Image: Sample illustration
Cybercrime, cyber-defence, cyber-analytics – there is no shortage of buzz-words in the realm of IT security. All of them refer to the online world, yet none pinpoints a single specific issue. Taken together, however, these lofty terms highlight a trend that deserves our utmost attention!
Today, hacking attacks are a daily occurrence across every industry. The growing number of mobile, networked systems has two consequences. First, companies face a rising need to safeguard data: they must protect their systems from unwanted access, ensure high data quality and at the same time guarantee continuous availability. Only when these three components are secured can data be transformed into information and, through analysis, be put to valuable use. Second, the losses caused by cyber-crime are climbing sharply. According to Germany’s Federal Criminal Police Office, cyber-attacks alone racked up damages of more than €203 billion per year in Germany.
Long story short – data security is a matter for top management! Data security covers every measure whose goal is to secure a company’s data. The decisive factor when implementing security measures is the state the data are in at the moment of protection:
Depending on that state, different protective options exist. Although no measure can provide 100 percent security, IT security can be improved continuously and systematically. Every facet of data security must be considered if the protection is to be as comprehensive as possible. In the era of the Fourth Industrial Revolution – better known as Industry 4.0 – data security is moving ever more into focus. From automated machine-data collection on the shop floor to the fully digitalised smart factory, vastly more data circulate today than in past generations.
Every facet contributes a building block to data security within the company. If one facet is ignored or left without appropriate measures, the other safeguards also suffer. Only a complete view of all facets provides a solid basis for building further protective mechanisms.
Due to process-related, physical, and structural conditions, transport is often unavoidable and thus frequently falls into the category of necessary value-enabling waste. Nonetheless, the goal should be to reduce transport as much as possible and to keep walking and transport distances as short as possible.
Stored or transmitted data are protected against unauthorised access. That means only authorised persons may reach stored data. The same care must be taken during transmission so that no one can intercept them. Symmetric or asymmetric encryption methods are generally used to ensure this facet.
Integrity means maintaining the completeness and high quality of the data. Suitable measures protect them against unwanted change and manipulation. Safeguarding data against loss due to technical failure is also part of this facet. Access controls log entry to the data and make changes traceable. Regular data backups further reduce the risk of data loss.
If access rights exist for certain data, those data should be fully retrievable and usable at any time. That minimises the risk of system downtime. Synchronised storage solutions or cloud use are typical ways of achieving this.
Ensuring transparency here means that the origin of the data and the way they are used can be proven. Clear assignment and legally compliant handling are guaranteed, for example, by logging access.
Proof of the data’s origin ensures authenticity. Determining the identity of the data is also an aspect of integrity. If the origin can be determined, verification can rule out the possibility of deception of a recipient. In digital data traffic, identity verification is often carried out using encryption, such as a public key infrastructure. This ensures that data arrives unchanged at the correct recipient when retrieved or sent.
Preserving data security in all its facets must be anchored throughout the entire corporate structure. To exploit all the opportunities offered by operational data collection, analysed data should be used not only in shop-floor management but also in corporate-goal planning. The cycle between data collection and calculation of target data also harbours optimisation potential for leaner processes.
If only it were that simple. Digital transformation is advancing rapidly, constantly opening up new possibilities – alongside efficient innovations, new avenues for unauthorised access arise as well. The goals of data security therefore have to be pursued continuously. Identifying and assessing threats is best handled through recurring, dynamic processes viewed from an attacker-centric perspective.
First, define objectives that must be met for the sake of security. Next, develop attack scenarios to uncover possible weaknesses in the system. After a simulated attack, weak points can be analysed and counter-measures initiated. This process runs at regular intervals, ensuring ongoing optimisation.
Once planning and a suitable strategy are in place, only implementation remains. Outstanding examples worldwide show how crucial the right approach is during implementation, not just for cutting costs but also for generating value.
The most important component! Employees must be sensitised to data security. They need to understand why certain processes are necessary and be aware of the consequences of lacking data security. Only then can the measures be implemented correctly. Once understanding has been built, training sessions should be held and competences developed.
Every device connected to a network should be checked for its security status and data. Regular status reviews and backups raise security with simple means.
The company’s security software must, of course, always be up to date. Carrying out regular updates must become a fixed process.
Work processes should be clearly defined so that access and authorisation rights can be granted accordingly. Only persons who actually need access to certain data to perform a task receive it.
Any decrypted access to corporate data should occur only for the duration of access. Company personnel should naturally secure all devices in the network with strong passwords. When away from the workplace, all accesses must be blocked.
Combining information gathering and employee awareness forms a solid foundation for data security. Additional security standards can be built on that and continually refined.
Instead of leaning on the buzz-words mentioned at the outset, it pays to engage with the practical measures required for data security.
