Data Protection Day: is it time to step it up?
In today’s digital age, data is the lifeblood of an organisation. However, many organisational stakeholders remain unaware about how to properly protect their company’s valuable data - which leaves the door ajar for cyber attackers.
With data breaches, leaks and hacks proliferating the news each week, Data Protection Day serves as a timely reminder that organisations are the custodians of our private information, and that they must do everything in their power to protect our data from misuse and unauthorised leaks.
The importance of building data protection more prominently into all levels of business cannot be underestimated. With this in mind, this Data Protection Day, we spoke to a range of cyber experts to understand how organisations can make data protection a strategic priority in 2022, and beyond.
The changing world of work
Protecting data has become more complex during the pandemic with the majority of businesses moving to hybrid or remote office models. Terry Storrar, Managing Director at Leaseweb UK, highlights, “there are now a myriad of external and internal security threats to address, including new vulnerabilities resulting from security gaps in the rapid-fix infrastructures that were put in place to enable home working in the first lockdown.
“Now that remote working is here to stay for the longer-term, it is important this Data Protection Day for companies to review their security structures and practices to ensure data is not exposed to threats that could cause significant damage to reputation and hit profits.”
“The premise of ‘work anywhere, anytime’ has increased the overall threat landscape over the past two years as a huge proportion of the global workforce worked remotely, often outside of their corporate networks,” adds Stuart Abbott, Area Vice President & General Manager of UK & Ireland at Commvault. “This dramatically increases the number of potential entry points for bad actors to access your files and, with many storing files locally and working offline, there is a greater risk of shadow IT and files not being backed up. It is crucial that companies implement an effective data protection solution to deny unauthorised access and ensure fast recovery of lost data should the worst happen.”
A question of access
“Limiting access to mission-critical internal data on a "business need to know" basis will also enable organisations to prioritise threats and address them more effectively.,” urges Neil Jones, Cybersecurity Evangelist at Egnyte. “Modern businesses can’t have effective data governance and security programmes that consist of a single person, and historically, far too many companies have relied on the CISO’s or CPO’s efforts alone. Cyber security needs to be an all-hands company effort."
“The adoption of collaboration tools has skyrocketed as companies try to ensure that productivity and efficiency remain high, whether in a remote, in-office, or hybrid work environment,” furthers Dottie Schindlinger, Executive Director at Diligent Institute. "Many of these tools are general-purpose solutions that meet the requirements of employee communication and collaboration well enough. But they may not be appropriate for the top layer of your organisation — the board and executives.”
"Organisations need secure environments and workflows that allow the board and executives to communicate highly sensitive information safely, without worrying that it might accidentally be misrouted, forwarded, leaked or even stolen,” she adds. “And, the system must be intuitive and convenient, so executives remain within its workflows and processes without straying to other systems and creating security gaps."
Digital transformation has accelerated
Data has always been a goldmine for businesses, but it’s now become more critical to the success of digital transformation strategies. “In the days of on-premises, we could tangibly understand where data lived and so it was easier to protect,” reflects Paul Calatayud, Chief Information Security & Privacy Officer at Aqua Security. ”Today we are moving at the speed of cloud, which has created new situations that we’ve all had to adapt to. Under threat from all lines of attack - from external cyber adversaries to insider threats, to supply chain security attacks - security must never slip, and data must be kept safe and secure up and down the stack.”
“One of the best ways to promote safe practices is to implement a robust corporate data security policy,” notes Steph Charbonneau, Senior Director of Product Strategy, Data Security at HelpSystems. “This should lay out in no uncertain terms an organisation’s cybersecurity measures and encourage good cyber hygiene amongst all employees. This document should also be regularly re-evaluated and updated to combat new threats as and when they arise.
“At its most basic level, the end goal of any data security policy should be to secure data throughout its entire lifecycle. This can cover a variety of things, from protecting personal devices (especially important in the BYOD era) to identifying and classifying data. A robust data security policy should cover the specifics of how data will be collected, how it will be kept safe, and what is done with data when it is no longer needed.”
“This year, news stories about security vulnerabilities that have exposed private data have brought the issue of enterprise API security and management into sharp focus,” furthers Liad Bokovsky, Senior Director of Solutions Engineering at Axway. A recent consumer survey conducted by Axway showed that more than 50% of UK consumers would never do any business with a company that has previously reported a cyberattack or data breach.
“Thriving and surviving in today’s hyper-connected economy increasingly depends on having sufficient API maturity in place to ensure that anything connecting to an organisation’s servers – devices, apps, customers – is managed appropriately to keep APIs, customer data and the company’s reputation safe,” Bokovsky adds.
The rising cost of ransomware
It is estimated that by 2031, ransomware is expected to attack a business, consumer, or device every two seconds. “Ransomware attacks are here to stay as they continue to rise in both volume and severity and as cybercriminals keep developing new and unexpected methods to encrypt data,” highlights Avi Raichel, VP of Zerto GTM, a Hewlett Packard Enterprise company.
“Since no single solution can offer protection from ransomware attacks with 100% certainty, having a disaster recovery and backup solution based on continuous data protection (CDP) offers companies the ability to be resilient in the face of potentially catastrophic circumstances. Companies using CDP can resume operation at scale in minutes and recover to a state a few seconds before an attack. Ultimately, having continuous data protection will put the power back in the hands of the organisations who are prepared.”
“Right now, information exfiltration via ransomware and insider threat seems to be rampant,” furthers Gorka Sadowski, chief strategy officer at Exabeam. “The security community must better work together and prioritise innovation and collaboration above competition to fight our shared cyber enemies.
“As global ransomware payments skyrocket, it proves that cybercriminals are willing to collaborate and pool resources with other threat actors to develop new ways to breach organisations around the world. Our greatest hope in defeating such highly coordinated cyberthreats is to become united in fending off their multifaceted attacks. To that end, I’m pleased to see governments finally mobilising against cyber adversaries to prevent devastating consequences on companies in both the public and private sectors.”
After all, living in a data-driven world, personal data is shared every second - when at work, travelling, online shopping or simply browsing the internet. Gregg Mearing, Chief Technology Officer at Node4, concludes: “It is crucial that data protection is taken seriously - a data breach could have a huge impact on an organisation's reputation. It is the responsibility of every organisation to continually raise its game in making an active, long-term commitment to secure the data it holds.”