subject: Alarming Data Security Breaches and Identity Theft [print this page] Author: Syl Juxon Smith Author: Syl Juxon Smith
Across the globe, now mainly targeting African countries with evolving technology capacity like Ghana and other West African countries, online cyber criminals are focusing dedicated funds, time and resources to perpetrate fraud - and they are very adept at this process penetrating financial institutions, banks, businesses, governments critical mission infrastructures moving from towns to countries. The result has been a dramatic increase in online fraud that specifically targets consumers, enterprises and citizens. Every data breach or costly identity-theft case going on unabated and unreported erodes the public's confidence in the security of online POS and other financial transactions. This loss of confidence jeopardizes the ability of organizations to conduct transactions online effectively with wider patronage and profitability especially in Africa. Lack of knowledge and effective manpower resources in ICT security continues to make the situation more vulnerable with inadequate response. A myriad of security vendors have stepped to the forefront in attempts to ease these concerns. While this has inspired an explosion of innovation around both strong authentication and fraud detection, there have been challenges introduced as well. Some of these vendors are trusted providers of online security expertise, but many newer players in the African continent lack the experience and know-how that growing and larger organizations and businesses requires. Protecting the corporate brand, safeguarding customers and meeting the appropriate regulations are now primary security concerns for governments, private and the public sector institutions using data, biometrics and other modern technologies. To properly implement a strong, layered security strategy that fulfils those goals, organizations need to thoroughly review their overall business security and online activities and conduct risk assessments to determine the level of authentication and fraud detection required. There are many available security options that can help thwart fraud today and into the future, including multifactor authentication and fraud detection solutions. With a clear understanding of the tools available and ways to effectively begin and evolve, organizations can take the essential steps toward protecting consumers, enterprises and citizens today ... and tomorrow. Corporate and business information loss can mostly be credited to a company's internal organization, or lack thereof. In other words, in order to prevent data leakage, corporations must not only eliminate external threats, but also internal processes that could enable data leakage. In many cases emanate from lacking in security plan, internal risks as well as bad storage procedures. Costs associated with a data breach are rising leading to financial consequences and image damage that will see many firms struggling to lock down information and prevent leakage of sensitive data. The total average costs of a data breach grew to record high. Depending on the size of the breach, costs could become astronomically expensive. But in Africa, many in the financial and privacy level have a view that people over time will become indifferent to a data breach notification. But the breach found the costs associated with lost business continue to climb drastically. Lost business now accounts for data breach which costs is gradually climbing at an alarming rate. 2009 - Data breach costs soar: A trend indicates the costs associated with data breaches have soared and will continue to skyrocket unless companies do more to prevent them in the first place. Experts say breach costs are far reaching and could lead businesses, banks and merchants to find alternative payment methods which are ever flourishing in Africa (Grey/Black Market). Corporate information loss can mostly be credited to a company's internal organization, or lack thereof. African firms are not doing enough preventing data breaches. This is because many countries lack proper data policy management systems, no consumer watchdog unit and no government legislation regulating and protecting data handling and misuse. It's impossible to create an environment where you cannot have a data breach. Data breaches will continue even for the best of companies and government bureaucracy, but its how you detect it, how you respond to it and how you manage the risk that matters most. Companies, organisations and governments should be fearful of malicious insiders getting access to sensitive and confidential data. The rising tide of layoffs as a result of the poor economy has put a focus on the insider threat. But insider negligence continued to play a major role in causing a data breach. More than 88% of all cases involved incidents of insiders mishandling data and compromising job discreption because of the low wage paid to system analyst and administrators. Far fewer breaches were influence from white collar malicious insiders. Companies must respond to rising tide of insider threats with security training and awareness programs. Training programs were started by just few companies. And other firms said they are also creating additional manual procedures and controls which is not mentained or consistent. Fewer firms are investing in additional technologies like CCTV and Time Attendance Systems. Encryption was the first technology implemented after a breach. Of the technology options, companies have expanded their use of encryption. Technology should be implemented with education and diligence; African businesses too often get lulled into a false sense of security. One of the mistakes companies and individuals including IT administrators is relying only on encryption solution to network servers, desktops and laptops forget about thumb drives, email or FTP servers. Some are trying addressing some issues but not addressing the entire problem. Some companies turn to the use of third-party services to handle personal information such as payment transactions and customer loyalty programs. But they do not realise that those services may increase the risk of data leakage and also increase the cost of a breach. Breaches by outsourcers, contractors, consultants and business partners were up in 2009 in many African countries especially in Ghana. Third-party vendors often take more time to investigate and conduct forensic analysis. Services sometimes lose information due to poor processes or inadequate data protection technologies. Not all data breaches are the result of high tech glitches or cybercrimes, Sometimes they're pretty low tech. The financial impact goes so much deeper than simply costing victims, but also ripples throughout the network of organizations involved. "I'm always glad to see when other organizations produce evidence to corroborate what we've been saying for years: 'failure to maintain proper data security is a high risk gamble that companies simply can't afford in this time of global economic recession'".About the Author:
Member: ASIS & WABA
Commercial Industrial Business Security Consult (Africa)
CCTV SYSTEMS-ALARMS-ACCESS CONTROL SYSTEMS
TENDER AND DESIGN SPECIFICATIONS
HOME GROWN INTEGRATED SECURITY SOLUTIONS WITH VAST EXPERIENCE IN AFRICA
