Prepare for the Future: Rising waves of data breaches
2021-12-02
Earlier this year, GlobalData predicted that the ASEAN region would see a 6% real GDP growth in 2021 as the world deals with the COVID-19 pandemic. Nevertheless, in the past few years, the booming economies in the Southeast Asian region have also suffered multiple data breaches like the rest of the world.
It is unlikely that the rate of data breaches will slow down anytime soon; instead, more breaches are likely to occur in the near future. According to IBM Security's 2021 Cost of a Data Breach report, a data breach costs an organisation in Southeast Asia approximately US$2.64 million on average.
Data collated from IBM and Ponemon Institute's cost of a data breach reports from 2017 - 2021
In recent news, some of the prominent data breach cases include the suspected breach of Indonesia’s COVID-19 test-and-trace app and Fullerton Health’s vendor server breach. As the news broke out in September of the alleged sale of a database that apparently belongs to the National Registration Department (JPN) on a prominent database marketplace forum, Straits Interactive’s Alvin Toh was interviewed by BFM, a business radio station in Malaysia, for his views on the news.
To keep up with the latest data protection news and trends, visit the Data Protection Excellence (DPEX) Network portal at www.dpexnetwork.org and sign up for free membership to gain full access to our content.
POTENTIAL REASONS FOR RISING DATA BREACHES
Many organisations are struggling with the impact of the pandemic and accelerated digitalisation. Putting in place measures to ensure business survival can be challenging for organisations, both at the national and workplace levels, which can exacerbate security vulnerabilities and privacy concerns. The existing infrastructure within the organisation may also be inadequate to meet the rapid changes, resulting in potential loopholes that hackers may exploit.
The remote working environment also poses significant risks to the organisation’s operation. Read our top five work from home (WFH) cyber risks article that details the issues that organisations face today here.
To learn more about how to deal with the threat of cyber-attacks and data breaches, please join us for webinars on DPEX Network, sign up for courses, or speak to our data privacy consultants about how to implement a Data Protection Management Plan (DPMP).
PREPARING FOR DATA BREACHES
In the digital economy, it is not a question of whether or not a data breach will happen to an organisation, but of when it will happen and whether the organisation is prepared to deal with it.
Organisations
We are seeing more calls by regulators for companies to implement an effective data protection management programme relating to personal data. In the new posture, organisations are recommended to conduct a risk assessment to identify the risks associated with the four key activities relating to personal data - collection, use, disclosure, and storage of data in accordance with the PDPA law. Governance, risk management and compliance (GRC) is also essential in the organisation’s data protection journey.
Governance
Organisations should create data protection committees to govern and protect the personal data they have in their inventory. Many organisations fail at this stage where there is no management buy-in to support the sustained data protection initiatives and to ensure adequate governance and reporting.
Risk management
Organisations should also identify all standard privacy and security risks within the organisation and ensure that there are appropriate security measures and access controls implemented to mitigate the identified risks.
Compliance
It is also vital for organisations to ensure compliance with the requirements of the Personal Data Protection (PDPA) laws of the jurisdictions that they are operating in.
Another important area for an organisation to be mindful of in their data protection journey including, ensuring that all employees are trained on data protection and privacy awareness to build a culture of privacy into their operations. Employee training will help reduce the chances of breaches arising from human error. Besides, the organisation will need to invest in building a strong IT infrastructure to ensure that security risks are kept to a minimum.
Individuals
Individuals need to know their rights under the PDPA and ask the firms asking for their personal information why and how they will use and protect the data that they are collecting. The more information the organisations ask, especially the sensitive information, the more the individual should conduct appropriate due diligence for these firms to see they adhere to standards for sound data protection practices.
The privacy policies of the companies can provide the most insight into the purpose behind the collection of data and how the companies process it. The privacy policy is often too lengthy or filled with excessive jargon for most people to read, so they either glance over it or do not bother to read it at all. People may, however, want to make it a habit to start reading it now so they know exactly how their data is being processed after collection.
Article by: DPEX contributor
The views and opinions expressed in this article are those of the author and do not necessarily reflect the official view or position of DPEX Network.
Unlock these benefits
Get access to news, enforcement cases, events, and actionable tips and guides
Get regular email updates and offers
Job opportunities, mentorship and career guidance
Exclusive access to Data Protection community - ask questions, network and share knowledge with peers and experts via WhatsApp and Linkedin
DPEX Network is a Community Initiative of Straits Interactive.
Copyright © Straits Interactive Pte Ltd. All Rights Reserved.
All intellectual property rights to logos and brands featured on this website remain the property of their respective owners.