Lessons from the Cathay Breach: Time to Talk Data Classification

“It’s not if, but when”, a phrase almost guaranteed to creep into any event with information security on the menu. Yet beyond the roundtables and fora increasingly devoted to cybersecurity and data privacy, this phrase took on a very real meaning as households in the SAR awoke on October 25th to the possibility that their personal information had been leaked along with some 9 million other Cathay Pacific accounts breached earlier this year.

Lessons from the Cathay Breach: Time to Talk Data Classification

“It’s not if, but when”, a phrase almost guaranteed to creep into any event with information security on the menu. Yet beyond the roundtables and fora increasingly devoted to cybersecurity and data privacy, this phrase took on a very real meaning as households in the SAR awoke on October 25th to the possibility that their personal information had been leaked along with some 9 million other Cathay Pacific accounts breached earlier this year.

The airline will no doubt be under fire for some time following these revelations – not least as they have erupted just one week ahead of the region’s largest aviation conference, likely prompting executives to scramble to assess their own vulnerabilities and ramp up data security in response.

However, every data breach serves as an important reminder that the conversation about information security needs to be taken seriously beyond financial services and insurance providers, which have traditionally been targeted. Airline passengers will understandably be concerned that their personal data has been captured by criminals, given the breadth of personal information an airline maintains, including passport or national ID numbers.

There are several key points that should be focused upon clearly. First, the problem is a cyber-risk problem, not a cybersecurity problem per se – and the goal is to use cybersecurity tools to strive for resilience. It is important, too, to be clear about resilience as there is in fact no such thing as complete security – although there is an acceptable level of risk.

In terms of translating the above to business leaders, whether for a supermarket chain, food-delivery app, or a bank, the focus now needs to be on determining how much a company’s cyber-risk is actually worth, in terms of impact on customers, share price, or reputation. From an information security perspective, the emphasis – across all industries – must focus on aligning security measures with risk.

With every business considering ways to benefit from digital transformation, companies need to look at ways to manage risk – starting with data classification.

Classifying data into distinct categories based on the sensitivity of the data and risk of harm if the data is breached allows a business to effectively and efficiently align appropriate security controls, such as encryption or other access control measures, according to relative risk.

The term ‘cybersecurity’ has entered popular lexicon, but the real objective is ‘cyber risk management,’ and that starts with data classification.

View the original article here

Photo by Amarnath Tade

Related Articles

Access Alert: Maximising opportunities for the tech industry in a new era of EU competitiveness

Access Alert: Maximising opportunities for the tech industry in a new era of EU competitiveness

The Draghi report, published on 9 September 2024, presents a strategic roadmap for Europe to regain its global competitiveness. It...

11 Sep 2024 Opinion
旅客輸送サービスの現状調査:人口減少下の課題と展望

旅客輸送サービスの現状調査:人口減少下の課題と展望

Read the content in English 著者: Abhineet Kaul (Access Partnership), Swee Cheng Wei (Access Partnership), Chailyn Ong (Access Partnership) アドバイザー:...

30 Aug 2024 General
Passenger Transportation in Japan: Challenges and outlook with ongoing societal changes in less connected areas

Passenger Transportation in Japan: Challenges and outlook with ongoing societal changes in less connected areas

投稿を日本語で読む Authors: Abhineet Kaul (Access Partnership), Swee Cheng Wei (Access Partnership), Chailyn Ong (Access Partnership) Advisors: Dr. Tomoaki Watanabe (GLOCOM),...

30 Aug 2024 General
Access Alert: Update on Mexico’s Regulatory Reforms: What You Need to Know

Access Alert: Update on Mexico’s Regulatory Reforms: What You Need to Know

In recent developments, Mexico is moving forward with a constitutional reform aimed at dissolving several key autonomous agencies, including the...

28 Aug 2024 General