As Data Protection Day, Security experts from Intel Security, Netskope, Micro Focus and Intralinks wanted to share the following industry insights into the importance of continued education / awareness building around cyber threats and data security.
Raj Samani, CTO for Intel Security EMEA:
“As a society, we continue to be in a state of conflict when it comes to data. On the one hand, we’re often outraged over regular news around data breaches, while on the other hand we think nothing about trading our identities for a chocolate bar or less, often volunteering intimate data such as medical or financial information. In 2016 we’re only going to further see the exploitation of people’s data and the expansion of what we call the ‘data economy’, especially as the Internet of Things becomes part of our day-to-day lives with smart homes fast becoming a reality. Data Privacy Day serves as a reminder for us as a society to wake up to the fact that what an organisation knows about us is among its most valuable and marketable assets. It’s time we stop declaring ourselves ‘data bankrupt’ – what we’re doing when we assign zero value to our information, buying patterns and preferences.
When we think about our data and where it’s going, who is using it and what we’re giving it away for, we need to be even more cautious and hard-nosed about entering into data transactions by driving harder bargains and asking ourselves smart questions such as ‘who our data will be shared with and how it’s going to be protected’.”
Eduard Meelhuysen, VP EMEA at Netskope:
“Over the past twelve months, data breaches have continued to hit the headlines and data security concerns are at an all-time high. This is underlined by the upcoming ratification of a new European law, the European Union General Data Protection Regulation (EU GDPR), which is expected to be finalised around the same time as Data Protection Day 2016.
“The EU GDPR will require organisations to take adequate measures to ensure the security of personal data, and applies to any business operating in the EU – regardless of where it is based. As a result, 2016 will see major organisational manoeuvring as businesses rework data storage and sharing to ensure they are not in breach of these regulations. Data Protection Day serves as an important reminder to us all to remain vigilant and turn any data security concerns into action. Businesses can – and must – take steps to protect their data. Careful planning, clever policy setting and enforcement, and staff coaching can all mitigate risk, but businesses must implement these actions now to ensure the appropriate level of protection is in place before it is too late.”
David Mount, Director, Security Solutions Consulting EMEA, Micro Focus:
“As Data Protection Day comes round again for another year, significant data breaches are still hitting the headlines most weeks. This tells us that something definitely isn’t working, and my feeling is that often there’s too much emphasis placed on users to uphold security. We know people are the weakest link in the security chain, and yet too many solutions still rely on users making good security decisions.
“The harsh reality is that most employees don’t really care about security. And even those who do are going to get it wrong sometimes, especially as attacks grow more sophisticated and targeted – for example by combining social engineering and spear phishing. Understandably, most employees just want to get the job done and if that means finding workarounds or playing fast and loose with IT department rules, then unfortunately those issues are going to be a fact of life.
“As an industry, when we consider users to be the last line of defence, the technology has failed. At an employee level, we need security solutions to take the responsibility for fundamental security decisions away from users. Experience has shown that it’s difficult to get users to make smarter decisions, but smarter technology will always make better choices which will have a definite positive impact on an organisation’s security stance.”
Richard Anstey, CTO EMEA, Intralinks:
“While cyber-attacks are getting more commonplace, human error is still a huge problem and causing a significant number of data leaks. Many employees bring bad cyber-security practice from home into the workplace, and businesses don’t realise the implications that bad security habits can have on an organisation.
“Educating the workforce is as critical as implementing technology solutions to manage data flows, especially when handling very sensitive information, such as intellectual property. It is not financially viable – or legally sound – to focus solely on technology, process, or employee activity individually, because all three are important. There’s no silver bullet. New regulations like the General Data Protection Regulation (GDPR) are likely to accelerate this process in the next two years in an attempt to protect personally identifiable information (PII) flowing in and out of Europe. A recent survey by Intralinks and Ovum revealed that more than half (55 percent) of businesses said they are planning new training on the GDPR for their employees, but worryingly, over half of them (52%) also expect to be fined.
“If we want to take back control of our data, we need to start by ensuring businesses know what value their data has, where it flows across the world, where it is encrypted and how it’s being used by its employees. Only then can organisations make informed decisions about how to manage and secure data appropriately. For this reason, you’ll see more Chief Privacy Officers on executive teams in the coming years.”
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.