Zhenhua Data Leak: Prompts the Alarming Data Vulnerability Scenario

Zhenhua, the word may sound like a tongue twister, but it is recently giving sleepless nights to many important personalities across the world, including India. As per the latest report, a China-based tech company, Zhenhua Data Information Technology Co. Limited is spying on the personal data of more than ten thousand important personalities in India and abroad.

The List of People being Spied On: It’ll Send Shivers Down Your Spine

The list seems surprising to everyone as it includes names like India Prime Minister Narendra Modi, President Kovind, and the God of Cricket Sachin Tendulkar. The list is huge and includes many big names from the opposition parties in the centre, state chief ministers, bureaucrats, national advisors, chiefs of the Army, Navy and Air Force, etc. The long list of personalities being snooped on by this China-based technology company is keeping the Indian security agencies quite busy for the last couple of days.

Another Blow to the Indo-China Relationship

Zhenhua, a Shenzen-based data information technology company has confirmed its links with Chinese military and security agencies. The company is mining important information about top Indians and adding fuel to the dubious intentions of Chinese intelligence against its neighbouring country.

Is the Fear of Hybrid Warfare Coming True?

 The database with Zhenhua includes many world entities from all major countries, irrespective of their current state of alliance or enmity with China. Big names from countries like Untied States, United Kingdom, Australia, Canada, Japan, Germany and the UAE clearly indicate that the Chinese government is aiming for a much bigger tension across borders and seas.

Not Just Individuals, But Organizations Made to the List Too

The leaked database, created by Zhenhua, shows the interest of Chinese Intelligence in the recent dealings of Australia’s space and science sector with the NASA lab in California. China’s intelligence service is not just interested in the movement and activities of famous personalities but is also spying on the movement of goods as international dealings.

What’s more sinister is that Zhenhua has been misusing artificial intelligence tools to monitor private records. These include your social media habits, bank statements, job interest etc.

Much of this data is securely stored over a company’s devices and server, inaccessible to outsiders. But if the Chinese have already laid their hands on such personal data, we can’t even imagine the scope of data breach we might be staring at.

Indian Government Agencies Need to Beef Up Their Cyber Security

This incidence has raised another question – how uptight is our data security measures?

Are we conducting enough security testing to address cyber threat exposures and vulnerabilities?

With cybercriminals making repetitive attempts to breach networks, government agencies need to have better visibility of their security loopholes. Services like VAPT and unified data protection have become the need of this hour to perform 360-degree vulnerability assessment through manual and automated means.

Speaking specifically about VAPT, it consists of two processes: Vulnerability Assessment (VA) and Penetration Testing (PT).

Most importantly, VAPT services provide on-going guidance and advice by experts to address cybersecurity risks. It also involves penetration testing to figure out any vulnerability in systems, applications and the overall IT infrastructure.

These are the following types of VAPT tests for organization:

• Internal and external infrastructure testing
• API security testing
• Wireless testing
• Firewall testing
• Mobile security testing

These tests combine to give companies an accurate assessment of their system security, and suggest steps to mitigate any potential risks.

The Privacy Debate is ON

The leaked database includes 2.4 million people! This has prompted an important debate, ‘is all information about an individual exposed online?’

This is where VAPT steps in as a defence shield. It is an essential network security tool for SMEs as it goes beyond than conventional firewall and antivirus solutions. It highlights all the gaps in your system that may sore to become sources of data breach.

One this is for sure; this is not the only organization involved in information-spying activities. There must be many such agencies out there, operating from different locations.

We at Techjockey believe that prevention is better than cure. Our approach to VAPT has been centred on motivating organizations to anoint VAPT in their cybersecurity strategy. This ensures that hacking attempts such as phishing and malware attacks can be subdued at a nominal cost. Therefore, it’s time for the individuals and organizations to start taking actions!