Data Breaches – Is VAPT the solution?

What happened recently with so much Data Breaches news coverage?

One of the key challenges for organisations today is how to safeguard their information systems and digital infrastructure from attacks by malicious hackers and cybercriminals. Current concerns for most companies are often related to data breaches, with so much media coverage focusing on recent cases. 

In light of recent data breaches discovered on Singtel and Ninja Van, Personal Data Protection Commission (PDPC) mentioned:

“Despite having received professional advice to take precautions against such vulnerabilities, the organisation omitted to conduct a full code review…and hence failed to discover (the vulnerability) that was exploited in this case.”

No matter how certain organisations are about their defences, there are always risks to their security because of frequent changes and updates made to their digital infrastructure.

Due to these issues, vulnerability assessment and penetration testing (VAPT) come in place as a solution to identify the unknown vulnerabilities and set immediate remediation to mitigate cybersecurity risk for the company.

According to PDPC, eight organisations were found to be in breach of the Personal Data Protection Act (PDPA). 

  • Ninja Logistics for failing to put in place reasonable security arrangements to protect customers’ data in relation to a tracking function on the company’s website, allowing the data to be accessed publicly.
  • EU Holidays, penalty of $15,000, for not protecting customers’ personal data and not having written policies and practices to comply with the PDPA.
  • Marshall Cavendish ($40,000), Singtel ($25,000) and SearchAsia Consulting ($7,000); and a warning issued to another two – Tan Tock Seng Hospital and CampVision.
  • Directions were also imposed on iClick Media for breaching the Accountability Obligation.

Is Your company ready for Vulnerability Assessment & Penetration Testing (VAPT)?

Vulnerability Assessment & Penetration Testing (VAPT) is necessary to spot your vulnerability. VAPT result shall deliver quality assessment through the eyes of both a hacker and an experienced and certified security expert to discover where you can improve your security posture.

The findings (vulnerabilities) would be delivered as reports that shall be used to effectively remediate any of the vulnerabilities and answer these following questions:

  • How vulnerable are you from the internet or intranet?
  • What are the exploitable vulnerabilities?
  • Are the operating system patches current?
  • Do you have unnecessary service running?

“Knowing your vulnerability and the way in which the attackers could exploit them are one of the greatest insights you can get in improving your security program.”

Want to know how we can help you discover vulnerabilities through VAPT?

 

 

 

 

 

Reference

Singtel fined $25,000 and Ninja Van $90,000 for data breaches, The Strait Times, Nov 5, 2019. – https://www.straitstimes.com/business/companies-markets/singtel-fined-25000-and-ninja-van-90000-for-data-breaches

New Commission’s Decisions on 4 November 2019, PDPC, Nov 4, 2019https://www.pdpc.gov.sg/pdpc/news/latest-updates/2019/11/new-commissions-decisions-on-4-november-2019

Recent Posts

  • News & Press Release

Celebrating Excellence: Announcing the Results of Our 2024 Customer Satisfaction Survey

We are thrilled to announce the results of our annual Customer Satisfaction Survey for the…

8 months ago
  • Blog

Netpluz Asia Expands Cybersecurity Footprint in Hong Kong

We are thrilled to announce the opening of our brand-new regional office in Hong Kong,…

8 months ago
  • News & Press Release

Netpluz Collaborates with Teridion to Enhance Managed Secure Connectivity Services

  Singapore, April 17, 2024 - Netpluz, a dedicated provider of managed services specializing in…

9 months ago