Dire consequences are always at stake, especially when IT security is concerned. Hacking and other cybercrime attacks have the ability to shut down an entire system for a day, causing businesses to halt their operation.
In line with this, huge costs can be incurred whenever a cyber attack happens. But, among these consequences, it is always the illegal disclosure of confidential data records that can cause the greatest damage.
This was recently experienced by the Commission on Elections (COMELEC) when their website was hacked last March 27, 2016, leaving millions of voter registration records open to the public and leading to what could be the biggest data breach in Philippine history.
The COMELEC Data Breach
On Sunday, March 27, the COMELEC website got defaced by hacktivist group, Anonymous Philippines. The group is notorious for previously hacking other government websites.
A larger problem arose when a group called LulsZec Pilipinas uploaded COMELEC’s entire database on Facebook the following day.
The database includes voter registration data. Reports from Trendmicro also indicate that the database contains records of 1.3 million overseas Filipino voters, which include their passport numbers and expiry dates. This data leak leaves over 55 million registered Filipino voters vulnerable to identity theft, fraud, and more.
According to the same report, this is also possibly one of the biggest government-related data breaches in history. Since the data breach, two suspects had already been arrested by NBI. On the other hand, data privacy lawyers believe that COMELEC officials themselves could be held liable for the hacking incident.
According to Lawyer, Marlon Anthony Tonson, the COMELEC officials who are “in charge of making the database accessible online” are accountable for ensuring that the poll body complies with the country’s existing data privacy laws.
IT Security Lessons for Every Government Agency
With hackers finding more innovative ways to infiltrate an organization’s IT system, data breaches are happening quite more often in the recent years, even to the most secure organizations such as government institutions falling victim to these cyber attacks.
The recent COMELEC data breach is a testament to this. However, this does not mean that these organizations should scrimp on their IT security measures.
As data expands and technology advances, a stronger security strategy should always be given top priority. Organizations, regardless of nature and size, need to be more security conscious and understand the impact that cyber attacks can cause to their business, and more importantly, to their clients and employees.
The damage done by hacking cannot be undone, but there are ways to avoid getting hacked. Here are some practices that organizations should implement to strengthen their security strategy.
1. Keep Updated
Stay updated on the latest hacking threats and news, so you’ll know which precautions you need to take, in case you think your current security system has more vulnerabilities to some of these threats. Similarly, keep your software updated at all times.
2. Strengthen Network Security
Your current network security may be looser than what you think. Ensure that your web servers are secure by having logins expire after a period of inactivity and passwords expiring frequently.
3. Install a Web Application Firewall
A web application firewall (WAF) serves as the gateway for incoming traffic to your website. It works by filtering and blocking suspicious activity that does not meet the configured policy of the firewall, which makes it an excellent tool for preventing hacking attempts and other threats.
Most of the WAFs nowadays are cloud-based and central among everyone who uses the service, which allows for greater threat detection rates.
4. Use SSL in Your Website
Using encrypted SSL in your site allows for the safe transmission of sensitive information between your site and database.
Without SSL, this information can be normally viewed in plain text, be easily accessed, and be used by hackers.
5. Back up Your Data
It’s always better to be safe than sorry. Back up your data frequently, so you come prepared in case the worst happens.
While there are now numerous data recovery tools available in the market to help you retrieve data you once lost, it’s still advisable to have a backup plan ready at bay.
Hackers are always finding more ways to intercept with an organization’s IT security system for several reasons. No organization is safe from such threats, even the most secure and protected institutions are not spared once hackers peep a vulnerability in their system.
The COMELEC data breach is the most recent proof to this, and if business owners do not work on improving their current security initiatives, this attack is certainly not going to be the last.