How do organisations know their data is secure? And how can companies ensure that a network breach won’t result in a loss of sensitive data? The consequences of a data breach are potentially disastrous for any organisation, so companies need to be reassured that their data is secure at all times in line with any internal and external compliance needs – and that they have the tools and visibility to prove this, should a network breach occur.
With 78% of IT security leaders lacking confidence in their company’s cybersecurity posture, now is the time for organisations to focus on applying a ‘Zero Trust’ approach to their cybersecurity strategy. In doing so, security professionals acknowledge that they cannot trust the security of their underlying infrastructure and therefore implement controls from a data assurance perspective, placing emphasis on protecting their sensitive data, irrespective of where this data travels within the network. And for those CISO’s and CSO’s who are solely concerned with their network security, they need to reconsider and focus on their data security.
Security professionals should be taking a proactive approach to their organisation’s cybersecurity and should always be considering how they can better protect their most valuable asset – their data. With this in mind, Paul German, CEO, Certes Networks, outlines how data assurance is a mindset that security professionals need to adopt in order to be confident that their sensitive data is protected at all times.
Increasing Threats
Cyber attacks are increasing dramatically and by its very nature, sensitive data is an incredibly valuable asset and one that is frequently targeted. Last year, 37 billion data records were leaked at a staggering 140% increase year on year. Surely there are measures that companies can take to prevent this growing breach of data.
However, on average only 5% of company files are properly protected – a surprising statistic considering the vast implications of a cyber attack. Furthermore, malicious hackers are now attacking computers, networks and applications at a rate of one attack every 39 seconds.
Clearly, cyber attacks and consequent data breaches are an epidemic and organisations need to put the appropriate measures in place in order to protect their data and their business. Ultimately, companies need to adopt a data assurance strategy aligned to business intent so they have the right tools and security posture in order to be in the best position when it comes to safeguarding their most valuable asset against cyber criminals.
The Consequences
When a cyber attack occurs and an organisation loses the sensitive data they have been trusted with, there are significant consequences. Of course, the obvious economic repercussions are enough to make any business concerned, with the average cost of a data breach being $3.86 million as of 2020.
However, it is not just a data breach, but a breach of trust. Additionally, losing a client’s sensitive data damages a company’s reputation and organisations could even be facing legal action, especially if they breach regulations such as GDPR, HIPAA or CJIS. The fact is that businesses are fined for a loss of data because they are not compliant with specific laws over the use of sensitive information – not for a network breach.
By looking at cybersecurity from a data assurance perspective, security professionals have the capacity to bypass these damages by protecting their data from the outset, rather than waiting for an inevitable breach to happen before implementing data security measures. There is no reason for businesses to put themselves in a vulnerable position when they have the ability to effectively avoid the consequences of a data breach altogether.
Data Assurance
When businesses consider their cybersecurity strategy from a data assurance perspective, they are directly focusing on their data security and ensuring that they have the necessary outputs in place in order to prove at all times that their sensitive data is protected according to their business intent.
Through understanding their business intent, organisations adhere to specific objectives that they have defined in order to protect their data and mitigate associated risks. By adopting a Zero Trust approach to their cybersecurity posture, companies can achieve the separation of duties that cannot be met when security protocols are tied into the network infrastructure. With a secure overlay that is agnostic to the underlying network infrastructure, security teams can have total control of their security posture. This means that should an incident occur, the required controls are in place and functioning and security professionals can easily prove that their main priority, which is their sensitive data, is safe.
Additionally, with regulations over how organisations can handle data continuing to evolve and change, companies need the mechanisms in place to be able to proactively react to any developments in regulatory compliance requirements. By implementing policies that match evolving compliance requirements and by putting data at the forefront of any cybersecurity strategy, organisations can be secure in the knowledge they are observing these rules and regulations and won’t fall victim to their data being compromised.
Companies need to seriously consider implementing the right controls in order to make sure their data is protected and by focusing on their cyber security strategy from a data assurance perspective, they can ensure that they are emphasising the protection of their most valuable asset.
Paul German, CEO at Certes Networks
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.