How to overcome data security challenges

In this Exclusive Interview, Fellow of Cyber Security and Governance at Singapore University of Social Sciences, Anthony Lim, Shares His Insights on Cloud Migration, Data Security And Sovereignty and why it is imperative that all there, within your organization has a clear understanding of your Incident Response Plan.

Anthony Lim, Fellow of Cyber Security and Governance at Singapore University of Social Sciences

Cyber Security Hub: What are the top data security and Sovereignty Challenges Facing Cyber Security Professionals?

Anthony lim: Organization manners and cyber security professionals need to have a Central policy And clear visibility on what data from which department is being placed in cloud services and which person in each department oversees and authorizes this process.

Secondly and similarly, there needs to be a centrally managed and enforced Data Classification System That decides what data sets are allowed to be stored in cloud services. Here you must bear in mind National or Industry Regulation Requirements One must also be medbul of the types of data that will be stored in the cloud services, that it might leak or otherWise Get Breed and What the WORST-Case-Sessenario Consequanesses of this.

Thirdly, Cyber Teams need to ensure Basic Data Cyber Security PoliciesSolutions and practices are in place such as:

• Proper Password and Authentication Regime Including The Use of Two-Factor Authentication.
• Data encryption wherever feasible.
• A data-leakage prevention solution.
• Network segmentation and access control.
• Least Privilege and Zero-Trust Principles.
• Firewall, Anti-Virus or Anti-Malware Software.
• Monitoring and logging of network and data movement activity.
• Consistent patches and updating of software applications, operating systems, middleware and other software.

Csh: What Advice would you give to that these challenges?

AL: First, be aware of all of the above. Next, make inventory lists of the following:

• Departments.
• Data stores including backups and archives.
• Personnel Including Job Role and Function.
• It assets lists include software applications and services.
• Cyber Solutions Inventory List.
• What Cloud Services is used by which department (s), for what services and what data is being stored in these cloud services.

Second, as this moves away from being a technological or operational matter and into management, political and Bureaucratic Territery, Cyber Teams Need The Support and Endersment of Executive ManagementThis ensures the harmonious cooperation of all departments and allows the general cloud data security and risk mitigation strategies to successed.

Csh: How can cyber security professional prepare in the case of a data security is or emergency?

AL: This question points, and rightfully so, at the need for a proper, working and tested Incident Response Plan.

Case in point, The Inquiry Report for the biggest data breach case in singapore to date found that the company’s Incident Resident Response Management was broken. If it has been prevent

Although they did have an incident response plan, it fell short in three critical ways:

• Staff was unaware of what to do, include how or when to report a cyber security incidence and to whom. Instead of Escalating The Incident Up the Chain of Command, It Went Unreported as Employees Tried to Deal With It on Their Own.
• Staff did not have adequate cyber security awareness and training, meaning they were unable to understand the severity of the attack or how to responsible effectively to it.
• Thought there was a framework in place to report cyber Security Incidents, Employees WERE not sufficiently trained on how to use it.

Again, Cyber Security Teams Must Get Get Top-Down Executive Management Support for a Comprehensive Incident Resident Response Plan involving all the stakehlets. There Must Bee Processes and playbooks That all the stakeholders and department staff must be complete These have to be tested at least onche a year and improved upon. This is beCAuse as personnel and technology change, so does the way an incident should be responsible to.

An incident Response Framework Must Include Apparopriate External Parties Who can work in a timely and efficient manner to manage the issue when it aries. This will ensure mitigation, minimalization, control of and recovery from the situation as well as business continuity both during and after the insurance. Following this, The Lessons Learned must be used to improve Cyber Security to Ensure Such Situations are Prevented from Happy Happening Again.

Csh: How can there in cyber security government with service level agreements?

AL: It is hard to dictate a service level agreement (SLA) Especially in Regard to Cyber Security and Data Protection to a Cloud Service Provider Un a Vry Large Organization. It is, however, a best practice to have your legal counsel or legal service provider have a look at the standard service level agreement the provider offers you to make sure items your requirements.

Irrespective of size, you as the customer can seek counsel with the cloud service provider about your data protection compliance requires and they can advise you on how the best this can be mutually across.

Remember that, at the end of the day, if the data hosted in the cloud is sensitive and it leaks or is breeded or hacked, You as the customer and data owner will be hand responsibleNot the cloud service provider.

Hear more insights on Cloud, Iot and AI from Anthony Lim in His Session, How Confident are you that your data is safe? At Cyber Security Hub’s All Access: Cloud Security Apac Event. Watch on-Demand Now!