In this age, the significance of cybersecurity is undeniable. With an increasing number of attacks reported daily, data protection is a priority for all, from large organisations to small enterprises. Contrary to the misconception that data protection regulations exist to penalise businesses, these laws are designed to safeguard data controllers, processors, and subjects alike.
Standards like ISO 27001, while not mandatory, provide valuable guidelines for data protection. Achieving these standards and obtaining certification can enhance a business’s credibility and open new opportunities.
Some of these standards include:
Now, let’s put one of these standards into perspective.Consider the case of Naivas, a major chain store in Kenya. A ransomware attack reported in April 2023, led to the theft of personal data (names, addresses, phone numbers, loyalty points) of over 3.5 million individuals. Reports indicate that the attackers gained initial access through a phishing email sent to an employee. The malicious link in the email encrypted some of their data and allowed the attackers to navigate across the system and exfiltrate 611GB worth of data. This was possible due to a lack of an Intrusion Prevention System/Intrusion Detection System (IPS/IDS), and access control systems - authentication, authorisation, and encryption.
This incident demonstrates the importance of data encryption as a fundamental security standard. When coupled with a reliable firewall, robust authentication and authorisation mechanisms, it forms a basic yet essential foundation for safeguarding sensitive information. Naivas’ omission cost them significantly in terms of:
Hiring cybersecurity professionals to contain the attack.
Regulatory penalties for failing to report the case within 72 hours.
Damage to their reputation.
From this example, a single fault or failure to implement a crucial measure can lead to catastrophic consequences. Cyber attackers are capitalising on vulnerabilities, and it has become an entire industry.
Compliance is a critical proactive step towards achieving cybersecurity. It not only safeguards organisations and individuals but also helps build trust and credibility in an increasingly interconnected digital world.
Take the necessary steps today to protect your data and stay one step ahead of the battle against cybercrime.