Why is data protection so important?
Have you ever used the internet? Do you own a smartphone? Have you ever texted someone or made a call? Do you have any social media account?🤔
If you answered yes for any of these questions, you have been sharing your private, sensitive data with the world. There have plenty of benefits when someone shares his or her data with the outside world. It may help to easier day to day works and help to manage works with engaging other people. But it is not without risk. First, Before we talk about data protection let’s talk about what is data?🤔
What is Data?
Data can be known as a collection of raw facts which are not organized, proceeded, specified. In today, data have becomes the most important thing for each and every organization. It is becoming more and more valuable.
What data should be protected?
Personal data is any information related to you, it needs to be protected because if someone gains that information it can be much harmful to that person’s or organizations’ repudiation, dignity, or it could affect financially.
Every organization stores users' personal data such as credit card information details not only that but also they store transactions, data collection, loyalty schemes, etc.
- Names
- Emails
- Family information
- Addresses
- Health information
- Telephone numbers
- Bank and credit card details
What causes of data loss?
- Damaging harmful malware such as viruses, trojans.
- Deleting files accidentally.
- Electrical and power failures.
- Damages of hard disk.
- Software corruptions
- Theft of computers and other machines.
- Natural disasters
- Fire accidents and explosions
Prevention methods for data loss
- Ensure the sensitive data or confidential data is being stored, where it’s being sent and who is accessing that information. (CIA triad🤔)
What is the CIA triad?
Confidentiality
Ensure that sensitive information is accessed only by an authorized person and kept away from those not authorized to possess them.
Security mechanisms that used to implemented
· Usernames
· Passwords
· Access control lists (ACLs)
· Encryption
Integrity
Ensure that information is in a format that is true and correct to its original purposes.
The receiver of the information must have the information the creator intended him to have.
The information can be edited by authorized persons only and remains in its original state when at rest.
Security mechanisms that used to implemented
· Encryption
· Hashing
Data changes might also occur as a result of non-human-caused events
· Electromagnetic pulse (EMP)
· Server crash
To ensure data Integrity
· Backup procedure
· Redundant systems
Availability
Ensures that information and resources are available to those who need them in a timely manner.
Security mechanisms that used to implemented
· Hardware maintenance
· Software patching
· Network optimization
Processes to ensure data availability
· Redundancy
· Failover
· RAID
· High-availability clusters
Availability of information can go down due to intentional attacks like DOS Attacks.
Loss of availability means disruption to the authorized users in accessing or use of information
2. Take essential prevention methods to ensure cybersecurity.
3. User awareness is a best practice to prevent data protection and privacy. Think someone tries to get your sensitive data through a phishing attack. In that case, the best method to prevent from a phishing attack is user awareness.
4. Implement suitable mechanisms to avoid malware. Not only the phishing attacks, there are plenty of attacks that may caused to data loss.
What is AAA?🤔
AAA stands for Authentication, Accountability, and Authorization.
Authentication- This falls into Integrity that we talk about previously.
Two main parts of Authentication
User authentication
Data origin authentication
A process that provides assurance of the source and integrity of information in communications sessions, messages, documents or stored data. (NIST definition for Authentication)
Accountability- Able to trace back the actions performed by an entity to that entity.
A property that ensures that the actions of an entity may be traced uniquely to that entity. (NIST definition for Accountability)
Accountability supports following functions
Nonreputation
Deterrence
Fault isolation
Intrusion
Detection and prevention
After-action recovery
Legal action
Authorization-
Access privileges that are granted to an entity; conveying an “official” sanction to perform a security function or activity. (NIST definition for Authorization)
Authorization is a function that used to do CIA triad.
Not implementing data protection mechanisms can lead to security breaches. And sometimes this can cause to cyber-attacks also.
Real-world examples for security breaches and cyber attacks
- Home Depot Security Breach
In the time of April to September 2014, a group of cyber-criminal gang was conducted this attack in the U.S.A. and Canada. Hackers build a malware called BlackPoS to gain the user’s payment card details from point of sales systems. The main purpose of this attack was To steal card information from PoS terminals and self-check-out lanes and sell to the black market
2. Sony Pictures Entertainment hack
Sony Pictures was attacked by a hacker group called Guardians of Peace On November 24, 2014. The attackers broke into the entire system of Sony Pictures entertainment and gain thousands of sensitive data and copies of unreleased films. After the attack, attackers leaked all these details to file-sharing networks. The main goal of this attack was To gain personal information about employees, email passwords, family details. Not only that they gain details and copies of unreleased Sony films and plans.
3. Target Credit Card Breach in 2013
The largest retail breach in U.S in history before happened the Depot data breach. The worth of 40 million credit and debit cards have been compromised to this attack. This was conducted by a group of cyber-hackers. The purpose of this to steal credit card or debit numbers, card expiration dates, customer names, and CVV security codes
