Heron introduces Security Configuration & Data Compliance Assessment service
Heron introduces a new Security Configuration & Data Compliance Assessment Service to help organisations discover misconfiguration and exposures on monitored endpoints and mishandling of sensitive data that would pose significant risks. The assessment will be free for Singapore companies with over 50 employees for a limited time period.
Heron Security configuration assessment dashboard
A security misconfiguration occurs when system or application configuration settings are missing or are erroneously implemented, allowing unauthorized access. Common security misconfigurations can occur due to leaving default settings unchanged, erroneous configuration changes or other technical issues. They can occur in applications, cloud infrastructure, networks and elsewhere. Misconfigurations are widely regarded as the top cloud vulnerability.
There have been numerous cyber attacks in recent years due to security misconfiguration being the primary cause. In 2021, Nissan, a Japanese multinational automobile manufacturer, had some source code leaked online due to the misconfiguration of a company Git server. Earlier, in May 2020, Mercedes-Benz experienced a similar breach. The Atlassian JIRA data exposure incident in 2019 was one of the most significant exploits of a misconfiguration. Another example of an incident due to excess privileges was Shopify’s 2020 breach.
Data breaches are also increasingly damaging to companies due to increasing data privacy laws, financial penalties and consumer activism. Companies in Singapore can now be fined up to S$1M or 10% of annual revenue if the annual turnover exceeds S$10M. In 2021, 104 Singapore companies were fined a total of S$2.68M, before the increased fine framework was introduced in October 2022. Companies that collect or process the personal data of residents of the EU also must comply with the regulations set forth by the GDPR. GDPR fines are much more severe – depending on the severity of the infringement, it can be up to 4% of annual worldwide revenue or €20 million, whichever is greater.Sample data assessment report
Heron’s new services will help companies prevent attacks due to security misconfiguration and avoid punitive measures under the PDPA and GDPR. The service will also support companies aiming for MAS TRM, ISO27001, HIPPA and other compliance and regulatory requirements.
More details of this service are available in the brochure.