Tag Archives: data protection

Cyber Criminals Could Hold Your Data Hostage

Password theft, identity theft, ransomware – in an age where hacking has become the career of choice for tech-savvy criminals, data protection must be a top priority for CPOs.

“Cyber criminals don’t need to even leave their house to do damage,” says Craig Hancock, cybersecurity expert and Executive Director of Telstra Service Operations. “One breach of trust and the consequences can be irreparable. These days, the traditional idea of criminals – think balaclavas, weaponry, a getaway car – has moved off the streets and into cyberspace.”

Are you prepared for cyber criminals? Do you have your business information secured? How do you manage the confidential information of your customers? And what do you have in place to mitigate risk?

Hancock will deliver a cybersecurity update at the upcoming 10th Asia-Pacific CPO Forum, where he’ll demonstrate how frighteningly easy it is to steal data from a computer by showing a live hack. “I’m planning on showing the group how easy it can be to hack a business, with basic tools and knowledge. I want to make sure everyone is aware about what goes on in the world of cybersecurity threats, and give them some understanding of what they should be doing to help mitigate these threats.”

“Mitigate” is a key word here, as Hancock predicts the cybersecurity challenge faced by businesses and organisations will continue to grow year on year. Notably, he says that any organisation offering a fix-all solution to “solve” your cybersecurity challenge should be avoided.

“It’s an ongoing challenge – cybersecurity has evolved enormously from five years ago, and is likely to look entirely different again by 2020. There’s no single ‘fix’ and there are plenty of bright, shiny objects to distract your security team. You would be wise to put in place some basic, common-sense measures and controls and partner with an organisation that understands the extent of the threat.”

What are the risks?

Cybercrime can be initiated through your head office, at weak point in your supply chain, or even through IoT-enabled devices with low-level protection. Among the types of crime that can take place, Hancock mentions:

  • Password theft: with the obvious prize being the password or access code to users’ bank accounts.
  • Identity theft: a customer’s date of birth and other key information (such as health records) enables criminals to assume their identity, or to sell on this information to others. This can be very expensive for the company that has suffered the breach.
  • Ransomware: Hackers can lock your company’s data in an encrypted vault and demand a ransom for its release. A famous example of this occurred last year when a cyberattack on a Los Angeles hospital left doctors locked out of patient records for over a week, with the hackers demanding a ransom of $3.7 million in Bitcoin.

Telstra’s Craig Hancock will deliver a cybersecurity update at PIVOT: The Faculty’s 10th Annual Asia Pacific CPO Forum.

Look After Your Data – Keep It Secret, Keep It Safe

Concerned about data protection? How can IT procurement ensure data security and reduce cyber risk for your organisation?

data secret safe

Procurious is at ProcureCon IT in Amsterdam this week. Stay up to date with what’s happening on Procurious, and by following us on Twitter.

Day Two of ProcureCon IT is well underway and we’ve been privy to another morning of thought provoking discussion.

Procurious founder Tania Seary picked the brains of Kaushik Yathindra, Manager, Procurement Analytics, HSBC and Florian Schroeder, Head of IS Commodity & Contract Management, Bombardier Transportation to learn more about how to implement data security, the end of Safe Harbour, and the effects of Internet of Things (IoT). 

Where to Start?

Why is data security so important? As Florian Schroeder pointed out, you wouldn’t leave your most valuable possessions at the front door, you’d hide them away somewhere secretive. We should consider our data in the same way and not leave it exposed to hackers.

Data security is one of the fastest growing areas of IT spend. An estimated $1 trillion is going to be spent globally between 2017 and 2021. But how do you make sure your money is well spent, and your information secure?

Whilst data protection is a huge concern for organisations, it can be difficult to know where to start, particularly given the multiple types of data security on offer. Here are a few points to consider: 

  • To ensure the security of both yours and your suppliers’ data, it’s first important to understand the roles of everyone concerned. How will your procurement, legal, compliance and IT teams collaborate to ensure that contracts fulfil the level of service required in your organisation?
  • Consider data security in all of your organisation’s decision making whether it be Sales, Accounting or IT.
  • Take what you need and nothing more. There’s no point in collecting useless or excess information. The more you have, the more that can get stolen. Likewise, only store information as long as your organisation has a need for it. And when you do dispose of it, do it securely!
  • Ensure your service providers have adequate security measures in place. And don’t just take their word for it – get it in writing!
  • Use complex passwords. Make sure they’re stored securely, and keep the most sensitive information secure throughout its lifecycle by encrypting data when it is transferred.

As both panelists reminded us, you can never ensure 100 per cent security while there are hackers looking for it!

The End of Safe Harbour

Changing privacy regulations can make choosing where to store your data a complex process, particularly for global organisations.

In the EU, for example, privacy laws forbid any citizen’s data to be moved outside of the EU unless transferred somewhere with adequate privacy protections.

Safe Harbour was an agreement between the EU and the US in which the US government promised to protect the information of EU citizens if transferred to the US by American businesses.

This has been an extremely convenient agreement for companies such as Facebook. These companies were, up until now, able to store all of their EU data in US centres.

Last month, however, the European court of justice ruled the agreement invalid. This will mean a lot of paperwork and red tape for US businesses trying to move information out of the EU.

Perhaps the future is in establishing EU-based centres to handle data for EU citizens? Google, Facebook and Apple are already leading the way on this.

And it’s not just the end of Safe Harbour that will shake up Data Protection policies. The General Data Protection Regulation (GDPR) framework was formally adopted by European parliament in April this year to be implemented by May 2018.

If the UK has completed Brexit negotiations by this stage, they will face pressure to adhere to the GDPR framework in order to continue trade within the single market.

Digitisation and the Rise of the Internet of Things

Kaushik explained how banks are moving towards complete digitisation in order to accommodate the next generation of customer who expect to be able to do everything online. Whilst this is great in terms of customer convenience, it presents additional data security challenges.

The worldwide Internet of Things market is predicted to grow to $1.7 trillion by 2020. More than half of major new business processes and systems will incorporate some IoT elements. It won’t be long until every aspect of our daily lives is connected. We’ll have smart bridges, smart cars, smart houses, smart vending machines…we could go on!

Of course, with great tech developments comes greater data protection challenges. The Internet of things adds a significant threat layer in which physical devices can now be hacked, have their information stolen, and even be remotely controlled.

There are a number of ways that organisations can manage data security relating to the Internet of Things. These include:

  • Encrypting sensitive data as close to where it’s generated as possible, rendering it useless to attackers in the event of a breach.
  • Only sharing information on a need-to-know basis.
  • Applying end-to-end encryption to ensure that sensitive information captured by IoT devices is protected throughout its lifecycle.
  • Procurement teams can help move the market towards a world where security becomes a part of IoT products.

In the words of Gandalf, when it comes to protecting data, keep it secret keep it safe.