Home // International Journal On Advances in Security, volume 15, numbers 3 and 4, 2022 // View article

Attack Surface Reduction to Minimize Private Data Loss from Breaches

Authors:
George O. M. Yee

Keywords: attack surface reduction, minimizing data loss, data breach, private data loss, B2C e-commerce

Abstract:
Organizations are increasingly being victimized by breaches of private data, resulting in heavy losses to both the organizations and the owners of the data. For organizations, these losses include large expenses to resume normal operation and damages to its reputation. For data owners, the losses may include financial loss and identity theft. To defend themselves from such data breaches, organizations install security controls (e.g., encryption) to secure their vulnerabilities. While such controls help, they are far from being fool proof. Reducing the attack surface is a sound core approach for protecting valuable data. This paper applies this reduction to minimize the data loss from e-commerce data breaches. The paper first examines the behaviour of Business-to-Consumer (B2C) e-commerce companies in terms of why they collect and store personal data. It then applies attack surface reduction by limiting the amount of private data that the company stores in its computer system, while preserving the company’s ability to accomplish its purposes for collecting the private data. The paper illustrates the approach by applying it to different types of B2C e-commerce companies.

Pages: 41 to 51

Copyright: Copyright (c) to authors, 2022. Used with permission.

Publication date: December 31, 2022

Published in: journal

ISSN: 1942-2636