Fines for PDPA breaches for organizations have hit an all-time high as reported by the Data Protection Excellence (DPEX) Centre.
As of August 2019, the number of enforcement cases by the government body PDPC is 13% higher than the full year of 2018, with the amount of fines collected this year to-date (excluding the SingHealth penalties) already double that of last year.
The leading cause of these breaches is compromised personal data which were leaked, with 80% of organizations found in breach between 2016 and 2019 due to negligence.
Organizations have lost the fight to protect sensitive information. Employees, partners, contractors, and customers connect anytime, anywhere from any device to just about any resource. These freedoms make their identities prime targets for criminal hackers, who have wasted no time using them to raid accounts and data.
Dan Mountstephen, Regional Vice President at Centrify, commented on this upward trend: “Data breaches continue to dominate cybersecurity headlines around the world, and Centrify’s research reveals that 74% of data breaches involve privileged access abuse.”
The reality, he said, is that cyber-attackers no longer ‘hack’ in, they log in using weak, default, stolen or otherwise compromised credentials and then seek out privileged access to critical systems and sensitive data for profit.
“While some may be encouraged to see fines being imposed on organizations that are not placing a higher importance on customer privacy and data security, more attention should be devoted to placing stricter access controls in place to keep bad actors out,” Mountstephen stressed.
“Adopting basic privileged access management strategies and a Zero Trust approach to cybersecurity, which assumes no one is to be trusted until their identity is proven, can significantly harden the cybersecurity posture of any organization and reduce their risk of being breached, and fined,” he concluded.