Data, not hardware, is a company's most valuable asset

March/April 2000 Cyber Security

During the first week of March, the offices of no less than six leading legal firms in Johannesburg's northern suburbs were burgled.

Just another South African crime statistic, one may ask?

"No, almost certainly not," says Ian Melamed of Ian Melamed Secure Computing. "What made these burglaries significant was the fact that in each of the cases, the company computer file servers holding all the data files were stolen.

"Whenever we lose hardware, we automatically assume the person who is stealing it, is doing so for the hardware itself," Melamed says. "It is only when you start putting a series of thefts together, that it starts looking sinister."

Information theft

"The most probable motive behind these crimes is information theft", he says. "Information theft has already reared its head in several spectacular incidents in South Africa. Data stolen from a computer in Cape Town was used in a blackmail attempt against an AIDS sufferer," Melamed continues.

"The unfortunate victim had regular sums of money demanded from him in exchange for his employer not being informed of his condition. In other cases, the theft of information in respect of employee versus employer disputes has become a regular occurrence".

Although hardware theft is nothing new - either here or overseas - very often the theft of a workstation or smaller equipment goes unreported because the replacement value falls within the insurance excess of company.

"The theft of file servers is however, a different kettle of fish," Melamed says. "File servers and networks which are stolen usually exceed an insurance excess by thousands and thus they are reported. Too often the emphasis is placed on the value of the hardware being stolen and not upon the data that might be found - and used - on the system.

"The question arises, if lawyers' offices are being targeted, then who is next on the list? Accountants? Medical surgeries? The recent thefts seem to indicate the criminal activity of information theft which is already prevalent in foreign countries, has now spread its tentacles into South African society as well," says Melamed.

Information is a resource like money, labour and materials. Unfortunately, this is often realised only after the loss has occurred and the value of data is hard to assess because on the face of it, it is not perceived to be a tangible physical asset.

"It can be compared to buying a R2000 safe and then putting a R2 million necklace into it for safekeeping," Melamed says. "The loss of data, quite apart from the disruptive effect on normal operations, can cause severe embarrassment and provide opportunities for extortion. If equipment is stolen, it is the duty of the system owner to ensure that no clients are exposed to any sort of danger as a result."

Quite apart from the very real danger of sensitive information falling into the wrong hands, there is also a possibility that an aggrieved party might hold the theft victim responsible in a civil claim for any damages caused.

For two reasons then, data can be a company's Achilles Heel if it is not protected properly.

So how can a company protect itself and its clients?

"All companies holding potentially sensitive data should - for their own and their clients' sake - ensure that data is protected through either direct encryption; physical disk disablement; back-up systems; or anti-virus protection," says Melamed.

"Direct encryption means the use of an internal facility which encrypts individual documents as they are created," he says. "Physical disk disablement works much like a time delay lock on the safe at a bank. The disk can only be accessed during normal office hours and even if the disk is physically stolen, it will be useless without the access code.

"A suitable back-up system will ensure that encrypted data which is on a stolen disk, can be recovered, while anti-virus protection will ensure that the system not fall prey to digital burglary through unauthorised backdoor e-mailing of data," Melamed says.

For details contact Ian Melamed, MD of Ian Melamed Secure Computing on cell: 082 444 3661 or e-mail:

Share this article:
Share via emailShare via LinkedInPrint this page

Further reading:

Cyber futures in 2020
Issue 1 2020 , Cyber Security
MJ Strydom, managing director of cybersecurity specialist company, DRS, discusses what can be expected in 2020.

Seven security trends for 2020
Issue 1 2020 , Cyber Security
What challenges await the security professional in 2020? Lukas van der Merwe looks at the trends for the year ahead.

Security is not a single product solution
Issue 1 2020 , Cyber Security
Adopting a phased approach to security allows companies to develop a layered security posture to help control costs as well as the complexity.

From physical security to cybersecurity
Access & Identity Management Handbook 2020, Genetec , Cyber Security, Security Services & Risk Management
Genetec discusses the security-of-security concept as a means to protect cameras, door controllers and other physical security devices and systems against cybercriminal activity.

Minding the gaps to protect industrial PLCs from cyber threats
November 2019, AVeS Cyber Security , Cyber Security
PLCs, designed to control machinery and specific processes, were never built with cybersecurity threats in mind and protecting PLCs against these threats requires healthy isolation from the Internet.

African trust centre launches cyber division
November 2019 , Cyber Security
Advancing cybersecurity to more stringent heights, LAWtrust has launched a new division focusing on cybersecurity services to complement its identity, encryption and digital signature offerings.

What are the cybersecurity issues in video surveillance?
November 2019, Axis Communications SA , Editor's Choice, CCTV, Surveillance & Remote Monitoring, Cyber Security
he importance of the data captured by surveillance cameras – and what can be done with it – has led to a new breed of cybercriminals, looking for insights to steal and sell.

Protecting the outer perimeter with cloud services
November 2019 , Cyber Security
Business leaders now have a choice whether they want to continue using their trusted firewall or move to a next-generation firewall delivered by appliances or as cloud services.

Information security outsourcing service
November 2019, Condyn , Cyber Security
SearchInform launches information security outsourcing service for companies that face the problem of corporate fraud and data leakage.

Block threats before they target your business
November 2019 , Cyber Security
The antivirus solutions of a decade ago are woefully inadequate weapons in the fight against today’s complex threats.