DATA LIFECYCLE

This is a world of data. Nothing is more important than the ones and zeros that stand for all the value that your organization creates and manages. The enormity of impact that a potential breach of this data could have, has never been greater, and so have been the efforts and resources that businesses need to devote to counteract this threat.

To be effective in your efforts to safeguard your data, it is vital that you understand the ChallengesAssociated Threats and fundamental principles of  the Data Lifecycle.

Challenges

Ever Changing Threat Landscape

Modern cybercriminals constantly vary the methods by which they attack. They take advantage of the evolving interconnectivity of networks, and the resualting wider exposure of networks to threats, thus making it almost impossible for an organization to keep up with new avenues of cyberattacks.

Data-Information-Knowledge

The intellectual property which gives an organization its competitive edge is often the target of cybercriminals involved in industrial espionage from unethical competition.

Inside Threat

The people within an organization, from employees and executives to customers and suppliers, pose the greatest risk to cybersecurity. Without proper audit, they could intentionally or unintentionally misuse, erase, alter or leak valuable data.

Increasing Cyberattack Damage Costs

Cybercriminal network breaches may lead to financially devastating disruption of business operations, extortion and lawsuits. A modern organization can no longer afford to risk its cybersecurity.

Reputation

Security breaches undermine organizations’ reputations and cost them existing or potential customers and investors due to loss of trustworthiness.

Data Lifecycle

The lifecycle of data involves its creation, storage, usage, sharing, archiving and destruction. Along this lengthy process, in which sensitive information can be exposed to risk, organizations need to be aware of five key questions; who, what, where, when and how.

CREATE

The moment data is created, it becomes a target of cybercriminals. A measure of knowing who was responsible in creating it in the first place adds a layer of security and privacy right at the beginning of the data lifecycle.

Solutions:

STORE

Newly created data is stored on the organization’s network, giving it a variety of access points. Proper planning in implementing secure data storage policies safeguards sensitive information from unauthorized users.

Solutions:

USE

Usable data can be viewed, copied and altered. In this phase, data is exposed to malicious attacks, unintentional mistakes, unauthorised access and misuse. Both proactive and reactive measures need to be firmly in place to minimize the risk of data being used for purposes other than those intended (i.e. modification or fabrication, even erasure).

Solutions:

SHARE

Data and metadata circulate non-stop amongst employees and organizations, from one environment to another. This makes data hard to keep track of and control, while certain unsecure nodes by which it passes might prove dangerous.

Solutions:

ARCHIVE

Storing of inactive data for archive purposes still poses a risk of loss or theft, as it remains static and exposed to threats for long periods of time, usually for much longer than the previous phases of the lifecycle.

Solutions:

DESTROY

Data destruction renders an organization legally accountable, especially in cases of personal and health data. Organizations need to make sure that their data destruction methods are truly safe and absolute, and that they meet regulatory compliance requirements.

Solutions:

Security Data lifecycle
Associated Threats

Modification - Attacks on Data Integrity

  • Data held in a computer system is accessed in an unauthorised manner and is changed without permission.
  • Modification can also occur when data is changed during transmission (share).

Destruction - Attacks on Data Availability

  • Occurs when data is destroyed because of malicious intent or unintentionally.
  • Cannot only happen to stored data but also to data at the create stage (before use).

Disclosure - Attacks on Data Confidentiality

  • Takes place when data or access is made available without the consent of the individual responsible for the data
  • Although disclosure of data can occur because of malicious intent, it commonly stems from a lack of proper procedure within an organization

Interception - Attacks on Data Confidentiality

  • Occurs when an unauthorised person or software gains access to data, which may result in the copying of the data.

Interruption - Attacks on Data Availability

Occurs when data becomes unavailable for use.

Fabrication - Attacks on Data Authenticity

Occurs when spurious records are added to an existing database.

What We Can Do for You
No Comments