A data breach also means a breach of customer trust

As a business owner, you might be aware of the fact that people only buy from businesses they know, like, and trust. While advertising and marketing may help you to easily become popular and likable - Earning trust is hard. Maintaining trust is harder. And repairing broken trust can be the hardest. Don’t you agree? Ask the makers of Family Locator - a family tracking app - struggling to win back the confidence of customers after it was reported that the app was subject to a data breach. The app leaked the real-time location data of its users due to a lack of encryption. As a result, the app, which purported to ensure personal safety, quite ironically put its customers at risk, albeit for a limited period.

Although no business intends to leave their data open to leakage and unauthorized access, most small and medium enterprises often fail to recognize the compelling need for a standardized yet flexible data loss prevention system. I’ve noticed this general pattern consistently among numerous SME organizations, who are initially skeptical about the need for data loss prevention solutions. They often see the deployment of such security systems as an exercise that brings with it excessive costs and complexities. They believe that using data leak prevention mechanisms would slow down their operations by limiting data access for their employees. And thus, they often fail to implement any data security measures, until they are hit by a data breach that threatens their reputation and damages customer trust, threatening their sustainability.

While the impact made by data breaches is hard to reverse and repair, it is much easier to prevent data breaches before they happen. In fact, over 90% of data breaches that happen are preventable. This means most data breaches can be avoided by the businesses but aren’t, due to a lack of awareness. To prevent such data breaches, business owners should invest in deploying context-sensitive data leak prevention technologies that can ensure that your customer’s information is safe from misuse yet easily accessible to those within the organization who need it.

Do I need cybersecurity for my small business?

If you're a small business owner, you might probably dismiss cybersecurity as a non-priority. Seeing the number of data breaches on big-name corporations that are reported almost every day, you may think it’s only those corporations that need to worry about cybersecurity. But, you would be surprised to find that 58% of cyber attack victims happen to be small businesses like you. That’s because, on a risk-reward spectrum for cyber attackers, small businesses lie right in the sweet spot between an individual who has very little valuable data and low security, and a corporation that has a lot of valuable data but is more risky and difficult to penetrate. This makes cybersecurity for small businesses as important as, or even more so than that for larger enterprises.

In addition to being prone to increased risk, small businesses also face much more devastating consequences to cyber attacks than their larger counterparts. That’s because while the bigger enterprises have enough financial resources and IT expertise to help them recover from cyber attacks, small businesses lack both of these. Small businesses also lack the redundancy measures that major corporations build for themselves to function despite cyber attacks. It is not surprising then, that 60% of small businesses go out of business within half a year of a cyber attack.

Thus, not only are small businesses more vulnerable to cyber attacks but also have more to lose if hit by one. To prevent your business from facing such consequences, it’s wise to have appropriate preemptive cybersecurity measures in place. Investing in cybersecurity solutions can even impact your business’s bottom line by helping you prevent unnecessary and avoidable costs. However, that does not mean that cybersecurity for small businesses should necessarily be a time or resource intensive process. All a small-sized business needs to do is look for cybersecurity vendors who understand the problems that are unique to small enterprises. We at GajShield, offer solutions that cater to the security needs of businesses, with cutting-edge cybersecurity solutions without burdening your limited resources.

Will a firewall bring me more business?

Over the weekend, a friend of mine asked me this question over dinner. Knowing that I belonged to the security field, it was kind of a way to mock at me. Do we keep a security guard in our companies? Do we loose or gain business by keeping one, why should we invest in a firewall than. Isn't a firewall similar to a security guard? Others too joined in the chorus. They too started asking on whether my data will ever be attacked or hacked? And why would anyone be interested in my data? What will I loose, if my data is breached? Is the investment in a firewall worth it?

Though there was certain arrogance but the anxiety about data security was quite evident.

Interestingly everyone related a firewall to a security guard and hence the understanding of data security was missing. For them investing in a security guard in an office for the fear that someday, someone will attack was a wasteful expenditure. Wouldn't the guard be sitting idle for most of his time, eventually being used for other office work rather than being used for protection? Similarly, will a firewall help him to increase his business? If not, why should he invest in one.

Act before you are hacked

Though these thoughts are reasonable but they lead to security being pushed back in priority. Anything that will bring more business and revenues to an organisation will always have the highest priority.

But aren’t we wrong in relating a firewall to a security guard? A security guard is expected to protect your infrastructure but is never relied for protecting your key assets. You may not invest in a security guard, but you always spend money to buy the best safe to protect your jewelry, documents or even cash and do not think twice to invest in it. If a firewall is looked at only securing your infrastructure, it looses it purpose. Next Generation firewalls have to be used in protecting your data, which is far critical to your organization than just protecting your infrastructure.

Data breaches in India

According to a recent report, Indian companies have lost more than 12 crores in data breaches. This figure has doubled in the last five years. There are many breaches that go unreported and the figure could be much higher. Unfortunately in India, there is no norm to disclose data breaches, but that is about to change with the Data Privacy bill, 2018. For the first time there is a heavy penalty for data breaches. Today’s businesses are driven through the internet and organisations are connected to their customers, suppliers, service providers enhancing the customer experience. But these leave enterprises vulnerable. Smaller to medium enterprises are more vulnerable to inside attacks. According to a report, companies with less than 150 employees account for 82% of internal breach cases. Smaller organisation with a tight knit workforce lay more trust on their employees and hence are more vulnerable to data loss.

Large enterprises like to work with companies who can demonstrate that they have good data protection systems in place. The cost of a data breach would be much higher for a larger enterprise, not only in terms of loss of reputation, but also financially in terms of fines and business loss. No organization would like to work with companies where security is not given priority. Such companies could become a potential point of attack for them. A good security system and a firewall not only protects your key assets, but also builds confidence in your customers which ultimately leads to more business and increase in revenues.

No Context Visibility - No Security : Mogambo Kush Hua

No Contextual Visibility - No Security : Mogambo Kush HuaMost of us would have seen the movie, Mr. India during our childhood. If not, do watch the movie. It is one of India’s first well directed science fiction movie. In short, the story is about Mogambo who wants to conquer India. He is looking for a secret formula using which an invidiual can become invisible. Fortunately for us Indians, the secret formula lands with Aruna Verma (Anil Kapoor), the hero of this movie and he saves us from Mogambo. What would have happened, if Mogambo would have got access to the secret formula of invisibility? He would have destroyed us as how would our arm forces or police machinary fought an invisible enemy. An iconic movie and very relevant for the security industry.

Unlike Mr. India, in cyber security, Mogambo has always had the secret formula of invisibility. Not only he, but his attacks too are invisible to us. They breach our network and data, easily without us even being aware of it. Existing firewalls are fighting an invisible enemy without having the tools to idenitfy these threats and defend against them. Like Mr. India, we need a red glass through which we can see these threats. A tool, which will help in providing visibility and bring context to the data that is flowing through our network, enhancing our capibility to identify external and internal threats.

We cannot protect ourselves from things we cannot see, hear or even communicate. With the explosion of cloud applications, concept of perimeter security no longer holds true. Instead of securing our infrastructure, we need to secure our data. But to do so, we need visibility and context of this data. Existing firewalls are blind to contextual information of data and are unable to protect us against data leaks and unknown and malicious external or internal attacks. Without contextual information, it is difficult to distinguish between good and malicious data.

IT professionals are desperate for more security visibility which could make the difference between the life and death of an organization.  With the help of “security and contextual visibility”, IT professionals are able to monitor the data flow within an organisational, allowing them greater control over network, users, applications and potential risks which come along with data flow over the internet. Ignoring security visibility has grave overarching consequences including fines, penalties, reputation of maintaining poor security standards leading to loss of clients and causing significant impact on its revenues. Contexual security visibility of data helps IT professionals in laying a strong foundation in data security required for doing business over the internet.

So how do you get to the front of the pack? You See the Threat, Hear the Threat, and Communicate the Threat. GajShield’s Next Generation firewalls come with contextual data visibility and protection. GajShield’s context based system understand web application / cloud applications by creating context which helps an enterprise to setup policies based on the web application instead of IPs, Usernames which have no relevance to the above application. GajShield has been providing cloud security and data leak features on its range of security appliances since 2008. GajShield mature technology in its firewalls provides visibility to the cloud applications used by an enterprise and also by managing and controlling these applications.

Cost of Data breaches in India

Cost of Data breaches in India

India is no longer immune to security attacks and breaches. Internet has become the backbone of doing business. Indian companies are becoming easy target to attackers as a race to connect globally leaves them with gaping holes in their security implementation. Some companies with alleged breaches were Zomato, IndiGo Airlines, Cosmos Bank, JNU port, Jio and State Bank of Mauritius. Many breaches go unreported as companies feel revealing such information would impact their brand and that there is still no penalities on hiding breaches within an organisation. It has also been reported that 22,000 Indian websites were attacked between April 2017 to January 2018 alone. Indian businesses were top victims of ransomware attacks where 67% were hit with it. 9 in 10 companies who claim to have end point protection were attacked.

 

Cost of data breaches in India

In the last five years, cost of data breaches in India have doubled and mind you this only takes into consideration of breaches which were reported. Government is working on a data privacy policy which will mandate all companies to report such breaches and they will be penalised too. Security is a serious business and it does not imply just installing a firewall or an end-point solution. According to Gartner, attackers use know vulnerability that remain unpatched as developing a new malware is far more expensive. By not patching servers or end-points and using outdated perimeter security, companies are left open to targets and there is very little cost for attackers in doing so.

Email are the easiest target to attack as organisations attackers get access to employees who are most vulnerable. Often mails are crafted to raise the curosity of an employee, like sending a ‘PO’ to a sales person, or sending a resume to an hr manager. As India moves rapidly to connect their businesses and use the internet as a platform to do commerce, managers need to understand that security has to become the core focus in their business architecture. Leaving gaps will not only lead to business losses, but allow reputation. Understanding various data contact points and ways to secure access from such points, will go a long way to improve security. Also, data needs to be encrypted so that even when an attackers has breached your gates, your company and consumer data is well protected.

Enterprises have also increased the use of SaaS applications. This leaves them exposed to data leaks as most perimeter security are unable to provide visibility of data that flows through such applications. Context based firewalls are able to watch the flows to SaaS applications and bring context to the information flowing to it, which leads to improved security by allowing organisation to treat SaaS applications like any layer 7 protocol and set policies based on such protocols.