Authored by Rahul Kumar, Country Manager – WinMagic India Pvt Ltd.
What’s the risk?
Today, we live in an era where businesses are continually crippled by data breaches. With each passing year, we witness a new type of threat or malicious attack. From Heartbleed, a security flaw, to Anthem breach that exposed personal information such as birthdates, social security numbers, addresses, phone numbers and employment information from the second-largest health insurer in the US. It’s evident that no organization is safe when it comes to data hacks. However, data security within any organization, along with new advanced technologies, software defined storage and better training can be established easily.
It’s important to invest time and money in data security initiatives in order to not only protect one’s business but also increase customer service and brand reputation. According to a recent Gartner report, the market for content-aware data loss prevention solutions continues to grow at more than 20 percent year over year. Yet the report also notes that many organizations are struggling to establish appropriate data protection policies and procedures for mobile devices as they interact with sensitive corporate data.
A Wake-up Call
Given today’s evolving threat landscape, it’s understandable that organizations want to take a proactive approach against threats, create a continuous compliance environment, and have responsive IT operations processes. They want to reduce risk exposure and the attack surface, detect and respond to advanced threats, and drive down security operations costs.
The fact is a plethora of pressures/challenges hamper an organization’s ability to fulfill those objectives. Drawing from conversations, there are various key challenges that organizations must address in order to optimize their security and compliance programs. Here are a couple of challenges that are faced by organizations:
Security and Technology Evolution
With advanced technology, security too has to evolve in order to meet today’s sophisticated threats and evolved hackers. No doubt, the solutions used last year, or the year before, need to be re-assessed, to adapt and accommodate the current and future needs of organizations to deal with ever evolving threats.
Organization/Employee Skill gaps
One of the contributing and alleviating factors in rise of breach is the skills gap. This problem poses a serious risk to an organization. If security top level executives don’t fully understand the nature of their business and the importance of security and business personnel, there are chances that they can be disgruntled or ignorant while dealing with sensitive asset which will hamper their ability to reduce threats and mitigate risks.
Impact of Malicious Attack or Data Breach
Regardless of size and sector, cybercrime continues to escalate in frequency, impact and sophistication and threatens enterprises. A data breach or intrusion can cause an organization to lose the trust of customers and reputation value. The reputational damage suffered by companies who fail to protect personal data can translate directly into a loss in revenue.
According to the The Ponemon Institute study, an alarming 85% of respondent businesses admitted that they have experienced a data security breach. Despite the frequency of such security failures, 46% of businesses failed to implement encryption solutions even after suffering a data breach.
Alarming Growth in End-Points
The connected devices and assets introduce an incremental scaling problem that dwarfs most of our earlier security and compliance models. The effort needed to secure so many devices can surely drive up security operations costs and stretch any organization’s ability to make sure each device is compliant with industry standards.
Role of encryption and security in next gen of mobile networks
In the next generation, technologies like LTE (Long Term Evolution) provide speeds that allow carriers to offer a number of business-specific applications and services, for example video conferencing, in-office connectivity, uploading and downloading large files, etc. In addition, it also provides gaming, downloading movies, music and other wireless applications that bring a desktop experience to users’ wireless devices. These new technologies demands that security functions should be optimally and efficiently embedded into the overall system.
If security practices are automatic and deeply embedded into the infrastructure—making them as transparent as possible to administrators and users—compliance can be ensured and corporate assets can be protected against potential vulnerabilities that arise in complex networks with multiple devices and platforms.
The Secret for Protecting Data
The above mentioned challenges are not going away soon. It’s a high time for organizations to adopt the changes/trends and going forward includes data security to manage and mitigate the escalating security, compliance an operational risk. Below is a list of best practices that an organization can take to protect themselves:
Develop a holistic data protection strategy
Perform an audit to keep this data out of the wrong hands
Encrypt all data whether at rest or in transit
Key Management to detect anomalous behavior, such as rogue self-signed certificates
Have a BYOD Policy in place so that they don’t become a source of data breaches or security leak
Monitor activity and stay up to date on threats
Limit Access to secure sensitive data
Software Updates to make your system more secure.
Train Employees on application of the policies that are put in place, and understand that they are accountable
It’s high time to take targeted attacks and advanced persistent threats seriously. Avoid becoming the next major data breach story by taking action and initiative with your data security and protecting what’s valuable to your organization. With careful planning and equal investments in people, process and technology, one can stay ahead of threats while reducing complexity and compliance costs.