Follow on Google News News By Tag Industry News News By Location Country(s) Industry News
Follow on Google News | 5.4 mn $ is the Average Cost of Data Breach for an OrganisationSensitive Data Exposure - A Nightmare To Business Enterprises
By: Indusface Apart from precious data loss, sensitive data loss has a much more serious impact on ‘brand image’ and reputation. As per a leading Ecommerce CEO, ‘Sensitive Data Exposure has become a real nightmare to all of us! It may cause a real embarrassment if such incidents occur to us.’ How Is Data Exposed? Here are 2 online ways, your data can be exposed: Intrusion: Intruders can gain access to your data through a weakness in web applications. Attackers may steal or modify such weakly protected data to conduct credit card fraud, identity theft, or other crimes. In September, Vodafone 2013 notified two million customers their personal and financial information had been breached.Generally Organisations don’t publicly disclose breaches of internal information and trade secrets, as they are with regulated consumer data. Additionally, there’s no fraud algorithm to alert victims about illicit use of such data, leaving many cases of espionage undiscovered. Most of what we know publicly about this genre of threat comes from incident responders, intelligence analysts, and malware researchers who compile and share their knowledge with the community. Phishing: This is an attack on customers rather than on organisations. This is a clever method of extracting information from unsuspecting individuals. An e-mail, designed to look like it originated from a reputable company, usually a bank or online store, will tell you that there is a problem with your account. If links appear in this kind of e-mail message, never click on them regardless of how “believable” Are You Vulnerable To ‘Sensitive Data Exposure’? The first thing you have to determine is which data is sensitive enough to require extra protection. For example, passwords, credit card numbers, health records, and personal information should be protected. For all such data: Is any of this data stored in clear text long term, including backups of this data? Is any of this data transmitted in clear text, internally or externally? Internet traffic is especially dangerous. Are any old / weak cryptographic algorithms used? Are weak crypto keys generated, or is proper key management or rotation missing? Are any browser security directives or headers missing when sensitive data is provided by / sent to the browser? How To Prevent ‘Sensitive Data Exposure’? Considering the threats you plan to protect this data from (e.g., insider attack, external user), make sure you encrypt all sensitive data at rest and in transit in a manner that defends against these threats. Don’t store sensitive data unnecessarily. Discard it as soon as possible. Data you don’t have can’t be stolen. Ensure strong standard algorithms and strong keys are used, and proper key management is in place. Ensure passwords are stored with an algorithm specifically designed for password protection, Disable autocomplete on forms collecting sensitive data and disable caching for pages that contain sensitive data. Consult Information Security Experts (http://www.indusface.com/ Consider investing on DLP solutions or for Web Applications a WAF with custom rules (http://www.indusface.com/ End
Account Email Address Account Phone Number Disclaimer Report Abuse
|
|