This was one email that Air India customers certainly did not expect or ever want. On 22 May, the airlines revealed that 10 years’ worth of its customer data including credit cards, passports and phone numbers were leaked in a massive cyber-attack on its data processor in February. The incident has affected around 45 lakh customers registered between 26 August 2011, and 3 February 2021, according to Air India.
The ‘highly sophisticated’ attack was targeted at Geneva-based passenger system operator SITA that serves the Star Alliance of airlines including Singapore Airlines, Lufthansa, and United besides Air India. The leaked data, according to Air India, included names, date of birth, contact information and ticket information, frequent flyer numbers and credit card data but not passwords. This hardly would provide any comfort to the airlines’ customers.
This wasn’t the first data breach, and it certainly won’t be the last. For instance, there was a sense of deja vu this April when Alon Gal, a security researcher at cybersecurity firm HudsonRock, tweeted that personal data from 533 million Facebook accounts was leaked online for free. A Business Insider report later said it verified several of the records, which were from 106 countries, including 6 million in India. The data included user “…phone numbers, Facebook IDs, full names, locations, birthdates, bios, and — in some cases — email addresses.”
According to 2019 Q3 Data Breach QuickView Report, there were 5,183 breaches reported in the first nine months of 2019 exposing 7.9 billion records. The numbers have only increased exponentially since then.
For instance, data from over 500 million LinkedIn users—including user IDs, full names, email addresses, phone numbers, professional titles, and other work-related data—has been hacked, according to security news and research group CyberNews.
While LinkedIn clarified that the data set does not include sensitive information like credit card information or social security numbers, the fact remains that the leaked data could help hackers use the email addresses and phone numbers to spam or even loot people online. Users can see if their data has been compromised by the incident by accessing sites like Have I Been Pwned, which list major data breaches.
Our own research reveals that data breaches take place almost daily but remain undetected for almost 270 days on an average.
Data breaches can prove expensive to users since hackers are bound to use the information for social engineering (advanced phishing), scamming, ransomware, spamming and marketing, causing users immense amount of distress and financial losses too in many cases. Companies, too, must bear the brunt in terms of brand reputation and penalties. The UK’s data privacy watchdog, the Information Commissioner’s Office (ICO), for instance, fined the Marriott Hotels chain GBP 18.4 million (roughly Rs. 190.30 crores) last year for a major data breach that may have affected up to 339 million guests in 2018.
The pandemic, which has accelerated the process of digitalisation in enterprises, has ironically accentuated these cyber maladies too. Moreover, as workers increasingly work from home, they begin accessing more data in the cloud, calling for increasing security measures in companies and on user devices that access this data.
In this context, it’s first important to define the cloud. Companies may be using public cloud services that could include software-as-a-service (SaaS), infrastructure-as-a-service (IaaS), and platform-as-a-service (PaaS). They could also host their data on their premises – a trend known as private cloud. Or they could be using a combination of both the private and public cloud services–a trend known as Hybrid cloud.
Each of these situations demand a nuanced cloud strategy since the cloud provider and cloud customer will share different levels of responsibility for security of the data. Further, the solution that a security vendor will provide needs to detect and respond to security risks in real-time, regardless of where the user is operating from – home, office or travelling.
While no vendor can claim to possess any silver bullet that can provide blanket cloud security, it’s important that companies know the location of their data; what data they have stored in the cloud; who has access to it and whom are they sharing it with, and on which device.
Here’s what works for most clients.
First, the solution should provide an intuitive user-interface that enables visual analytics, a multi-dimensional view of the data, and tools to slice and dice information in ways that will enable companies take speedier action when an anomaly is detected.
Second, cloud-native applications rely on the environment for telemetry – the automatic collection and transmission of data to centralised locations for subsequent analysis. Hence, the solution should allow not only for cloud telemetry but also for telemetry for the data that resides on end-point devices like smartphones, tablets and laptops that are being used by workers who are travelling or at home. Third, these endpoint devices can be powered by Linux, Windows, or Mac, which implies that solution should be operating system agnostic.
Fourth, companies should include Cyber Situational Awareness (CSA) capabilities in their arsenal. CSA is critical when talking about cybersecurity, simply because like in traditional warfare, cybersecurity teams need to understand where the threats reside, where they are coming from, and how they mutate over time, among other things.
Fifth, it’s important to note that artificial intelligence (AI) systems can be used to identify and predict attack patterns, thus dramatically decreasing the response time. The problem, though, is that if a company is using a basic machine learning (ML) system, which has been trained on historic data, this system will be unable to spot new threats since hackers too are using AI systems.
Sixth, retraining your workforce, as consultancy firm McKinsey notes, is another critical aspect of cybersecurity. This is important since the typical technology workforce of an enterprise is trained in developing business applications in the traditional IT framework but most of them need to be reskilled or upskilled for the cloud environment, McKinsey insists.
All these issues become critical since with the fifth generation, or 5G networks soon to replace 4G networks, cloud security will become more vital especially when it comes to protecting end-user devices. The reason is that 5G connects more devices than earlier technologies, expanding the surface for cyber-attacks and making it riskier for companies.
Naveen Jaiswal is the Co-Founder and Head of Research & Development at Vehere.
Disclaimer: The opinions expressed within this article are the personal opinions of the author. NDTV is not responsible for the accuracy, completeness, suitability, or validity of any information on this article. All information is provided on an as-is basis. The information, facts or opinions appearing in the article do not reflect the views of NDTV and NDTV does not assume any responsibility or liability for the same.