1.2 Organisational Data

1.2.1 Types of Organisational Data

1.2.1.1 Traditional Data

Traditional data is generated and maintained by organizations and includes:

• Transactional Data: Buying/selling details, production activities, employment decisions.
• Intellectual Property: Patents, trademarks, and trade secrets crucial for economic advantage.
• Financial Data: Income statements, balance sheets, and cash flow statements.

1.2.1.2 Internet of Things (IoT) and Big Data

IoT refers to a network of connected devices that collect and share data. With the growth of IoT, Big Data has become a significant technological and business focus.

1.2.2 The Cube

The McCumber Cube is a cybersecurity model that evaluates security initiatives using three dimensions:

1. Foundational Principles:
   • Confidentiality: Prevents unauthorized access using encryption and authentication.
   • Integrity: Protects data from modifications using hash functions.
   • Availability: Ensures data access through maintenance, updates, and backups.
2. Data Protection in Different States:
   • Processing: Active use of data (e.g., database updates).
   • Storage: Data stored in memory or devices (e.g., hard drives).
   • Transmission: Data being transferred across networks.
3. Security Measures:
   • Awareness & Training: Educating users on security risks.
   • Technology: Firewalls, encryption, and security software.
   • Policies & Procedures: Incident response plans and security guidelines.

1.2.4 Is This for Real?

Phishing is a common cyber threat. Example:

• In 2020, Razer experienced a data breach exposing 100,000 customer records due to a misconfigured cloud server.
• Cybercriminals exploited this exposure for fraud and social engineering attacks.

1.2.5 Data Security Breaches

Persirai Botnet (2017)

• Targeted over 1,000 IoT cameras.
• Installed malware that ran undetected in memory.
• Used hijacked cameras for DDoS attacks.

Equifax Breach (2017)

• Attackers exploited a software vulnerability, exposing millions of customer records.
• Fraudulent websites tricked customers into providing personal data.
• Identity theft risks increased significantly.

1.2.6 Consequences of a Security Breach

• Reputational Damage: Customers may lose trust and seek alternatives.
• Vandalism: Hackers may alter websites or manipulate business information.
• Theft: Stolen sensitive data can lead to identity fraud.
• Loss of Revenue: Businesses may face operational shutdowns and financial penalties.
• Intellectual Property Damage: Leaks of confidential documents and trade secrets can harm competitiveness.