Network Kings

Debunking Data Security Myths. 

data security myths

Data is of paramount importance in today’s times. Every piece of information, be it of national importance or something as trivial as my grocery list, everything comprises data. Data is the de facto currency in current times.
The value of data is immense and keeps on growing with each passing minute.

The matter of Data security is one of the most pressing yet vaguely understood and explained topics. There definitely needs to be a better, understanding of the same. 

In the words of George Little, a partner in Washington DC, a reputed cybersecurity firm,” Companies need to tell their data stories, but misconceptions are holding them back”

Data is the de facto currency, in current times. The exchange of data is very crucial and so is its security. But simply put, it gets lost in translation at times. It is becoming increasingly vital for companies to not only safeguard their data but also to own their own stories. They themselves have reported that there exists a need for the former to own their narratives.

The big tech guys like JP Morgan Chase and Sony Pictures Entertainment have reported zeroing in on threats as a constantly evolving threat.

There are many many misconceptions about data security which further act as inhibitors in the understanding of data security as a concept and also do not let any system, or organisation own and dictate its own data story or narrative.

Now we shall have a look at such myths and facts as well. In this blog, the instances you shall find are from the case study of the Sony Pictures, attack.

Top 7 Data Security Myths and Facts:

Myth: A system’s network is safe if you have a strong enough security, “fence”.

This is one of the most common myths that exist. You most definitely must have heard, every fence has a hole. That there should be enough to bust your myth. Once there exists a loophole, hackers can find a way to get in or crack the system, which feels pretty foolproof currently. Every so said fence has a hole. A person needs to be prepared for that eventuality by enhancing the internal protection for the company’s critical data also, data that they wish to keep safe.

Here the role of an organisation also increases, they should come ahead and explain this encounter publicly so as to make others aware and also to encourage people, to face it and that it is doable.

Myth: All security incidents are equal.

Hackers have varied methods and also varying objectives whenever they aim to access corporate systems. The information they target differs from the kind of intent they have. This ranges from a person’s credit card information to steal any kind of corporate information. The intent varies as some may be willing to damage a person’s reputation and some may do the same to extract money from the user. Some attacks are launched with the intent of causing damage to an opponent in the business.

Myth: The government is going to help with a breach.

This according to me, is the most common myth. This also has roots in the fact that we automatically associate all kinds of breaches with the government. There is no way you will be all in hands of the government, the sad truth is the party encountering all of this is mostly by itself. The government definitely offers investigative assistance, and forensic research as well. 

The government assigned to this will definitely help an individual or an organisation work and understand how the attack was demonstrated, how the entire execution was carried out and as we said end up offering legal reinforcements, and investigative help, but that’s where the role ends. 

As in the case of Sony pictures, after a rigorous investigation, the outline of the suspect was gained, and it was stated by North Korea that no such person ever existed. Making it seem like an argument that ended in banal. Though both ends stand firm on their findings.

FBI seeks Park Jin Hyok over data security allegations.

MYTH: Breach investigations are quick enough to let know, what went wrong.

It has been observed often that breaches in the system or theft of data etc are discovered pretty later in time by the targeted organisation or individual. This discovery often takes up a good few couple of months. Whenever they are complete, there is no guarantee that they can highlight or put a finger on who actually was responsible for the breach that was conducted. It becomes a huge fiasco if the expectations aren’t managed. 

The company or an individual needs to be aware of how much they can extract from an investigation like that. This is the biggest myth that they shall be able to access the root cause completely. The amount of information they shall gather to be most realistic is pretty alright and not the complete know-it-all. 
So this is also suggestive of a person, being only dependent on an investigation just as much and not increasing their expectations. 

The attack on Sony Pictures was held in 2014 and years later it still remains a topic of debate, as there still hasn’t been found a particular answer. Years and years later, shows, and news columns continue to cover this topic in order to know who was behind the attack. Below is an article presented by a Hollywood reporter, five years after the attack was carried out, in the year 2019. 

https://www.hollywoodreporter.com/movies/movie-features/five-years-who-hacked-sony-1257591/

An image debunking data security myths through a man's fist gesture amidst a group of people.

MYTH: The security of systems is merely an IT problem.

This is one of the most common myths that exist, if talking about myself I had equal parts knowledge and equal parts misinformation about the same. After lengthy research, it is safe to conclude that it is not always the software or other technical issues that tend to be the weak link in matters of data protection. It is often people who work within an organisation that can be a threat by being the weak links of the system.

It could be a matter of an employee’s malicious intent or simply being naive. It has been found in multiple kinds of research that about 90% of all cyber attacks and breaches begin with a phishing attack. In this kind of attack, the employees or customers fall prey to the malicious links that are embedded in the emails that are sent out to unsuspecting employees or customers. 

The recipient further clicks on such links unknowingly and ends up granting the hacker access to their computers as soon as they click on the link.

https://www.bbc.com/news/business-34589710

MYTH: The communication centred around a corporate breach is bound to be reactive.

It is always worth it that a company stays aware of the intensity of the data they own, if and how it can be harmful to the owners of that data as well as others. It is hence advised that a company should hold discussions and communicate as to how they can encounter any kind of data security issue that can be handled.

MYTH: Hacking be it any kind is a cyber attack.

There are evidently many kinds of hacking that a system, in an organisation or in individual setups, encounters. But contrary to the common belief that most common attacks happen to be cyber attacks, the truth as per findings is that it isn’t the attacks but it is the network infiltrations that are designated to steal corporate secrets. 

It might come as a shock to most of you that cyberattacks, that happen to destroy and manipulate computer systems are still very rare as opposed to the ones that demonstrate data thefts. Having said that, it is still notable that the former kind of attack is on a rise. One instance is Sony pictures, where this kind of attack not only destroyed the data but exposed the embarrassing communications of the company.

Not only this Sony eventually ended up paying a hefty amount of 8 million dollars to clients over the loss and manipulation of data.

Conclusion :

We saw many instances and hopefully, understanding became easier as well. The matters of data security are more serious and need to be catered to in time. But along with that, one shouldn’t fall prey to the numerous myths doing the rounds rather, try and know if there is any factual information in that. It is essential for companies, of any size etc to be aware of how these threats and data security matters are pressing and of major concern not only to them but to the other parties associated with them for example the clients.