CyberSecurity Malaysia and IBM Event Discusses High Profile Data Breaches and the Importance of Securing Sensitive Data

Data security is becoming a necessity as more organisations around the world continue to implement their digital transformation strategies. How and the rate that companies around the world are transforming may differ, but the threats they face are constant, global in nature and potentially devastating.

As the threats to sensitive data are escalating and regulations are pressuring organisations to tighten up their security, it becomes apparent that more thought has to be put into how companies can find the perfect balance between securing data while not being too restrictive for their own users.

This week, IBM hosted a security meetup attended by Malaysian companies from various verticals and industries to discuss how exactly they can find this balance amidst an increasingly challenging cybersecurity landscape.

Kicking off the meetup was Andrew Martin, AOPG Group Publisher, who in his welcoming presentation highlighted some of the most high-profile data breaches that have occurred over the past year, affecting huge global and regional organisations like British Airways (380,000 customer credit card data stolen), T-Mobile (2 million customer passwords and personal data compromised), Careem (affecting 14 million customers), Timehop (21 million customers), Chegg (40 million customers) and Aadhaar (where private information belonging over 1 billion Indian citizens were leaked).

He pointed out two defining characteristics of these attacks; Firstly, disruption is no longer the sole objective of cybercriminals. They are now more strategic and patient in playing the long game. They employ various techniques in order to stay undetected for as long as possible to scour enterprise networks and reach the organisation’s “crown jewels”, which brought him to his second point. Data is becoming the most valuable business asset and in most cases of data leaks and breaches, it is the database that stores the organisation’s sensitive data that has the most value and is targeted by hackers.

Commenting on the overarching theme of the meetup, which was, “Discovering, Classifying and Securing Sensitive Data in a World Where Data Accessibility is the Norm”, Andrew Martin pointed out that keeping data both open and protected may sound like an oxymoron, but it is a necessary challenge for many companies today and “it is a challenge that is only going to get harder”.

Data classification, he said, is key to solving the conundrum. “In every aspect that you manage data, as data grows, classification becomes more important because the only way you can manage enormous amounts of data is if you are able to classify it and work out what you’ve got.”

Malaysia Is Not Spared From The Data Breach Epidemic

This notion was echoed by Puan Sabariah Ahmad, CyberSecurity Malaysia’s Head of Information Security Management and Assurance, who said that before any organisation is able to protect its data effectively, first it has to understand its data. Organisations have to do some self-reflection in the form of security-focused risk assessments to identify their critical information assets as well as potential threats and risks to critical functions in related systems. This, she said, will allow decisionmakers to “manage and mitigate the risks before they occur”.

She stressed that preparedness is a critical factor to a successful response to a data breach and organisations must not be complacent when it comes to cybersecurity. She added, “ No one is spared from cyber attack. Even though you think your company is small, insignificant or unimportant, you still can be a target”.

From a Malaysian perspective, Puan Sabariah shared statistics from the Malaysia Computer Emergency Response Team (MyCERT), which showed that cybersecurity incidents are definitely on a steady rise. From 2016 to 2018, the number of (reported) incidents grew from 8,344 to 10,699, with cases of fraud, intrusion and malicious codes topping the list.

She also mentioned that Malaysia has not been spared from the data-breach epidemic, as she highlighted some of the biggest data leaks that have occurred on the local front, such as the mobile data breach which affected 46.2 million local mobile number subscribers or the personal data leak of 60,000 Astro IPTV customers. To make matters worse, cybercriminals were brazen enough to attempt to sell some of the stolen data on public online forums such as Lowyat.net.

In order to prevent such incidents from occurring, organisations have to develop an information security strategy and ensure that information risk is being adequately addressed. According to Puan Sabariah, that can be achieved through two means, defence-in-depth and effective information security governance.

A Smarter Way to Tackle Sensitive Data Security
These high-profile incidents that target databases point to a common problem that many companies today are facing. Oftentimes, databases use older technology that is now being fused very modern technology. They simply weren’t designed to protect against advanced attacks coming from the growing number the access points that are connected them.

To solve this problem, organisations need a smarter way to tackle data security and defend against cyber attacks, as highlighted by Wing Hong Chan, IBM’s APAC Segment Leader - Data Security. Wing said the issue of sensitive data security is complex because while exfiltration or theft in the physical world is all too apparent, in the cyber world, “stolen” data is typically replicated elsewhere. The original copy of the data is still there.

That makes it easier for hackers to cover their tracks and more difficult for organisations to detect when their defences have been breached. What’s worrying is that according to Wing, the average time taken for companies to identify a data breach is 161 days. But based on his observation, the duration can be much longer. Moreover, data does not necessarily have to be exfiltrated before an incident can be considered a security incident. Cybersecurity incidents also include unauthorised access, queries or modifications made to a database.

In order to successfully protect sensitive data, Wing suggests that companies go through the following best practice journey:

Identify Your Risks

  • Discover and classify sensitive data

  • Assess database, big data vulnerabilities

  • Visualise data-related business risk

Harden Your Data Repositories

  • Encrypt and mask sensitive data

  • Archive/purge dormant data

  • Revoke dormant entitlements

Monitor Access to Your Data

  • Monitor and alert on attacks in real-time

  • Identify suspicious activity

  • Produce detailed compliance reports

Discover insights

  • Optimise data retention over extended time periods, meet compliance mandates

  • Enrich data, apply big data analytics to find new insights

Protect Your Data

  • Prevent unauthorised access

  • Take real-time action

  • Expose data-related business risk to C-level execs and board of directors

The fact is, businesses today are moving faster than ever due to digital transformation, cloud migration and regulatory acceleration. In order to cope with the sprawling data environments, disparate systems and databases, realistically, they have to depend on tools that can automate and simplify all the above steps efficiently. Otherwise, executing the whole process can become overwhelming, flawed and error-prone.

That’s the area where tech companies like IBM can offer their experience and expertise. Over the years, IBM has been working on enhancing its Guardium technology to help companies safeguard critical data. Andrew Lim, Client Technical Specialist, Guardium, IBM Asia Pacific, was on hand to demonstrate how users are able to quickly and easily discover sensitive data (be it structured or unstructured data, on-premises or on cloud), protect critical data against unauthorised access and comply with government regulations and industry standards.

Built to provide better control, security and visibility for data at rest and data in motion, Andrew Lim likens a tamper-proof appliance like IBM Guardium to having a video recorder to a system to constantly monitor what’s happening. What makes the platform truly powerful is that it can secure data access in three ways, or as Lim put it, with three engines, namely through real-time monitoring, IBM Melody’s machine learning capabilities for automatic outlier detection and the anomaly detection engine that analyses historical events. It also comes with the capability to automate compliance controls to help companies adhere to data regulations like the GDPR, SOX, PCI, HIPAA and others.

While having the best security technologies certainly helps, both Wing and Lim agreed that organisations make sure they have the basics covered when it comes to securing sensitive data. That is because in many data breach or leak cases, organisations did take steps to secure their parameters, but left their databases located behind their defences wide open. They failed to adhere to basic security hygiene such as keeping systems patched, proper handling of errors or even the simple act of encrypting cloud data and keeping the encryption keys safe.

Having a security tool like IBM Guardium to fall back on provides that crucial last line of defence against cyber attacks.

By the end of the meetup, based on some of the conversations we had with attendees, they were definitely pleased with the chance to connect with their peers as well as the knowledge shared by the data and security experts from CyberSecurity Malaysia, IBM and Cybersecurity Asean.

You might also like
Most comment
share us your thought

50 Comments Log in or register to post comments

hurfAerof@swmail.xyz's picture

<a href=https://vskamagrav.com/>online kamagra mumbai[/url]
andersduquette1968@int.pl's picture

Do you want to receive cryptocurrency with out investments and extra endeavours? It to create the simplest way — to start to utilize the CryptoTab browser. This browser has the crafted-in purpose of mining which allows to make BTC while you utilize it. Stick to my backlink to try <a href="https://bumss.xyz/cryptocurrency-conversion-made-easy-with-mastercard/">https://bumss.xyz/bitcoin/</a> https://bumss.xyz/cryptocurrency-conversion-made-easy-with-mastercard/ crypto browser hack script
catoge5035@timevod.com's picture

Why not try order a custom-written essay from us? <a href=http://videospin.store/>Paper Help</a> http://studdit.store 6 step problem solving process http://studdit.store animal farm essay prompts http://studdit.store deloitte business plan http://studdit.store a problem solution essay http://studdit.store short argumentative essay topics
p.opk.ot.ana7@gmail.com's picture

На сайте [url=http://salemt4srv.ru]http://salemt4srv.ru[/url] можно купить скрипт,чтобы создать свою Форекс компанию. Останется лишь продвинуть свой ресурс и зарабатывать деньги на тех, кто хочет сыграть в эту финансовую рулетку. Отличная ниша для инвестиций! Как зарегистрировать Форекс компанию? Нужна ли лицензия? Стоимость сайта — $500-3,000. Стоимость регистрации — $0-5,000. Стоимость торговой платформы — $2,000-100,000. Обращайтесь за созданием Форекс сайта в специальные компании, имеющие опыт на финансовых рынках. Иначе вы рискуете получить очередной шаблонный сайт, который не будет работать. На упомянутом вначале поста сайте продается Брокерское оборудование Forex под ключ. Брокерская компания под ключ с бессрочной лицензией. Продается торговый сервер MetaTrader4 Форекс. Аренда MetaTrader4 Forex сервера. http://salemt4srv.ru Остались вопросы? Обращайтесь: Skype для контактов: g.i.790 WhatsApp: +371 204 76695
ihokem@natke.letiasmail.com's picture

[url=http://slkjfdf.net/]Ugdixufz[/url] <a href="http://slkjfdf.net/">Ulatiwix</a> ucg.sing.cybersecurityasean.com.uod.us http://slkjfdf.net/
exohusri@mnawl.sibicomail.com's picture

[url=http://slkjfdf.net/]Ehwela[/url] <a href="http://slkjfdf.net/">Ifijiqo</a> nat.hwez.cybersecurityasean.com.vra.xt http://slkjfdf.net/
16@games-games.online's picture

Racing games are among the most popular mobile gaming free cars games, viral in the United States. There are many excellent alternatives in these incredibly https://playcargames.online/
bella19@emali.top's picture

sildenafil walmart <a href="https://posviagra.com/">viagra cost</a> sildenafil citrate
two22two@emali.top's picture

sildenafil 100 mg <a href="https://viagracine.com/">viagra online</a> viagra boys
anof32days@emali.top's picture

bimatoprost eyelash buy <a href="https://bimatoprostonlines.com/">buy bimatoprost amazon</a> bimatoprost timolol maleate
get35@emali.top's picture

puff ventolin <a href="https://salbutamolventolintop.com/">ventolin generic name</a> tipos de salbutamol inhalador
good37@emali.top's picture

rx augmentin <a href="https://augmentinlife.net/">is augmentin good for uti</a> otc augmentin
gilbert@my-mail.site's picture

Мы заказали 3D печать в студии <a href=http://www.3d-pechat-ekaterinburg.ru>https://www.3d-pechat-ekaterinburg.ru</a> Полностью удовлетворен результатом работы. Недорого и отличное качество. Всем рекомендую их услуги!)
qsdwsbktnz@rambler.ru's picture

макияж увеличивающий глаза http://conner4185g.amoblog.com/5-33486464 http://beau5307n.loginblogin.com/16165666/Простой-ключ-для-увеличить-глаза-макияжем-пошагово-unveiled https://emiliano4185r.wssblogs.com/12414763/Соображения-знать-Рѕ-как-увеличить-глаза-СЃ-помощью-макияжа http://seth1963p.blogerus.com/33795542/ https://gregory7529t.jiliblog.com/69698203/fascination-Рћ-как-увеличить-глаза-СЃ-помощью-карандаша-фото
calvin@my-mail.site's picture

<a href=http://ug-online.ru/>https://ug-online.ru</a>
iekhcdwnpp@rambler.ru's picture

Watch porn videos [url=https://sexporno.su]Big Boobs[/url]
rob@my-mail.site's picture

Мы попробовали аренду генератора в москве у компании <a href=http://arenda-generatorov-com.ru/>http://arenda-generatorov-com.ru</a> Полностью удовлетворен результатом работы. Недорого и хорошее качество. Всем советую их услуги.
sam@my-mail.site's picture

<a href=https://bkbest.ru/groyter-fyurt-bohum-prognoz/965-totalizator-eto-bolezn.php>https://bkbest.ru/chto-takoe-v-futbole-fol/812-osnovnie-pravila-v-basketbole-kratko.php</a>
gablikoi@gmail.com's picture

protracted diphtheria steal [url=http://bag33ondu.com]bag33ondu.com[/url] http://bag33ondu.com <a href='http://bag33ondu.com'>bag33ondu.com</a> bag33ondu.com pick-up defraud atheist
those76yowza@emali.top's picture

cialis 5mg side effects <a href="https://yardcialis.com/">cialis canada pharmacy online</a> 10mg cialis
444@2.twowebmail.top's picture

Drugs information for patients. Generic Name. <a href="https://lasix4us.top">cost of lasix tablets</a> in Canada All what you want to know about drugs. Read information here.
thump89@emali.top's picture

order viagra online <a href="https://viagracite.com/">sildenafil citrate</a> sildenafil 20mg
cover92@emali.top's picture

lannett vardenafil <a href="https://stoplevitrashop.net/">levitra professional</a> vardenafil hcl 20mg tab cost
shyly94refit@emali.top's picture

eficacia del vardenafil 20mg vs sildenaful 100mg <a href="https://levitravardenafilmsko.com/">levitra online purchase</a> vardenafil forum
hence95@emali.top's picture

comprar vardenafil <a href="https://levitravardenafilkros.com/">levitra coupon</a> vardenafil 10mg
aside100@emali.top's picture

acheter cialis 20mg <a href="https://cialis20acheter.com/">prix tadalafil en pharmacie</a> lilly cialis 20 mg
zazabr.ain2020@gmail.com's picture

https://www.isixsigma.com/members/buycheapambiennorx/ https://www.isixsigma.com/members/buyvaliumonlinewithoutaprescriptionovernight/ https://www.isixsigma.com/members/buyambienlegit/ https://www.isixsigma.com/members/buy-valium-cheap/ https://www.isixsigma.com/members/buy-diazepam-overnight-us-pharmacy/ https://www.isixsigma.com/members/buytramadolonline_withoutprescription/ Jarahenzo.com [url=https://graph.org/Buy-FIORICET-Overnight-No-Prescription-Cheap-Canadian-Pharmacy-11-12]Agents[/url] [url=http://www.conganat.org/9congreso/vistaImpresion.asp?id_trabajo=2746]Chan Y.[/url] [url=https://ticketbud.com/events/bce4da46-53a6-11ec-960b-42010a717017]Thepillbox.[/url] [url=https://healthsourcebetareleaseproductlog.ideas.aha.io/ideas/UNITY-I-618]Orddr[/url]
gjsio1wf1s@emali.top's picture

what does cialis look like <a href="https://stopscialisonle.org/">canadian online pharmacy cialis</a> is there a generic cialis
fasfej73@emali.top's picture

sildenafil generic price <a href="https://enbossviagra.com/">sildenafil walmart</a> viagra online usa
aaw2011@emali.top's picture

sildenafil 20 <a href="https://goosviagra.com/">buy viagra online</a> sildenafil 100mg price walmart
ulavafu@emali.top's picture

gabapentin dog side effects <a href="https://gabapentined.net/">gabapentin for nerve pain</a> neurontin gabapentin 300 mg
zifyxys@emali.top's picture

online casinos for real money <a href="https://luckylandslotsgameon.com/">luckylands</a> caesars online casino pa
ippudransom1997@gmx-mails.com's picture

Согласен, это замечательное мнение пила [url=https://kapelki-firefit.ru/]kapelki-firefit.ru[/url] чтобы не меняла вредных привычек.
waitanying@emali.top's picture

professional essay writing service uk <a href="https://topenglishlife.com/">psychology essay</a> why service learning essay
brinerc@emali.top's picture

essential nursing school <a href="https://schoolnursingesse.com/">college of nursing</a> nursing school richmond va
struggle@emali.top's picture

how strict are college essay word limits <a href="https://onlinecriticalthinking.com/">conspiracy and critical thinking memes</a> boston college college vine how to write supp essay
whooshes@emali.top's picture

why community service is important to me essay <a href="https://mythesisstatement.com/">narrative essay thesis statement</a> college essay critique service
ensalex@emali.top's picture

how to write the first paragraph of an essay <a href="https://topessaywriterfas.org/">help with essay</a> how to write a good attention grabber for an essay
corroticks@emali.top's picture

why is performing community service important essay <a href="http://collegeessaysds.net/">best custom essay writing service</a> how to talk about service in college essay without sounding cliche
milato@emali.top's picture

help a middle schooler to write a 5 paragraph essay <a href="http://paperwritingssr.org/">paper writers</a> peer perssure help essay
stmerippastely@emali.top's picture

write my essay for me com <a href="http://collegehomeworkhelpsfk.org/">free homework help online chat</a> learning to read and write essay
tupress@emali.top's picture

hydroxychloroquine sle <a href="https://hydroxychloroquineshop.info/">hydroxychloroquine price</a> plaquenil weight loss reviews
dignate@emali.top's picture

writing essay grammar help <a href="http://dissertationwritingservicefd.net/">help writing a dissertation</a> will raising the minimum wage help the economy essay outline
tempons@emali.top's picture

international viagra online <a href="https://viagrauniv.com/">levitra women</a> viagra cost
michelepierce1985@mailsgo.online's picture

Нет, я не смогу сказать Вам. [url=https://kapelki-firefit.ru/]https://kapelki-firefit.ru/[/url]
vitions@emali.top's picture

female viagra <a href="https://viagraent.org/">viagra for woman</a> over counter viagra
replails@anmail.site's picture

female viagra cvs <a href="https://edviagrarx.net/">pfizer viagra 100mg price</a> buy viagra online
glwyjbygyjwyjv@hotmail.com's picture

Drug information for patients. Brand names. <a href="https://lisinopril2023x7.top">lisinopril 20 mg</a> Actual about medicines. Read information now.
xypaophmdddck3k@hotmail.com's picture

Drug information sheet. Short-Term Effects. <a href="https://lisinopril2023x7.top">lisinopril 20 mg</a> Best trends of medication. Get here.
yrkuqgmsq9isu@hotmail.com's picture

Medicines information for patients. Cautions. <a href="https://lisinopril2023x7.top">lisinopril 20 mg</a> All about meds. Get now.