Security Market Segment LS
Monday, 05 May 2014 15:24

The human factor puts data privacy at risk Featured

By
MIchelle Dennedy, Chief Privacy Officer McAfee MIchelle Dennedy, Chief Privacy Officer McAfee

Human error has been identified as the key vulnerability of cyber security and a major threat to data privacy, according to the security chief of one global security firm.

Michelle Dennedy, the Chief Privacy Officer at McAfee – part of Intel Security – says the top three threats to customer privacy this year – targeted point-of-sale malware attacks, software coding errors and internal misuse of customer information – are in “whole or part the result of human interaction with security systems”.

Dennedy, author of The Privacy Engineer’s Manifesto - currently visiting Australia during Privacy Awareness Week - says that data privacy must be built into operational systems and data management policies to mitigate the key vulnerability of cyber security – humans.

According to Dennedy, even the most comprehensive security system has its flaws, most notably human errors or choices that make security processes less robust and result in a loss of customer privacy.

“We live and work in a digital, IP-connected world where privacy and security vulnerabilities cannot be completely programmed out. That being said, the best course of action is to plan for the eventuality of errors by building a privacy infrastructure that places protecting customer data at its heart, and provides clear policies and guidelines for employees who are in charge of managing this type of information.

“We’ve seen three recent types of vulnerability which could happen to any business that stores customer account and financial details, and in each case there’s been an important lesson to learn about respect for customer privacy.”

Dennedy says the retail sector, in particular, has seen a spike in attacks on point of sale (POS) systems as cyber criminals recognised an opportunity to exploit an area where there has been “little effort to secure customer data”.

“We’ve found that retailers are falling into a ‘security by obscurity’ trap – they mistakenly believe that their POS system is so customised to their particular business requirements that it would be too difficult for hackers to bypass the controls and access the system,” Dennedy warns.

“In fact, most use fairly standard systems and processes and it is relatively easy for criminals to gain access to customer account and credit card details. Many hackers are using fairly unsophisticated off-the-shelf malware to perpetrate a successful attack.”

According to Dennedy, some recent data breaches have occurred despite the security system identifying an attack, because the security team ignored or overlooked critical alerts.

“Businesses can invest in state-of-the-art security platforms designed to prevent cyber attacks and data breaches, however, the security managers and executives need to recognise the problem and take action to protect their customers.”

Dennedy stresses that cyber risks are not only external to the business, and that a key threat to data security is from employees, suppliers and third parties who either maliciously or accidentally misuse or have an inappropriate level of access to sensitive customer data.

She makes the point that internal data leakages are almost always the result of human error, either from the person handling the customer data, or those in charge of writing, implementing and enforcing the data handling policies or setting access restrictions to sensitive data on the server, including those who no longer work for the company.

“With consumers becoming more aware of their digital footprint and the value of their privacy, these types of vulnerabilities within an organisation’s processes and systems are taken seriously. The changes to the Australian Privacy Laws have helped everyone realise and respect that data is not just data, it’s information on human beings.

“What we are aiming for is privacy by design, where businesses think about what their customers would expect from them and use that as a starting point for building a privacy framework. We call this ‘privacy engineering’ where customer privacy protection practices are embedded into every aspect of the business and at every level of employee, and that means all staff - current and past.”

Dennedy  also has something to say on “coding glitches”, highlighting the Heartbleed vulnerability in OpenSSL which she says poses “one of the most formidable security and privacy concerns in recent memory given attackers manipulating it could have eavesdropped on communications, stolen data directly from services and users, or impersonated services and users.”

“What we’ve seen is a human error in the coding of the software, but as this particular technology standard is not very user- or administrator-friendly, the OpenSSL has been implemented poorly in many cases, creating an even broader problem for businesses.

“Technology developers must go further by building privacy controls into their products at their genesis, rather than attempt to bolt it on to technology as an expensive afterthought with risk-liability implications,” Dennedy concludes.


Please join our community here and become a VIP.

Subscribe to ITWIRE UPDATE Newsletter here
JOIN our iTWireTV our YouTube Community here
BACK TO LATEST NEWS here

PROMOTE YOUR WEBINAR ON ITWIRE

It's all about Webinars.

Marketing budgets are now focused on Webinars combined with Lead Generation.

If you wish to promote a Webinar we recommend at least a 3 to 4 week campaign prior to your event.

The iTWire campaign will include extensive adverts on our News Site itwire.com and prominent Newsletter promotion https://itwire.com/itwire-update.html and Promotional News & Editorial. Plus a video interview of the key speaker on iTWire TV https://www.youtube.com/c/iTWireTV/videos which will be used in Promotional Posts on the iTWire Home Page.

Now we are coming out of Lockdown iTWire will be focussed to assisting with your webinatrs and campaigns and assassistance via part payments and extended terms, a Webinar Business Booster Pack and other supportive programs. We can also create your adverts and written content plus coordinate your video interview.

We look forward to discussing your campaign goals with you. Please click the button below.

MORE INFO HERE!

INTRODUCING ITWIRE TV

iTWire TV offers a unique value to the Tech Sector by providing a range of video interviews, news, views and reviews, and also provides the opportunity for vendors to promote your company and your marketing messages.

We work with you to develop the message and conduct the interview or product review in a safe and collaborative way. Unlike other Tech YouTube channels, we create a story around your message and post that on the homepage of ITWire, linking to your message.

In addition, your interview post message can be displayed in up to 7 different post displays on our the iTWire.com site to drive traffic and readers to your video content and downloads. This can be a significant Lead Generation opportunity for your business.

We also provide 3 videos in one recording/sitting if you require so that you have a series of videos to promote to your customers. Your sales team can add your emails to sales collateral and to the footer of their sales and marketing emails.

See the latest in Tech News, Views, Interviews, Reviews, Product Promos and Events. Plus funny videos from our readers and customers.

SEE WHAT'S ON ITWIRE TV NOW!

BACK TO HOME PAGE
Peter Dinham

Peter Dinham - retired in 2020. He is a veteran journalist and corporate communications consultant. He has worked as a journalist in all forms of media – newspapers/magazines, radio, television, press agency and now, online – including with the Canberra Times, The Examiner (Tasmania), the ABC and AAP-Reuters. As a freelance journalist he also had articles published in Australian and overseas magazines. He worked in the corporate communications/public relations sector, in-house with an airline, and as a senior executive in Australia of the world’s largest communications consultancy, Burson-Marsteller. He also ran his own communications consultancy and was a co-founder in Australia of the global photographic agency, the Image Bank (now Getty Images).

Share News tips for the iTWire Journalists? Your tip will be anonymous

VENDOR NEWS