Cybersecurity in digital asset management (DAM)

August 8, 2023 Ricky Patten

DAM security

In today's digital landscape, cybersecurity has become a critical concern for businesses and individuals alike. With the increasing reliance on digital asset management in Australia, it is imperative to prioritise the protection of sensitive information and assets from cyber threats.

As technology continues to advance, so do the methods employed by cybercriminals. From data breaches to ransomware attacks, organisations face numerous challenges in safeguarding their digital assets. However, with the right cybersecurity measures in place, businesses can mitigate the risks and ensure the confidentiality, integrity, and availability of their digital assets.

Take any contemporary course on Risk Management and Cybersecurity where the current cybercriminal activities are discussed, and you will be astounded as to how highly sophisticated these industries have become. If you thought the government was behaving in a big brotherly fashion by collecting data about you, think again - the cyber criminals have amassed a far greater trove of data about everyone who has ever used the internet.

Have you seen those reports where re-use of the same password by people on multiple different logins lead to more than 50% of all cybercrimes? This is because the cyber criminals have huge investments in databases and tracking systems to collect just about everything that ever takes place on the internet.

Now just imagine what the implications would be if photographs of all your employees, students, lecturers, customers, business partners were to fall into the hands of cyber criminals! What if that was shown to be the fault of your organisation!

Cybersecurity for digital asset management is needed to protect customer and employee personal information. One of the biggest threats to privacy is information aggregation. Not to be confused with aggregate or summarised information. Information aggregation is the assembly of a portfolio of information from a number of different sources. 

Almost all digital asset management solutions contain images of people. In my estimation, I would say that between 60-80% of all images and videos stored in DAMs have people in them. After all we know that the celebration of our culture and community is one of the most rewarding activities that we can undertake. Who does not love a good-looking selfie!

With the rise of highly efficient facial recognition just about any image of a person’s face can have a name placed to it (if there is some context to that image). If we were all good, honest people then this would be a truly wonderful thing … but we aren’t.

Exploitation of images of people using AI powered facial recognition can be key to the strategy of large-scale cybercrime. Even large organisations like Facebook have been forced to shut down their facial recognition capabilities due to “many concerns about the place of facial recognition technology in society” (Jerome Pesenti November 2021).

If your DAM has images of people in it, then you need to take immediate steps to ensure that this content does NOT become a source of information aggregation by cyber criminals, posing a threat to the privacy and confidentiality of your employees, students, lecturers, customers, business partners.

Compliance, compliance, compliance ….

The buzz word of Australian IT in 2023 is compliance. Compliance refers to the cybersecurity credentials of an organisation and its ecosystem of users, customers, and suppliers. Simply put - rather than every organisation carrying out its own examination and evaluation of every system - instead the credentials of a solution to provide appropriate levels of security and confidentiality can be assessed based upon the compliances that are associated with it.

The process of compliance is regulated by auditors, who conduct an impartial examination of an organisations processes and procedures in comparison to industry standards of acceptability. The auditing and issuing of compliance certificates are a well-structured and organised endeavour in Australia and New Zealand, with a high level of certainty that if an organisation has the appropriate compliance certificates in place, that they are indeed trustworthy … and if they don’t you should think again about whether your data is safe.

You should make sure your DAM solution is provided by an organisation that adheres to Australian / New Zealand levels of compliance. They should have a compliance or security page on their website that clearly explains their policies regarding cybersecurity and risk management and which compliance certificates they hold or are undertaking. If this information is not on their website, ask them directly for an official statement regarding their cybersecurity and risk management compliance.

Big question, which thankfully has some pretty simple answers.

In Australia and New Zealand the accepted standards are those issued by the International Organisation for Standards, abbreviated to ISO.

ISO covers many areas of operation, the appropriate cybersecurity and risk management standard is ISO27000 and compliance is gained by meeting the ISO27001 standard.

JASANZ accredited auditors can issue ISO27001 compliance certificates upon an organisation successfully completing an auditing process.

There are many other compliance standards globally. The other main standards organisation to take note of is NIST, National Institute of Standards and Technologies. NIST is a USA organisation, although not official accepted in Australia and New Zealand, NIST will give you the same level of assurance as ISO.

Then the final acronym you need to take note of is SOC 2. SOC 2 is a set of security and privacy standards for service providers that handle customer data, typically within the context of a vendor supplying SaaS solutions to their customers. In simple terms, SOC 2 is the compliance that you should look to your vendor having attained for the solution that they are offering you.

In summary, in Australia and New Zealand, you should ensure that your suppliers are achieving suitable ISO compliances, for example ISO27001 for cybersecurity. This will ensure that your suppliers, themselves, are operating in a secure and confidential manner and are qualified to provide you with a secure business relationship. You should then expect that the solution(s) that they are providing you have attained SOC 2 certification. This then qualifies the solution itself as safe for you and your organisation. 

Read our article for detailed information on SOC 2 and what it achieves.

I’m glad you’ve stuck through with me this far into Cybersecurity and DAM. By mid 2022 the databasics team foresaw that cybersecurity and how it related to DAM would be a major factor for our customer base in Australia and New Zealand. This year (2023) I have undertaken a re-education program in risk management and cybersecurity, so that I can take databasics through ISO27001 and ISO9001 cybersecurity and quality compliance respectfully. I have found this process to be fascinating and in no way the dry and highly technical as compliance and certification is often ascribed.

What I have understood far more than ever before is the enormous confidentiality and privacy concerns that a DAM solution presents to an organisation. Gone are the days when, as a DAM consultant, I would say that the average content held in a DAM is of a low security profile.

I am glad to say that with this new knowledge and the help of cybersecurity consultants, service providers, certified auditors, and a supplier of highly compliant and extremely safe DAM solutions; databasics is strongly placed to provide the Australian and New Zealand marketplace with appropriate secure solutions.

If you have any questions, feedback, or concerns feel free to contact me.

Ready to learn more?

Share This: