The Personal Data Protection Act (PDPA) comes into force in Singapore tomorrow (Wednesday, July 2). Sharat Sinha – Vice President, Asia Pacific for Palo Alto Networks – shares his views on what this means for businesses in Singapore and how this relates to cybersecurity.
“Following the Singapore Government’s introduction of its five-year National Cybersecurity Masterplan last year, the introduction of PDPA will work to further strengthen Singapore’s position and reputation as a trusted, world-class hub for business,” says Sinha.
The PDPA (Personal Data Protection Act), which comes into force on Wednesday July 2, aims to safeguard individuals’ personal data against misuse by regulating its management by companies.
Palo Alto Network’s recent 2014 AUTR Report, highlights how threats to enterprise networks may be ‘hiding in plain sight’, gaining access to the networks via commonly used enterprise applications like Drop Box, Skype and Microsoft Exchange, to name a few.
The Act is based on the understanding that individuals have the right to be informed of the purposes for which organisations are collecting, using or disclosing their personal data, giving individuals more control over how their personal data is used.
It recognises both the rights of individuals to protect their personal data, including rights of access and correction, and the needs of organisations to collect, use or disclose personal data for legitimate and reasonable purposes.
The PDPA highlights the need for Singapore Businesses to have appropriate cybersecurity solutions in place to protect customer data.
Sharat Sinha addresses the risks of what’s at stake by having personal data stolen by a cybercriminal, why cybercriminals steal this information and most importantly, what businesses can do to protect themselves and their customers.
Below are Sinha’s insights.
Views on PDPA in Singapore – by Sharat Sinha – Vice President, Asia Pacific for Palo Alto Networks
While the main thrust of the PDPA is to govern how businesses currently use customer data, helping to reduce the number of marketing calls and sales text messages people receive by introducing the need for consent to be given before companies are able to sell or share data with third parties, it also underlines the legal requirement for businesses to have appropriate security arrangements in place to safeguard personal data from unauthorised access.
Why do cybercriminals steal personal data?
Personal data is valuable commodity for cybercriminals, and can be used for a host of malicious activities.
From spammers, Botnet operators and identity thieves to organised crime rings, personal data is now black-market currency representing a multimillion dollar industry.
Recent cases such as the theft of Standard Chartered’s customer data via a third party vendor, and the theft of names, encrypted passwords, phone numbers, e-mail addresses, home addresses and dates of birth, from e-commerce giant eBay, reminds us that personal data theft is a global issue to which Singapore is not immune.
What’s at risk when personal data is stolen?
Enterprises which do not have the appropriate solutions in place to ensure that their data is protected could be making themselves and their customers vulnerable to attempts by cybercriminals to steal sensitive information such as usernames, passwords, credit card details and more.
Phishing attacks for example, can be launched with little more than an email address, as was the case with POSB Bank in Singapore, which saw its customers being lured into inputting their account details into a fake website, after following a malicious link within a phishing email.
Similarly, malware attacks can be launched in much the same fashion, quietly uploading key-logging software onto an unsuspecting user’s system, following their click on a malicious link.
Using this technology, cybercriminals are able to record logins and hack and empty bank accounts.
What should businesses do to protect personal data, in line with the PDPA?
Due to the explosion in communication technology in recent years, including the increased use of mobile devices, cloud and virtualisation technologies, there are now many ways that cybercriminals can potentially find their way into enterprise networks.
It’s very important therefore that businesses ensure that their security solution covers all of the necessary bases – that is, the network, cloud and end point (mobile device / USB).
If any one point is vulnerable, it could undermine security in other areas, leaving the network open to attack and increasing the chance of a data breach.
It’s very important for enterprises to ensure that their security solution provides full visibility over network traffic, including its applications, users and content.
Full visibility means that you make no compromises in your security posture, helping to simplify your compliance audits and increasing the productivity of the business by enabling, rather than disabling the use of applications and mobile devices.
Lastly, human error can often be a key cause of data breaches, so making sure that employees, partners, consultants and vendors, as your front line in security, are up-to-speed on the protocols necessary to keep the network secure, will be fundamental in minimising this risk.
Tags: cybersecurity, Palo Alto, PDPA, security, Singapore
This entry was posted on Tuesday, July 1st, 2014 at 3:32 pm and is filed under Business IT, Enterprise IT, Interview, Opinion, Security, Tickers. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
