Aurora Magazine

Promoting excellence in advertising

Countering cyber attacks

Published in May-Jun 2018

Haroon Q. Raja
Preventive measures organisations should follow to minimise cyber security threats.

Among the wonders of the digital era, the most empowering is the ability to access a global client base and conduct business from virtually anywhere in the world. From established organisations to individuals with minimal resources to pretty much anyone – thanks to platforms such as WooCommerce, Magento, Shopify and dozens more – can sell their products and services online. However, the flip side of this equation is the fact that legitimate businesses are not the only ones empowered by the global connectivity we enjoy.

Information is the new gold and we are in the midst of a gold rush on a scale never quite seen before. Unfortunately, this gold rush is riddled with highwaymen and malicious entities ready to pounce at every opportunity and relieve others of their hard-earned money. Hackers, disgruntled employees, dissatisfied customers or even competitors lacking business ethics can become your biggest nightmare if they breach your platform and gain access to your data.

When your customers trust you with their personal and financial information, it is your responsibility to ensure it is kept secure and away from the reach of third parties. Breaches of customer data can result in identity theft, harassment, spamming and monetary loss – crucially, it will tarnish the reputation you have built with your customers. And we haven’t even touched upon the legal consequences, which could be serious, given that most jurisdictions are increasing their regulatory requirements and are imposing heavy penalties for breaches of customer security.

As technology evolves to connect us further, so do the cyber security threats and this is why it is becoming increasingly important to make sure your defences keep evolving.

So how can this threat be tackled? Safety lies in being proactive rather than reactive. The first course of action is to implement a data security plan devised by a cyber security professional which starts with a risk assessment analysis, followed by preventative measures to minimise the chances of such breaches, followed by an incident response plan to detect breaches at the earliest in order to proactively contain them and minimise the damage.

Encryption is the process of running data through a computer algorithm that will turn it into ciphered gobbledygook. Encryption in transit is the practice of encrypting data as it travels across networks (for example, the transactions between your customers’ computers and your web servers). Encryption at rest is when the data stored on your server is encrypted.

Given that no data security plan (and certainly no implementation of such a plan) is guaranteed to be 100% foolproof (as evidenced by recent incidents at Adobe, JP Morgan Chase, Sony, Target, Uber, VeriSign, Yahoo and many other organisations that employ world-class, in-house information security teams), one of the most effective protective measures is to keep all sensitive information encrypted both in transit and at rest. This will ensure that even if someone gains access to the data, what they get is meaningless junk to them.

Encryption is the process of running data through a computer algorithm that will turn it into ciphered gobbledygook. Encryption in transit is the practice of encrypting data as it travels across networks (for example, the transactions between your customers’ computers and your web servers). Encryption at rest is when the data stored on your server is encrypted. It is important to encrypt all customer sensitive information – especially personally identifiable information as well as financial information. The former can be achieved by using a Secure Sockets Layer (SSL) certificate on your website and tightening the SSL implementation at your server level; the latter requires implementing encryption within your website’s code that is responsible for saving, modifying and retrieving visitor information to increase data protection in case of a hack.

As technology evolves to connect us further, so do the cyber security threats and this is why it is becoming increasingly important to make sure your defences keep evolving. Developing an in-depth understanding of the threats is the first step in the right direction. The road ahead is still long.

Haroon Q. Raja is a technology solutions architect at hello@hqraja.com

digital in Pakistan Cybercrime Bill of Pakistan Pakistan's Electronic cybercrime bill Aurora magazine Haroon Q Raja Secure Sockets Layer JP Morgan Chase Adobe Yahoo Sony VeriSign Uber Target cyber security Cyber threats Hackers
Related Stories

Comments (2) Closed

Shah Nov 11, 2018 12:59am
And what encryption levels are you suggesting-MD5,SHA-1 or later versions of SHA or companies own algorithms? 'Meaningless junk' is a very poor term used-hackers are very sophisticated and decryption techniques and tools are very advanced too. Please don't suggest that by merely encrypting data the companies or their data is safe.very disappointed with the contents of this article.
Anonymous Nov 11, 2018 11:42am
@Shah md5, SHA are hashing (one way encryption)algorithms these are not used to "secure data" per say but to mask information like passwords. Encryption methods are dependent on infrastructure availability and security needs of an organization... Regarding decryption by hackers, no encrypted data is "100%". Secure. It's just a evergoing fight between the good and bad guys... One of the principles followed is making the cost of information so high for the hackers that it may not be worth the effort for them to decrypt..