fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

Reflecting Back on Data Privacy Day 2021: Why This Day Mattered More Than Ever Before

Reflecting Back on Data Privacy Day 2021: Why This Day Mattered More Than Ever Before

In the spring of 2020, SolarWinds Orion, popular system monitoring and management software widely used by the U.S. government and thousands of private companies, was hacked and infiltrated with malware.

Later in the year, it was found that as a result of the hack, sensitive data was compromised within many enterprises including the Securities Exchange Commission (SEC), Pentagon, Department of Homeland Security, State Department, Department of Energy, National Nuclear Security Administration, Department of Justice, and the U.S. Treasury. Additionally, Fortune 500 companies, downstream of such agencies and their services, were also affected.

The widespread theft of intellectual property and personal information – affecting both individuals and businesses – is concerning.  It warrants a heightened awareness, followed by action, to control the risk of future data compromises.

On January 28 we celebrated Data Privacy Day, an internationally recognized initiative focusing on raising awareness of the importance of protecting the privacy of personal data online.  And it could not have come at a better time.

Also Read: PDPA Compliance Singapore: 10 Areas To Work On

Your data. Your privacy.

Public and private networks are still recovering from the SolarWinds breach, along with a sustained legacy of cybersecurity breaches that put our data at risk.

Data Privacy Day was part of a global effort to build awareness about the importance of data, its privacy, and to encourage proactive planning to protect it. In the years ahead, this event will continue to serve the same purpose.

Sensitive data is everywhere. It can be found on our phones, in connected devices, and within a wide and deep array of data repositories found everywhere nowadays. Hacks and compromises are malignant and come from where you’d least expect, when you’d least expect them. An effective defense starts with a strong awareness of the criticality of your data and its privacy.

Understanding cybersecurity risk

The prevalence of cybersecurity risk and the importance of strong data privacy protections are supported by an overwhelming sentiment from businesses and individuals alike. For example:

  • The Pew Research Center found 81% of consumers believe the risk imposed from the collection of data from companies exceeds the benefits.
  • RSA reported that 64% of Americans blame companies, not hackers, for the loss of personal data.
  • Research from TrustArc found that 45% of Americans think online privacy is more important than national security.
  • Cisco said that a whopping 97% of firms say they realize benefit in allocating resources to data privacy; this includes a competitive advantage and investor appeal.

Managing risk

An important question then is how should we protect our data and adequately manage cybersecurity risk?

Adopting a privacy framework helps manage risk while creating a culture of privacy. There are several notable frameworks to consider. These include:

  • The National Institute of Standards and Technology (NIST) privacy framework: This is a voluntary tool that provides a blueprint and approach, intended to help organizations identify and manage privacy risk and build innovative products and services while protecting the privacy of individuals.
  • The American Institute of Certified Public Accountants (AICPA) framework: The framework incorporates system and organization controls (SOC) related to an organization’s enterprise-wide cybersecurity risk management program through which CPAs report.
  • ISO/IEC 27701 – International Standard for Privacy Information Management: This international standard helps organizations meet new robust data protection requirements, including the European Union General Data Protection Regulation (GDPR). It also helps firms manage privacy risks related to personally identifiable information (PII).
  • The Cybersecurity Maturity Model Certification (CMMC): This program was recently announced by the Department of Defense (DoD) as a framework for the enforcement of the department’s existing Defense Federal Acquisition Regulation Supplement (DFARS) requirements. DFARS cybersecurity requirements were implemented in late 2017 to provide security protection for controlled unclassified information (CUI) as provided by the NIST SP 800-171 standard. CMMC’s goal is to improve cyber hygiene of the Defense Industrial Base (DIB) and others with a formal audit program for compliance.

A spotlight on CMMC

The CMMC program deserves spotlight consideration as it is new and noteworthy in the context of cybersecurity and the protection of intellectual property critical to national security.

The CMMC framework consists of five maturity levels – Level 1 through 5. Each level is a progression from basic cyber hygiene (level 1) up to an advanced level (level 5).  CMMC sets formal standards for the maturity – the level of institutionalization – of cybersecurity practices within an organization. Under this framework, businesses that handle sensitive data cannot get by with ad hoc or ill-defined protections.  They must formalize their practices such that effective protection is baked into their day-to-day operations.

The CMMC framework applies wide and deep to all contractors – prime contractors as well as subcontractors – who conduct business with the DoD. Contractors must attain at least the basic Level 1 certification. Previously firms could self-attest as to their cyber security compliance.  Now contractors must achieve certification via a certified and independent third-party auditor prior to being awarded a defense contract.

This action by the DoD to raise the bar for all of their contractors is apropos in the wake of such events as the SolarWinds software hack. It calls attention to the importance of cybersecurity and data privacy.

Also Read: What Does A Data Protection Officer Do? 5 Main Things

What is your plan?

All we learned by our reflections on Data Privacy Day, and the factoids above, these are important takeaways  – not just for the present, but importantly for the future, as we march forward at a time when risks to our privacy are at the forefront of public discussion and concern.

Even beyond Data Privacy Day, enterprises and individuals must continuously reflect on their own blueprint of protection to safeguard data privacy. Such a blueprint is best built using established frameworks to safeguard data and networks and instill a culture where security is everyone’s job.

For hackers, when one door of vulnerability closes, another opens. Our data is always vulnerable to compromise. Safekeeping of data relies on our awareness and our proactive measures to manage and successfully control cybersecurity risk and ensure privacy.

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us