The Security Risk Aspects of Personal Identifiable Information
In the world of cybersecurity, the Personal Identifiable Information (PII) of individuals (and even entities) can be extremely valuable, and even deemed pricey to interested parties.
This causes many of us to start asking questions such as ‘Who else has this information? What can be done with the PII?’
NetAssist is in the business of helping clients to identify possible cyber threats and to find the most effective ways to protect from its risk.
Very often when we assess business operations, we detect various vulnerabilities or easy loopholes for cyber criminals (both outsiders and insiders); it is unbelievably convenient and easy for a criminal to steal all the PII of an organisation.
Fact #1
An important questions that Netassist’s cyber security experts often asks during Information Security Audit sessions with our clients is ‘Need these highly confidential PII data even be there at all, in the first place?’. Often, after discussions and analysis, many clients start to realise and agree that the locations of the data is not even ideal right from the start.
Fact #2
Another important question is whether are the ‘Virtual Houses’ (AKA the systems) that store the PII information, has a ‘hidden door’ that can be found and used by cyber criminals to access? This is where Penetration Testing comes in, acting like ‘white hat’ ethical hacker to identify where are all these ‘hidden access doors’, and recommends remediations to tighten the Virtual House’s security system.
The rate of cyber crime is now at historical high and we foresee the trend to be at least maintained, if not escalate in the immediate future.
Hence, knowing about PII and the possible weakness of the data system hosts it, can hopefully help guide some of us in mitigating the risk of cyber-attacks on organisations.
By Hon Fun Ping, CEO, NetAssist