Over the NSA spying hype? Don’t be

April 2014 Information Security

Last year when Edward Snowden dropped the revelation that the United States National Security Agency was peering into the private data of individuals and companies, the world sat up and took notice.

All the hype that security companies had been generating over the years suddenly became a reality – big brother is watching. Not only that, but companies and individuals have spent the past 10 years putting their private data in a public space – social media and the cloud – with little thought for the implications that could result when a big, bad government agency comes knocking.

JJ Milner
JJ Milner

And yet, a year later, all the hand-wringing and face palming has died down, and most companies and individuals are carrying on as they did before. But they shouldn’t be, according to JJ Milner, MD and founder of Global Micro.

“When you look at the security of data, there has to be a tacit appreciation of the fact that data has value,” he says. “In the same way as you treat anything of value, you have to protect it.”

This isn’t spy vs spy

Milner points out that companies have a tendency to be very dismissive of the possibility that government spies might be looking at their data, but are ignoring the real threat of industrial espionage, and the fact that most data thefts are actually internal.

“After all the awareness that the NSA surveillance story has generated, people are still not seeing the wood for the trees,” he says. “Companies have moved their data to cloud operators not owned by US firms, but have allowed all other protection processes to go out the window.”

South African cloud storage

While decision-makers at companies in the United States have a lot to consider both in terms of the NSA and every other data security threat to their business, South Africans also need to make some serious considerations.

“In South Africa, even if you store your data in another country, it is still required to comply with the local Protection of Personal Information Act,” says Milner. “You should store your data with a provider that you know, understand and trust to look after it, and you should be mindful that security must encompass spying, hacktivism and hackers, and that it needs to be available when you need it and at the speed at which you need it.”

He cautions that a haphazard approach to off-site data storage will lead to uncertainty, and the agreements get more and more diluted over time, especially if the data is stored in another country. “As this volume of data grows, companies are seldom considering if they are with the right provider for their needs, or what might happen if they need to restore that data.”

Accountability is vital

Hybrid cloud solutions – a mix of the best services provided by an outside environment and an internal infrastructure – is the latest buzzword. But even as they are touted as a ‘best of both worlds’ solution, they come with their own concerns. “The mix of environments provides scope for security issues, and it is difficult to allocate responsibility when there are multiple providers.”

As the corporate world puts more and more data online, in the hands of cloud providers, the risks of security breaches increase. It is for this reason that Milner says it is so vitally important to consider your choice of cloud provider carefully.

“Security is important and you need to talk to people you trust”, says Milner. “There are ways to make public clouds secure, so choose your providers with care and be sure to ask them all the right questions.”





Share this article:
Share via emailShare via LinkedInPrint this page



Further reading:

Highest increase in global cyberattacks in two years
Information Security News & Events
Check Point Global Research released new data on Q2 2024 cyber-attack trends, noting a 30% global increase in Q2 2024, with Africa experiencing the highest average weekly per organisation.

Read more...
Identity is a cyber issue
Access Control & Identity Management Information Security
Identity and access management telemetry has emerged as the most common source of early threat detection, responsible for seven of the top 10 indicators of compromise leading to security investigations.

Read more...
Identity and authentication
Technews Publishing SMART Security Solutions Access Control & Identity Management Information Security Security Services & Risk Management
Identity authentication is a crucial aspect of both physical security and cybersecurity. SMART Security Solutions obtained insights into the topic and the latest developments from three companies.

Read more...
From QR code to compromise
Information Security News & Events
A new attack vector involves threat actors using fraudulent QR codes emailed in PDF attachments to bypass companies' phishing security measures by requiring users to scan the code with their mobile phones.

Read more...
Organisations fear AI-driven cyberattacks, but lack key defences
Kaspersky Information Security News & Events Training & Education
A recent Kaspersky study reveals that businesses are increasingly worried about the growing use of artificial intelligence in cyberattacks, with 56% of surveyed companies in South Africa reporting a rise in cyber incidents over the past year.

Read more...
Vodacom Business unveils new cybersecurity report
Information Security IoT & Automation
Cybersecurity as an Imperative for Growth offers insights into the state of cybersecurity in South Africa, the importance of security frameworks in digital resilience and the latest attack methods adopted by cyberattackers.

Read more...
Smart surveillance and cyber resilience
Axis Communications SA Surveillance Information Security Government and Parastatal (Industry) Facilities & Building Management
South Africa’s critical infrastructure sector has to step up its game regarding cybersecurity and the evolving risk landscape. The sector has become a prime target for cybercriminals on top of physical threat actors, and the consequences of an incident can be far-reaching.

Read more...
NIS2 compliance amplifies skills shortages and resource strain
Information Security Security Services & Risk Management
A new Censuswide survey, commissioned by Veeam Software reveals the significant impact on businesses as they adapt to this key cybersecurity directive, with 95% of EMEA businesses siphoning other budgets to try and meet compliance deadline.

Read more...
Cybersecurity needs 4,7 million professionals
Information Security
Despite all the efforts organisations worldwide put into preventing cyberattacks, global cybercrime has snowballed to $9,2 trillion in 2024 and is expected to grow by another 70% to $15,6 trillion by the end of a decade.

Read more...
Autonomous healing systems are the future
Infrastructure Information Security AI & Data Analytics
Autonomous healing software, an emerging technology, is gaining traction for its potential to transform how organisations manage software maintenance, security, and system performance.

Read more...