Data, not hardware, is a company's most valuable asset

March/April 2000 Information Security

During the first week of March, the offices of no less than six leading legal firms in Johannesburg's northern suburbs were burgled.

Just another South African crime statistic, one may ask?

"No, almost certainly not," says Ian Melamed of Ian Melamed Secure Computing. "What made these burglaries significant was the fact that in each of the cases, the company computer file servers holding all the data files were stolen.

"Whenever we lose hardware, we automatically assume the person who is stealing it, is doing so for the hardware itself," Melamed says. "It is only when you start putting a series of thefts together, that it starts looking sinister."

Information theft

"The most probable motive behind these crimes is information theft", he says. "Information theft has already reared its head in several spectacular incidents in South Africa. Data stolen from a computer in Cape Town was used in a blackmail attempt against an AIDS sufferer," Melamed continues.

"The unfortunate victim had regular sums of money demanded from him in exchange for his employer not being informed of his condition. In other cases, the theft of information in respect of employee versus employer disputes has become a regular occurrence".

Although hardware theft is nothing new - either here or overseas - very often the theft of a workstation or smaller equipment goes unreported because the replacement value falls within the insurance excess of company.

"The theft of file servers is however, a different kettle of fish," Melamed says. "File servers and networks which are stolen usually exceed an insurance excess by thousands and thus they are reported. Too often the emphasis is placed on the value of the hardware being stolen and not upon the data that might be found - and used - on the system.

"The question arises, if lawyers' offices are being targeted, then who is next on the list? Accountants? Medical surgeries? The recent thefts seem to indicate the criminal activity of information theft which is already prevalent in foreign countries, has now spread its tentacles into South African society as well," says Melamed.

Information is a resource like money, labour and materials. Unfortunately, this is often realised only after the loss has occurred and the value of data is hard to assess because on the face of it, it is not perceived to be a tangible physical asset.

"It can be compared to buying a R2000 safe and then putting a R2 million necklace into it for safekeeping," Melamed says. "The loss of data, quite apart from the disruptive effect on normal operations, can cause severe embarrassment and provide opportunities for extortion. If equipment is stolen, it is the duty of the system owner to ensure that no clients are exposed to any sort of danger as a result."

Quite apart from the very real danger of sensitive information falling into the wrong hands, there is also a possibility that an aggrieved party might hold the theft victim responsible in a civil claim for any damages caused.

For two reasons then, data can be a company's Achilles Heel if it is not protected properly.

So how can a company protect itself and its clients?

"All companies holding potentially sensitive data should - for their own and their clients' sake - ensure that data is protected through either direct encryption; physical disk disablement; back-up systems; or anti-virus protection," says Melamed.

"Direct encryption means the use of an internal facility which encrypts individual documents as they are created," he says. "Physical disk disablement works much like a time delay lock on the safe at a bank. The disk can only be accessed during normal office hours and even if the disk is physically stolen, it will be useless without the access code.

"A suitable back-up system will ensure that encrypted data which is on a stolen disk, can be recovered, while anti-virus protection will ensure that the system not fall prey to digital burglary through unauthorised backdoor e-mailing of data," Melamed says.

For details contact Ian Melamed, MD of Ian Melamed Secure Computing on cell: 082 444 3661 or e-mail:

Share this article:
Share via emailShare via LinkedInPrint this page

Further reading:

Time is of the essence
Information Security
Ransomware attacks are becoming increasingly common. Yet, many individuals and organisations still lack a clear understanding of how these attacks occur and what can be done to secure their data.

All aspects of data protection
Technews Publishing Editor's Choice Information Security Infrastructure AI & Data Analytics
SMART Security Solutions spoke to Kate Mollett, Senior Director, Commvault Africa, about the company and its evolution from a backup specialist to a full data protection specialist, as well as the latest announcements from the company.

The song remains the same
Sophos Information Security
Sophos report found that telemetry logs were missing in nearly 42% of the attack cases studied. In 82% of these cases, cybercriminals disabled or wiped out the telemetry to hide their tracks.

How hackers exploit our vulnerabilities
Information Security Risk Management & Resilience
Distractions, multi-tasking, and emotional responses increase individuals’ vulnerability to social engineering, manipulation, and various forms of digital attacks; 74% of all data breaches included a human element.

Projections for 2024’s Advanced Threats Landscape
News & Events Information Security
Kaspersky Global Research and Analysis Team (GReAT) experts offer insights and projections for 2024 in the Kaspersky Security Bulletin, with a focus on the evolution of Advanced Persistent Threats (APT).

Veeam and Sophos in strategic partnership
Information Security
Veeam and Sophos unite with a strategic partnership to advance the security of business-critical backups with managed detection and response for cyber resiliency, and to quickly recover impacted data by exchanging critical information.

Unmasking insider risks
Information Security
In today’s business landscape, insider risks can manifest in various forms, including data theft, fraud, sabotage, insider trading, espionage, whistleblowing, negligence, truck hijacking, goods robbery from warehouses, and more.

When technology is not enough
Information Security
[Sponsored] Garith Peck, Executive Head of Department for Security at Vodacom Business, writes about the importance of creating a cybersecurity strategy in a world where threats never sleep.

Identity verification and management trends
Technews Publishing Information Security
Insights into what we can expect from identity fraudsters and the industry next year, ranging from criminal exploitation of AI and digital IDs to multi-layer fraud protection and the need for more control over personal information sharing.

From vulnerabilities to vigilance
Information Security
It is an unfortunate reality that generative artificial intelligence (GAI) has been embraced by cybercrime organisations, resulting in drastic changes in attack methods, strategies, and technologies, says Stephen Osler from Nclose.