Digital Newsletter
Each week our editor Phil Alsop rounds up the most popular articles, videos and expert opinions. We compile this into a Digital Newsletter and send it straight to your inbox every week.
Digital Magazines
We'll let you know each time a new edition of Data Centre Solutions is released so that you're always kept up-to-date with the latest and greatest news and press releases.
Video Magazines
The Data Centre Solutions Video magazine contains the latest Zoom interviews with experts in the industry.
Data breaches put invaluable sensitive, confidential and protected information at risk; they can render data inaccessible , forcing organisations to grind to a halt in some cases. Drawing on research reports from IBM, Verizon, the Ponemon Institute and the Identity Theft Resource Center, Emily Bonnie, Senior Content Marketing Manager at Secureframe, says:
“By 2025, the global cost of cybercrime is projected to reach $10.5 trillion, growing at a rate of 15 percent annually. The average cost of a data breach reached an all-time high in 2024 of $4.88 million, a 10% increase from 2023. Nearly half (46%) of all breaches involve customer personal identifiable information, which can include tax identification numbers, emails, phone numbers and home addresses. It takes organisations an average of 204 days to identify a data breach and 73 days to contain it.”
Data breach consequences
Data breaches are indiscriminate. They don’t care who you are, or how large or small your public or private sector organisation happens to be. What’s more, the consequences are often far-reaching. The financial loss from breaches isn’t just about what cyber-criminals might have managed to steal in terms of money or scam out of an organisation or an individual.
Remember that even in the U.K, the fines for a breach of the U.K version of the General Data Protection Regulation (GDPR) can reach a maximum of $17.5m or 4% of annual global turnover (whatever is the greater sum – depending on the severity of the data breach and the company’s size.) In a situation where there has been a breach, a history of compliance can help to lessen the financial burden. However, there could still be reputational damage, legal implications and an erosion of customer trust to deal with. Therefore, prevention is better than a cure, and it’s better to make life harder for cyber-criminals than to leave the door wide open for them.
Obfuscate cyber-criminals
That’s why it’s best to implement technologies that can help you to securely transfer data, and to obfuscate cyber-criminals by making it harder to for them to undertake data breaches or to divert data flows in the first place. Slava Konstantinov, Cybersecurity Expert and ThreatLocker macOS Lead Architect, also comments:
“Data obfuscation safeguards sensitive information by transforming it into an unreadable form. Techniques like encryption, masking and tokenisation are used for data obfuscation.” However, he adds that “while data obfuscation offers numerous benefits like enhanced security and regulatory compliance, it also presents challenges like complexity and performance impact.”
To achieve obfuscation – a technique that is also deployed by cyber-criminals in malware – he says there is a need to enhance data security with a Zero Trust approach: “Data obfuscation…[makes] it significantly harder for malicious actors to steal and exploit valuable data, such as personally identifiable information (PII), financial records or intellectual property.”
Five secure methods
To protect and secure sensitive data, organisations often deploy the following five methods:
1. Implement strong passwords, and Multi-Factor Authentication (MFA)
2. Keep software and systems updated to address known vulnerabilities.
3. Employ robust access controls to limit access to data and systems, allowing only authorised users and roles to access it with the aim of reducing the attack surface.
4. Use encryption: This permits organisations to send and receive data securely, making it harder for cyber-criminals to access sensitive data. However, WAN Optimisation doesn’t permit the expediting of encrypted data in flight. It has to be encrypted and unencrypted at rest, while WAN Acceleration is much more data-agnostic and can send and receive encrypted data at much higher transmission and download rates than WANop achieves.
5. Ensure data backups and recovery: Backing up is essential, whether you are an individual or a corporation, allowing sensitive data to be recovered whenever a data breach occurs – so long as it is backed up a least 3 times in disparate locations.
Other measures to consider are the deployment of WAN Acceleration – not to be confused with WAN Optimisation - and air-gapping. WAN Acceleration uses artificial intelligence, machine learning and data parallelisation to mitigate the effects of latency and packet loss. It can be used to send data securely over large distances at such a rate that it can obfuscate cyber-criminals – preventing them from gaining access to data and stopping them from diverting it.
Have an air-gapped or immutable backup copy
Air-gapping is great for protecting the most sensitive and vulnerable data because it is taken completely offline – perhaps using a tape backup. Nico Losschaert, who in 2020 was a senior systems consultant at ORBID NV, remarks in a Veeam Community post:
“More and more customers are becoming aware that backups are much more important than before. The number of impacts by ransomware and hacking also makes customers more aware of the fact that backups are often their last resort. They understand that they need an air-gapped or immutable backup copy.”
There is particularly a need to protect personal identifiable information (PII). Pala Alto Networks explains why: “Unauthorised access to PII can lead to identity theft, fraud and reputational damage, putting individuals at significant risk. Additionally, breaches involving PII can result in substantial financial losses for businesses, legal penalties, and damage to their reputation.”
Royal Mail data breach
Well-known data breaches include the one that affected Royal Mail Group. In a blog post, Sangfor Technologies explains: “On March 31, a user of the dark web forum, BreachForum, going by the name 'GHNA', claimed that they had successfully breached Royal Mail. The breach has been traced back to Spectos GmbH, a third-party data collection and analytics provider for Royal
Mail. Despite this incident, Royal Mail has assured that its operations and services continue to function without disruption.”
“Spectos confirmed in a statement to BleepingComputer that its systems were compromised on March 29, and the attackers gained access to customer data. The threat actor has leaked approximately 144GB of data, sparking concerns over the security of customer information and internal operations. This breach highlights vulnerabilities within third-party relationships, an area where many large organisations, including Royal Mail, are increasingly at risk.”
Royal Mail responded quickly, and it was fortunate that despite the data leak, its operational services remained unaffected and functioned normally. Working with Spectos, it has undertaken a forensic investigation. Why? Without one they wouldn’t be able to learn how to do better next time around, and they wouldn’t be able to put preventative measures in place to ensure that another breach can’t happen in the future. Royal Mail and Spectos also needed to assess the scope of the breach for legal and regulatory compliance reasons.
Why a fast response is critical
A fast response is critical, enabling an organisation to keep running, to reduce the impact of a data breach, and it can prevent or minimise financial loss. Rob Sobers, a software engineer specialising in web security and co-author of 'Learn Ruby the Hard Way,’ comments in his article for Varonis, ‘Data Breach Response Times: Trends and Tips’:
“On average, companies take about 197 days to identify and 69 days to contain a breach, according to IBM. This lengthy amount of time costs businesses millions of dollars. Companies that contain a breach in less than 30 days save more than $1 million, compared to those who take longer.”
Organisations therefore need to plan ahead, lean on other organisations – ones that may have suffered a data breach, and consider WAN Acceleration to expedite secure and real-time backups. With it, a range of cybersecurity tools should also be used. Keeping data safe is a tough, complex task – made even more complex when an organisation such as Royal Mail entrusts a third-party with its customer data, data pertaining to internal communications, operational data and data emanating from marketing infrastructure.
So, collaboration is often key to completely securing data. That said, for obfuscating cyber-criminals, it’s best to deploy WAN Acceleration, as well as regular backups and air-gapping. After all, it’s better to be safe than sorry. In doing so, organisations can achieve compliance, avoid fines, maintain operational and service continuity and strengthen customer loyalty and trust.
