Improving Data Security and Preventing Data Breach

Arjay Hagid
Art Louise
Inigo Aldrich
Anthony D. Tabon

Sep-2022

 
PROBLEM

The COMELEC is the primary government agency charged by the Constitution with enforcing and
administering all laws and regulations governing regular and special elections. It is a body that is
constitutionally separate from the executive, legislative, and judicial branches of government to ensure
free, fair, and honest elections. In addition, the constitution grants fiscal autonomy to the COMELEC,
allowing it to operate effectively, efficiently, and independently of political interference. 

However, On March 27, 2016, hackers operating under the banner "Anonymous Philippines" defaced
the website of the Philippine Commission on Elections (COMELEC). The hackers left a message urging
tighter security measures on the vote counting machines (VCM) to be used in the May 9 general election
in the Philippines. Within the same day, a separate group of hackers, LulzSec Pilipinas, posted an online
link to what it claims is the entire COMELEC database and updated the post to include three mirror links
to the database's downloadable files index. LulzSec Pilipinas' leaked files total 340 gigabytes. The
incident was deemed the largest private data leak in Philippine history, putting millions of registered
voters in jeopardy. According to Trend Micro, 55 million registered voters are at risk as a result of the
data breach, potentially outnumbering the 20 million people affected by the Office of Personnel
Management data breach.

And on May 28, 2020, the National Privacy Commission ('NPC') stated the reported hacking of PLDT
Inc.'s Twitter account. The NPC specifically stated that it has breach notification protocols in place that it
expects companies to follow, and that it was awaiting the official report on the incident from PLDT.
Furthermore, the NPC stated that if the incident poses a real risk to data subjects' rights and freedoms,
PLDT will be required to notify the subjects affected so that they can take the necessary precautions to
protect themselves from potential consequences.
And another incident of data breaches at Far East University, San Beda University, and Polytechnic
University of the Philippines. On June 18, 2020, hackers attack the three Manila-based schools, leaking
thousands of students’ personal information. 
SOLUTIONS
The main reason why the three examples of a breach problem had come to be is that, as the hackers of
the COMELEC Anonymous Philippines had left note of, the security measure of the of all three are
lacking in both discipline and development. Even though the PLDT problem had receive a quick
response, it was still bad to begin with as the account was still hack.
The possible solutions/advice that can be given to prevent further hacking from happening are plentiful
in ever changing world of networks, but the following advice of a solution will make do for now.
1. Firstly, in the case of an organization, is to caution and educate employee/co-workers. As
ignorance and the lack of care is the primary reasons why hackers can enter a system.
2. If possible, turn everything private and in different system while also having a second system
that will just have posted information something like an announcement and others. The second
system would become the dummy, so to speak.
3. Keep updating security, as sometimes an old access might had been leak and in the hand of
others. Having the security update all the time make it so that any previous leak wouldn’t of any
use later.
4. Related to “Updating Security”, if possible, have someone that works for the group to try and
hack the updated system and look for vulnerabilities. Keeping checks of any weakness leads to
strength after all.
5. Always have a Data Backup. Often times hackers are malicious enough that they would corrupt
or delete everything that was in the system, that is why backup is always come in handy.
6. Just like in number 2, restricting outside interaction with the “sensitive” system helps keeping
the system itself a secret. Nobody would hack something that they don’t know that exist.
7. Keep personal information private. Birthdays, favorite numbers, colors and anything else
related to oneself. All that can be use in figuring out the access scheme of a system or account.
8. Check for loopholes in the system as those can become a literal access hole for the hacker.
9. Block any unauthorized contacts and messages. As those can carry viruses that’ll help in
breaching the system.
10. Make sure that the system itself doesn’t have any integrated virus. As sometimes a virus can
change itself to fit in and make it look like it was part of the system all along. If left alone, this
kind of virus would be always updated to what was happening. It would become an “inside
man” for the hacker.
OUTCOMES
The observation leads the researcher to dive into the outcomes in reality, organization and government
sectors don’t do as much as they should because they can’t due to the rules and regulations they must
follow. Hackers have only one rule: Don’t get caught. Other than that, it’s anything goes to complete
your goal. When your hands are tied by government rules and regulations, it’s difficult to stop those that
aren’t.
Then take into account that hackers have always been a part of the counter-culture movement and are
relatively "anti-establishment". Big time hackers are also genuinely intelligent/analytical people, these
types of people analyze everything and believe all problems can be solved with "Solutions" and those
people tend to be idealists. Idealists become disenfranchised with the world when they see that
problems don't get solved because people choose self-serving selfish choices rather than the solution
that solves the problem for the greater good. This is especially true for teenagers. Who's in charge of
making most big decisions? The Man, so government is an obvious target. An egotistical idealist with
skills, power, time and most importantly a purpose will be difficult to stop.
Then there is also state sponsored hacking/espionage which may in fact be the most prolific type of
hacking, for gathering information about your competitors. On the nation state level it's all about power
and making power plays and knowledge is power, especially knowledge you aren't supposed to have
access to.
CONCLUSION

It is noticeable that people who are labeled as "Hackers" are always seeking for the loopholes of the
websites where they efficiently passed all the security filters and do the things they actually want. It was
just because of tiny bug and lack of updated codes and queries system become slower and unprotected
too, through this an organization and government sectors doesn't fix this all things will suffer from lots
of difficulties.

In conclusion, the general solution would be; Keep a backup of essential data in offline storage. It does
not matter how secure your system is if hackers can break into the system and get the data. Having an
offline backup will protect your data from being compromised; Try to keep your network and systems
updated; and install all the latest updates to keep your systems secure. Keep strong firewall protection
in place.

The hackers are always one step ahead of us especially organization and government sectors. They
always try the newest and most sophisticated ways to hack and find the loopholes in the security.
Keeping them out is not an easy task. But there are bunches of tips that would be helpful keeping the
data safe and secure.
RECOMMENDATION 

To minimize loopholes in the system, the organization and government sectors should update and
maintain their security system on regular basis. Then, an organization and government policy should be
developed to address both the prevention and detection of fraud. Security and fraud awareness training
should be provided to employees to make them aware of any suspicious activity in the system and to
keep them safe when using the internet at home or work. Standard Operating Procedures for following
up on alerts and red flags should also be developed. Duties should also be separated among those
responsible for maintaining the security system, servers, and information assets. Finally, organizations
should consider what information about their customers they should and should not keep. Target has
been chastised for retaining the credit card PIN.

REFERENCES

https://www.privacy.gov.ph/2020/05/official-message-from-privacy-commissioner-raymund-enriquez-
liboro-regarding-the-reported-hacking-of-pldts-twitter-account/
https://www.dataguidance.com/news/philippines-npc-publishes-statement-pldt-data-breach
https://comelec.gov.ph/?r=AboutCOMELEC/OrganizationalInfo
https://en.wikipedia.org/wiki/Commission_on_Elections_data_breach