In 2023, personal data is already being generated at an unprecedented rate, with almost every online activity developing some form of metadata. For organisations, this poses not only an opportunity but a threat, with the value of this data acting as a magnet for cyber-criminals.
Data Protection Day serves as a stark reminder to companies to review their data security systems and look for ways to evolve, become more resilient, and, ultimately, build trusting relationships with their customers. To coincide with this day, Cyber Protection Magazine spoke to eleven experts in the tech industry to gather their insight into how to best protect your data.
Suffering from an identity crisis
Today of all days, is a reminder that protecting your online identity is crucial, and multi-factor authentication is an essential component to ensure that sensitive information is kept safe.
“The bottom line is you can’t have truly effective data protection or privacy if you are using passwords, which for most organisations is still the case,” warns Jasson Casey, Chief Technology Officer of Beyond Identity. He continues: “The FIDO Alliance (Fast IDentity Online) has developed standards to combat the acute vulnerability posed by passwords, and FIDO-based solutions are now recommended at the highest levels of government. If you want to eliminate the risk of a breach, you need these foundational systems in place. Passwords and weak MFA act as a doorstop rather than a padlock. Organisations need to focus on passwordless authentication and phishing-resistant MFA if they are to finally shut the front door.”
On the same note, Matt Rider, VP of Security Engineering EMEA at Exabeam, emphasises that “part of having strong data protection measures in place involves knowing where your data is stored and who is accessing it at any given time. IT teams can use tools such as User and Entity Behaviour Analytics (UEBA) to monitor these patterns and learn what a normal day looks like for their organisation when it comes to the data flowing within it. If access is attempted by a malicious actor – whether internal or external – the IT team can be alerted to this anomaly and work quickly to shut down systems and prevent the attacker from digging any deeper.”
As Raffael Marty, EVP and GM of Cybersecurity at ConnectWise, summarises, “thinking about cybersecurity issues, passwords, multi-factor authentication, clearing browser caches, keeping software up to date, and the like, might not be much fun. Still, even less fun is having your personal information or the information of your school or workplace compromised to detrimental or catastrophic effects.”
Cloudy with a chance of security breaches
The growth of the cloud and its integration into on-premises architecture shows it’s crucial to ensure the security and privacy of data, as breaches can have severe consequences for individuals and organisations.
Terry Storrar, Managing Director of Leaseweb UK confirms: “As more and more businesses turn to the cloud, the priority for 2023 should be ensuring that the data held within – and transferred between – these platforms is secure. “Data Protection Day is a great opportunity to take stock of how secure your data really is. And, for those who have entrusted their data to a cloud hosting provider, the day should serve as a reminder to choose carefully and ensure your provider is willing to go the extra mile to secure your data.”
“The cloud has had a profound impact on the development of new applications and the generation of data.” Assaf Morag, Lead Data Analyst at Aqua Security, began. “However, with this increase in data storage and processing also comes the need for heightened attention to data security and privacy. Breaches can lead to identity theft and financial loss for individuals, and can damage the trust of customers and lead to legal and financial consequences for organisations. It is essential for both individuals and organisations to take proactive measures to ensure the security and privacy of their data in the cloud.”
Compliance remains complicated
On Data Protection Day, organisations are reminded of the importance of compliance monitoring, and the role legislation plays in protecting personal data. Organisations must stay updated with laws such as GDPR and DORA and implement policies to meet these requirements to remain protected.
Jeff Sizemore, Chief Governance Officer at Egnyte, agrees that organisations should pay greater attention to data regulations: “There’s no time like the present to prepare for these business-impacting regulations, especially with more on the horizon. Organisations can take proactive steps like keeping data privacy policies up-to-date and gaining visibility into structured and unstructured data. Ultimately, companies that respect data privacy and understand the short- and long-term benefits of compliance will be well-positioned for the future.”
Craig Adams, Managing Director for EMEA at Protecht, surmises: “As the world becomes increasingly interconnected, the best way for organisations to protect their data is ensuring an integrated governance, risk and compliance (GRC) approach, championing good digital hygiene for everyone who has access to the company’s data – internally or externally. By getting your organisation prepared to withstand an attack ahead of time, through continued monitoring of your digital ecosystem, effective compliance and resilience planning, your business will be better prepared for future threats.”
To whom does the responsibility fall?
For many, understanding their role in data protection is a huge priority. However, as the responsibility and security of personal data continue to shift between the hands of the government and that of the individual, there needs to be more certainty about what can be done.
Michael Queenan, CEO and Co-Founder of Nephos Technologies, concurs: “In the current day and age, ‘personal data’ has become something of an oxymoron – it’s anything but ‘personal’. We don’t own our data, and we have limited control over what happens to it. Generally, the onus of responsibility on how to use, protect, sell and leverage our personal data lies with big companies and government institutions.”
Whilst this can be the case, Hugh Scantlebury, CEO and Founder of Aqilla, highlights how small steps can be taken to improve data security: “Even the most simple steps can have a huge impact in staying safe online. It is really important to educate your workforce and associated stakeholders in maintaining vigilant behaviour that minimises risk, such as not opening any emails, links or attachments that come from unknown or untrusted sources, no matter how curious or of interest they might appear. It should be the responsibility of everyone in an organisation to understand how to isolate content for safe bona fide review.”
Andy Bates, Practice Director – Security at Node4, concludes, “there is no one-size-fits-all solution to data protection. It is an ever-evolving process that constantly needs to be monitored and adjusted. As a starting point, most organisations already have a good first defence in their employees, who can act as a human firewall and stop potential threats in their tracks.”
However, Bates goes on to forewarn that “even with employees who are super vigilant, and the best security testing and monitoring in place, cyberattacks continue to innovate, finding more sophisticated ways into an organisation’s network. And so the final part of every data protection solution should be disaster recovery and backup.”
Pingback: Cybersecurity and data privacy are not the same thing - Cyber Protection Magazine