Vulcan Post

Not Up For Debate—Businesses In M’sia NEED To Tell Users If Their Data Has Been Breached

As more of our life moves from the physical into the virtual, concerns about internet security have risen as well.

If you live in Malaysia, it feels like we’ve been punched in the gut with it lately.

First, there was magnetic tapes from CIMB containing backup customer data getting lost during routine operations. Before that, Jobstreet confessed that “some personal information” related to accounts made before 2012 were exposed.

Very recently, we found out that 46.2 million mobile phone numbers tied to personal details were leaked back in 2014—considered the largest data breach in Malaysian history.

If anything is going to be a wake up call for us, this is it. And well, I think we have.

Only 18.72% of Malaysians feel “extremely confident” that businesses are doing enough to protect them against cyber crime. 

More than half of Asia doesn’t believe that their info is safe in the hands of corporations / Image Credit: Limelight Networks

These were some of the findings from a “State of Cybersecurity” research from Limelight Networks—a company that deals with digital content daily.

According to the report, “how a business responds to cyber-attacks therefore can significantly impact consumer trust and affect brand reputation and long term revenue”.

That’s a no-brainer, isn’t it?

But this report is significant because it puts into numbers what we’ve all been feeling lately. And most importantly, it conveys to businesses that if they want to spend a long time with Malaysians, then they’ve got to get their security sh*t together.

Here’s a friendly suggestion to corporations: if any of your users’ data does get leaked, then you have a responsibility to inform each and every one of your customers who were personally affected. 

Many Malaysian corporations’ attitudes so far appear to be “If you don’t talk about it, the problem will go away” for most crises that impact them. The three main telcos in Malaysia affected have released statements about how they’re cooperating with investigations, but that still leaves many of their users in the dark.

It’s a legitimate concern / Image Credit: Limelight Networks

The release of that information could really damage their customer’s life, and it should be a business’ responsibility to ensure that each and every user affected is notified that their information is in jeopardy.

Only when equipped with this knowledge can users attempt to defend themselves. Or at least prepare for a potential storm.

Keith Rozario of sayakenahack fame said it best.

I believe the right to know about a breach should exists even if you can’t do anything about it.”

“If you have terminal un-treatable cancer—does that mean a doctor shouldn’t tell you about it? If you’re on a plane that’s about to crash, should the pilot remain silent?”

“You have a right to know about the leak. Regardless of whether you can do anything about it.”

The context for these statements for both myself and Keith come from different places, but what we definitely agree on is: when our data gets stolen or leaked, the big guys in suits shouldn’t be allowed to sit mum on these bombs.

It’s not just about consumer benefit here. Corporations have a lot to lose to.

Silence leads to consumers feeling betrayed by corporations. They might feel that corporations are not only lax with security of potentially life-destroying information, but by extension, uncaring if your life gets destroyed by their negligence.

After all, if these leaks were something the corporations tried to ignore or even bury, what are the other leaks or hacks that have flown under the radar—kept quiet to protect a company’s public image?

As consumers, the feeling is that there is no due diligence to the data that we entrust to them, no sense that a customer’s safety is prioritised.

This is all something that we should really emphasise to businesses as consumers because:

The survey noted that no amount of cybercrime is going to stop Malaysians from going online, and it shouldn’t.

It does change our behaviour, though.

92.36% of Malaysian consumers will check a site’s security before they actually buy anything online, more so than Singapore, with only 86.73% reporting that they do.

Image Credit: Limelight Networks

The report finds that a brand’s reputation and credibility are directly impacted once their website has been hacked.

If more than 90% of users checks a website before buying anything off it, a hit in credibility is easy math. As long as we actually act on it, and express to corporations either through our money, or just telling them outright that we don’t approve, then they’re forced to respond.

More than half of Malaysian businesses revealed that their company’s online presences have been attacked in the past 2 years. 

Image Credit: Limelight Networks

This is why majority of the companies surveyed stated that they have implemented tech to protect against DDoS and other attacks. Today, this is all a necessity, and not just extra measures anymore.

As a consumer who has no choice but to entrust my information to our corporate overlords to actually participate in modern technology, heightened protection for our user data should be treated as “common sense” defense as well.

“With a potential cyber-attack lurking in the corner, brands can no longer rest on ‘legacy trust’ that they have built over the years. Today, it’s about building trust each time a customer transacts with a brand online,” said Jaheer Abbas, Sales Regional Director, SE Asia and ANZ at Limelight Networks.

He admits that cyber security is not a one-size-fits-all approach, but he does suggest a multi-layered approach to security that might serve corporations better.

Meanwhile, organisations that do take precautions and protections for consumers’ sake should also shout about it.

According to the Limelight Networks reports, this could be as easy as promoting specific logos of cybersecurity solution vendor products on their website or app. This communicate that they take consumers’ concerns seriously.

I’ll admit that I’m not very knowledgeable about internet security. Terms like TLS and CMS vulnerability mean nothing more than a jumble of letters to my brain.

But jumping of Keiths’ points again, I shouldn’t have to know what these things mean to know that this is serious business. I shouldn’t have to know what these mean for corporations to take my safety seriously.

Armed with this information, I’ll definitely be making changes to my online behaviour, at the very least. And considering the current ecosystem, I suggest that you do the same.

 

Exit mobile version