Businesses should review conventional cybersecurity measures amid the latest data breach scandal, according to a leading academic. 

Medibank is the latest company to record a data breach, with around 9.7 million current and former customers compromised.

Dr Xingliang Yuan, from the Monash Department of Software Systems and Cybersecurity, said now is the time to review measures. 

“Currently, businesses often use conventional cybersecurity measures like user access control to specify who can access the data or encryption that can be undone at the server’s end. These methods do not guarantee strong data protection," Dr Yuan warned. 

"Both external hackers and employees like database administrators etc. can compromise such systems and steal data, as demonstrated in recent data breaches at Medibank and Optus. 

“To address this problem, businesses should be adopting encrypted databases which can store, query, and process the data in an encrypted form directly. Only trusted parties like the data owners can decrypt data in such systems and they reduce the attack surface at the server level.

"Also, even if a hacker or an insider compromises the server, they will not have clear access, as the data remains encrypted throughout its life-cycle.

“Companies are not doing enough for data security. More significant investment is needed to ensure data protection at the business level.”

Last month, online marketplace MyDeal also reported a data breach affecting 2.2 million customers. 

The Woolworths Group subsidiary confirmed unauthorised access to its Customer Relationship Management (CRM) system, resulting in the exposure of some customer data. 

comments powered by Disqus