the cost per lost or stolen data record went up by five percent.
A data breach, in other words, is something you definitely don’t want to happen to your organisation.
As to the root causes of data breaches, 43% of incidents involved a data theft (exfiltration) or criminal misuse and another 29% of incidents involved employee negligence or human error. The remaining 28% were as the result of a system glitch or business process failure.
There are a number of initiatives you can undertake, including taking action to improve your document security capabilities, to ensure it doesn’t happen to you.
Businesses have to circulate many different types of documents that often contain private information – invoices, statements, policies, collections letters – and are legally obligated to ensure the information is kept private.
Securing the documents distributed and stored by your organisation means not having to worry about that content should you fall victim to a data breach.
Identity will be more important than ever
Identity – and specifically identity verification – remains a major concern in the security space. Many of the biggest breaches happen because a criminal is able to pretend that they’re someone who should have authorised access to a network or database.
Businesses need to be vigilant, and ensure their data protection is solid on all levels. It’s not enough to have strong network security and a great physical access policy, when the information used to gain access to restricted data is easily stolen.
In the document security space, it makes no sense to use highly sophisticated encryption to protect a document, but then only require users to input their identity number or birth date before granting them access to the contents. It’s tantamount to building a massive wall around your house, but then providing a ladder from outside to easily gain access to your private property.
Several high-profile incidents in 2017 demonstrated how easy it is for cybercriminals to get their hands on personal information like ID numbers. The most pertinent to South Africa saw some 30-million ID numbers stolen in a data breach.
While a security provider with a strong track record can help your organisation avoid such a scenario, you still have to make the right decisions around security versus ease of access.
When it comes to securing the contents of a private document, the encryption can be highly sophisticated, but if the sender of the document chooses an ID number as the ‘access code’, it doesn’t matter how good the encryption is. Criminals will run a ID number database against the authentication layer and open the document when it hits the right one.
On phishing and education
It’s also important to remember how big a role phishing plays in malicious attacks. According to PhishMe, more than 90% of all cyber attacks start with a phishing email. Another PhishMe report, meanwhile, found that a similar percentage of South Africa IT security decision makers have dealt with security incidents originating from deceptive emails.
These emails can target an organisation’s customers as well as its employees.
But if you properly secure the documents you send out via email and educate your employees and customers around what those emails look like, they’re far less likely to fall victim to phishing attacks, even as they become more sophisticated.
Consumers, meanwhile, should stay abreast of what new scams are being circulated. All the large retail banks have scam alerts on their websites to make customers aware of new phishing campaigns and risks. They also have dedicated contact points for customers to report suspicious emails using their branding. Organisations in other spaces only stand to gain by replicating this model.
That said, it’s vital to keep in mind that document security should just be one part of your strategy when it comes to countering the threat of data breaches.
Just as the tactics used by those committing data breaches are varied, so your defences against them should be.
Stay on top of the latest security trends and keep looking for ways to bolster your organisation’s defence against data breaches. With all of these approaches, remember that spending a little money now could save you the much bigger cost that comes with falling victim to a data breach.
- Stergios Saltas is Managing Director, Striata SA