Balancing Data Opportunity with Cybersecurity

by Aaron Bugal, Field Chief Technology Officer (CTO), Sophos

Over the past decade, Malaysia has experienced significant growth in its digital economy. This growth is fuelled by a variety of factors such as increasing internet access, widespread adoption of digital services, and an expanding tech-savvy population. This also means that there’s an increase in data collection among companies since there is now more data available.

As businesses collect and analyse more data, they gain valuable insights that enhance decision-making, streamline operations, and deepen their understanding of consumer behaviour. However, this data-driven revolution comes with increased cybersecurity concerns. While the opportunities are vast, the risks are equally significant, necessitating a balanced approach to data collection and security.

The rapid rise in data collection has exposed businesses to heightened risks of cyber attacks. Incidents like the infamous R00TK1T case highlight the vulnerabilities Malaysian companies face. Hackers are increasingly targeting the valuable data these companies hold, including personal information, financial details, and consumer behaviour patterns. Such data can be exploited for identity theft, credit card fraud, or sold on the dark web.

These threats raise an important question: Is all this data collection necessary? Businesses must evaluate their data practices carefully to avoid unnecessary risks. To mitigate these risks, businesses should adopt best practices for data collection. Below are some best practices companies can practice when dealing with data collection:

1. Define Clear Data Collection Objectives: Only collect data that is essential for achieving specific business goals.

2. Minimise Data Retention: Retain data only for as long as it is necessary for business or legal purposes.

3. Anonymise Data: Where possible, anonymise personal data to protect individual identities.

4. Conduct Regular Audits: Regularly audit data collection practices to ensure compliance with these principles.

In addition to data collection best practices, robust cybersecurity measures are imperative. Companies must invest in cybersecurity training for employees, educating them about potential risks and safe practices. Key lessons include ensuring employees’ software is up-to-date, restricting access to sensitive data, and employing secure Wi-Fi and virtual private networks.

Furthermore, it’s critical for third-party partners to uphold high-security standards to safeguard the supply chain. Regular risk assessments play a vital role in identifying and mitigating vulnerabilities. Businesses must remain vigilant in protecting sensitive data, while authorities should strengthen data protection regulations.

Sophos’s 2023 Active Adversary Report for Tech Leaders highlighted a significant shift in cybersecurity threats, with compromised credentials surpassing vulnerabilities as the primary cause of attacks. They accounted for over 50% of Incident Response (IR) cases in 2023, and when examining cumulative data from 2020 to 2023, compromised credentials emerged as the top “all-time” cause of attacks, implicated in nearly a third of all IR cases. This underscores the importance of a multi-pronged approach, combining data collection best practices with robust cybersecurity measures, to mitigate cyber risks and ensure a secure digital future for all Malaysians.