The COVID-19 pandemic has certainly added another layer of complexity to the workplace, as companies are relying on technology to establish secure remote work capabilities. With IT modernization being a key topic for business leaders currently, Data Privacy Day (January 28) is a great time to reflect on the importance of ensuring all company cyber assets are secure.  

Experts Comments

February 08, 2022
Camilla Winlo
Head of Data Privacy
Gemserv

Data privacy must be a priority, and more than ever the public sector in particular needs to really think about what data they hold, how they collect it and how it is applied and used. The risks relating to areas such as data ethics, inclusivity, privacy and data sharing needs to be a focus, particularly as data volumes grow in the cloud.  

The public sector is currently working on data sharing initiatives so that the various bodies can work in a more coordinated way. If the data is accurate

.....Read More

Data privacy must be a priority, and more than ever the public sector in particular needs to really think about what data they hold, how they collect it and how it is applied and used. The risks relating to areas such as data ethics, inclusivity, privacy and data sharing needs to be a focus, particularly as data volumes grow in the cloud.  

The public sector is currently working on data sharing initiatives so that the various bodies can work in a more coordinated way. If the data is accurate and well-protected, that should result in big social benefits.

However, one of the goals of data protection is to protect individuals from risks arising from the power of the state and so as the coordination grows, it’s really important to understand how different communities react to that and what they do and fear as a result. To achieve this however, its’ imperative that a ‘user-centred’ approach to privacy is implemented, so that public sector organisations understand that, amongst different communities and for different circumstances, the same thing can land differently with different people. 

Public trust is essential in order to maximise the potential benefits of data-driven innovations, and that comes from a willingness to listen to diverse voices and incorporate their views of privacy risks into projects.

  Read Less
February 01, 2022
Camellia Chan
CEO and Co-founder
Flexxon

It is promising to see that Data Privacy Day 2022 is generating so much discussion around the topic of protecting data. But with cyber criminals’ tactics becoming increasingly sophisticated every day, it’s important that we keep this momentum going throughout the year and beyond.  

Data Privacy Day is great for raising awareness of cyber threats, especially considering a staggering 95% of cyber-attacks are due to human error. However, education alone is not enough and cybersecurity measures

.....Read More

It is promising to see that Data Privacy Day 2022 is generating so much discussion around the topic of protecting data. But with cyber criminals’ tactics becoming increasingly sophisticated every day, it’s important that we keep this momentum going throughout the year and beyond.  

Data Privacy Day is great for raising awareness of cyber threats, especially considering a staggering 95% of cyber-attacks are due to human error. However, education alone is not enough and cybersecurity measures need to be more robust than ever. Fortunately, we have some incredible solutions that are readily available to both individual consumers and organisations. When developing a cybersecurity strategy, it’s important to consider that anti-virus software alone is not enough – it requires too much input from the individual, like updating the software. Companies should adopt robust firmware as the last line of defence. And, advancements in technology mean it’s now possible to have AI-infused SSD (such as Flexxon’s X-PHY) embedded into laptops to protect data against every type of attack, from ransomware and malware all the way to physical security.  

As Data Privacy Week comes to an end, we need to continue to raise awareness of these new and highly effective technologies that can assist us in the fight against cybercriminals.

  Read Less
January 27, 2022
Yogesh Badwe
Chief Security Officer
Druva

Data privacy had a big year; hybrid work opened the floodgates to new data security and privacy risks, there were eye-watering fines from high profile data breaches and new privacy laws such as the China Personal Information Protection Law (PIPL) went into effect as more regulations continue to surface. The India Data Protection Bill will likely be passed soon and a federal data privacy regulation is under serious discussion in the United States. Regardless of how the data privacy landscape

.....Read More

Data privacy had a big year; hybrid work opened the floodgates to new data security and privacy risks, there were eye-watering fines from high profile data breaches and new privacy laws such as the China Personal Information Protection Law (PIPL) went into effect as more regulations continue to surface. The India Data Protection Bill will likely be passed soon and a federal data privacy regulation is under serious discussion in the United States. Regardless of how the data privacy landscape continues to evolve, there are fundamental steps every business can take to put privacy first and protect the personal data of both employees and customers. 

This year’s Data Privacy Day is an opportunity for businesses to take inventory of their privacy practices and identify what more they can do to build trust. Seize the moment by reviewing data processing activities to understand what’s being collected, how it’s being stored, and who it’s being shared with. Keeping the end user’s privacy interests at heart and leading with transparency in all your technology and business decisions is always a good strategy. By taking these fundamental steps, businesses will be that much closer to improving their resiliency and successfully navigating today’s evolving regulatory landscape. 

Organizations also should look to leverage the cloud to streamline governance and achieve data resilience at scale. Just in the last week, the Biden administration has mandated federal agencies to more widely deploy cloud technologies in an effort to strengthen the nation’s defenses. Now is the time to act before violations result in fines, loss in customer trust, or worse. 

  Read Less
January 27, 2022
Heather Gantt-Evans
Chief Information Security Officer (CISO)
SailPoint

Collectively, are we on the right side of history with Data Privacy? I would argue not yet. We are going to look back at this era as if we were data barbarians. In our increasingly "Ready Player One-Esque" environment, we must set aside time to think about our privacy and how to protect it. 

“We can see the wave of data morality coming from thought leaders and governments forcing hands by enacting regulations, including GDPR and CCPA. For enterprises to meet these rising expectations and

.....Read More

Collectively, are we on the right side of history with Data Privacy? I would argue not yet. We are going to look back at this era as if we were data barbarians. In our increasingly "Ready Player One-Esque" environment, we must set aside time to think about our privacy and how to protect it. 

“We can see the wave of data morality coming from thought leaders and governments forcing hands by enacting regulations, including GDPR and CCPA. For enterprises to meet these rising expectations and comply with new regulatory guidelines, they'll need to prove that they are investing in privacy. Companies who want to capitalise on this moment should seek to collect as little data as possible, encrypt what data they do have, give customers a path to opt out of data harvesting, and give customers the ability to be forgotten (i.e. providing previously collected data back to the customer, and then deleting it).

“But most importantly, organisations need to communicate clearly how collected data is used in order to provide value back to the customer. This means clearly articulating how it is protected, and the customer’s privacy options.

“This can be particularly challenging for data involved in proprietary machine learning, but algorithmic transparency demonstrates that an enterprise is conscientious about data privacy. This includes Disney, who recently agreed to privacy changes for children's apps, effectively removing tracking software for targeted ads. In addition, companies should seek to embed customer privacy as one of their core values and communicate this value as part of their customer-facing messaging. 

“Let's usher in a new phrase, 'the customer is always right secure.

  Read Less
January 27, 2022
Luke Kenny
Lead Security Principal, EMEA
Trustwave

Data privacy isn’t just about day-to-day data protection and compliance anymore. Organizations need to approach data privacy with an ‘assume-breach’ mindset. How swift and effective an organization can respond to a crisis like a data breach, greatly affects short-term and long-term data privacy efficacy. Companies need to be conducting regular crisis simulations across their entire organization, not just IT and security disciplines, to ensure they can effectively respond to an incident

.....Read More

Data privacy isn’t just about day-to-day data protection and compliance anymore. Organizations need to approach data privacy with an ‘assume-breach’ mindset. How swift and effective an organization can respond to a crisis like a data breach, greatly affects short-term and long-term data privacy efficacy. Companies need to be conducting regular crisis simulations across their entire organization, not just IT and security disciplines, to ensure they can effectively respond to an incident and mitigate impact.

  Read Less
January 27, 2022
Kev Breen
Director of Cyber Threat research
Immersive Labs

As organizations continue to migrate to the cloud and put a heavier reliance on third parties and SaaS platforms managing their data, it can be easy for individuals and organizations to lose track of who has what data and how it is being used. Data breaches impact our daily lives - just look at the harrowing statistics provided by haveibeenpwned. To date, more than 11 billion accounts have been compromised in data breaches from almost 600 third-party services.  

There is no magic bullet or

.....Read More

As organizations continue to migrate to the cloud and put a heavier reliance on third parties and SaaS platforms managing their data, it can be easy for individuals and organizations to lose track of who has what data and how it is being used. Data breaches impact our daily lives - just look at the harrowing statistics provided by haveibeenpwned. To date, more than 11 billion accounts have been compromised in data breaches from almost 600 third-party services.  

There is no magic bullet or single solution that can fix this problem. Each person has their part to play. 

Organizations running these kinds of services need to ensure their developers understand the risks of this data being compromised and put the relevant authentication and access controls in place. Bringing security considerations and training in earlier on in the development process - what is considered “shifting security left”- can help prevent breaches before they happen. This is critical when you consider that 81% of developers have knowingly released vulnerable applications. 

However, it doesn’t just come down to the developers and security teams. As an organization, you need to know how to respond in the event of a breach that compromises your data privacy. It’s easy to see a public data breach and think it doesn’t affect you. In reality, password reuse is common across platforms and is a well-known technique used by attackers following any kind of breach. It’s not enough to have playbooks in place - you need to ensure you exercise these playbooks with regular cadence and include wider audiences than just your security teams. Legal, Compliance, and Communication teams all have vital roles to play.  

Finally, don’t ignore your users. Whilst they are commonly the first line of attack, they are also the first line of defense. Having a well-informed and trained user base can help security teams identify potential attacks before they can take hold.

  Read Less
January 27, 2022
Todd Carroll
CISO
CybelAngel

Data Privacy Day is an opportunity for companies and consumers to reflect on what cyber security does for them. For companies' data privacy is not just about protecting IP or preventing fraud. It is about protecting people from having their identities stolen, medical information abused, or hard-earned money being taken. On this Data Privacy Day, we challenge companies to adopt a proactive approach by locating external digital risks. Using a digital risk protection solution allows companies to

.....Read More

Data Privacy Day is an opportunity for companies and consumers to reflect on what cyber security does for them. For companies' data privacy is not just about protecting IP or preventing fraud. It is about protecting people from having their identities stolen, medical information abused, or hard-earned money being taken. On this Data Privacy Day, we challenge companies to adopt a proactive approach by locating external digital risks. Using a digital risk protection solution allows companies to locate when and where their data is exposed. By focusing on locating exposed data, it's possible to find leaks in third, fourth, and fifth parties that would not have shown up in an audit or security rating.

Most data leaks will occur due to negligence, just simple mistakes. What companies can do on this Data Privacy Day is to make sure there is no low-hanging, easily accessible data. We recommend starting by locating all open or exposed data sources like cloud databases or cloud storage buckets. Resecuring exposed digital assets goes a long way towards ensuring data privacy. Once the low-hanging fruit is taken care of, a company's next responsibility is to secure their third, fourth, and fifth parties with private data.

  Read Less
January 27, 2022
Patrick McBride
CMO
Beyond Identity

Passwords threaten privacy by leaving consumer accounts very exposed to hacking. Adversaries simply buy credentials on the dark web and use internet-scale infrastructure to take over a wide range of accounts that contain confidential information - from email and social accounts to banking and healthcare. Unfortunately, traditional MFA that uses passwords and other "phishable" factors are not nearly secure enough and consumers hate the user experience.  According to industry analyst firm

.....Read More

Passwords threaten privacy by leaving consumer accounts very exposed to hacking. Adversaries simply buy credentials on the dark web and use internet-scale infrastructure to take over a wide range of accounts that contain confidential information - from email and social accounts to banking and healthcare. Unfortunately, traditional MFA that uses passwords and other "phishable" factors are not nearly secure enough and consumers hate the user experience.  According to industry analyst firm Gartner, the world is starting their passwordless journey in 2022. Consumers should press organizations to provide strong and frictionless authentication to protect their privacy.

  Read Less
January 27, 2022
Kurt Glazemakers
CTO
Appgate

There is no doubt that the VPN has played an important role in the evolution of the internet. However, as we near another data protection day having witnessed more data breaches and cyber attacks over the past year, it is time we recognise that the VPN has also played a role in providing organisations with security flaws and vulnerabilities that leave them open to attacks and subsequently, data theft.

Of course, a recent example of the danger of VPNs is the infamous Fortinet VPN hack in

.....Read More

There is no doubt that the VPN has played an important role in the evolution of the internet. However, as we near another data protection day having witnessed more data breaches and cyber attacks over the past year, it is time we recognise that the VPN has also played a role in providing organisations with security flaws and vulnerabilities that leave them open to attacks and subsequently, data theft.

Of course, a recent example of the danger of VPNs is the infamous Fortinet VPN hack in September of last year, where the VPN vulnerability allowed unauthenticated attackers to read arbitrary files which contained plaintext credentials. The leaked credentials could (and still can) be used as an entry vector for more complex attacks. For example, the Colonial Pipeline attack of last year used a compromised credential for a legacy VPN appliance. Evidently, VPNs leave the door open for cyber criminals to exploit its vulnerabilities, gain access to the network and steal credentials and other valuable pieces of data.

So, what is the answer and is there a better solution? Zero trust network access (ZTNA), with its ‘authenticate, then trust’ approach, versus VPNs’ trust of IP addresses, is becoming an increasingly mainstream choice among businesses. The principle is even favoured by bodies such as the Pentagon who launched a zero trust cybersecurity office in December 2021. By adopting ZTNA, organisations can limit the damage of any potential loss of data and help companies to quickly recover after an incident. The approach closes the gaps left by outdated technology that no longer protects businesses from the evolving tools used by modern cybercriminals. 

In order to detect an intruder and protect their data, organisations need to apply zero trust policies including segmenting networks and assuming all connections can be compromised. Zero trust needs to be implemented in the core infrastructure and organisations must profile any device trying to connect in the network, use multi-factor authentication to ensure credentials are not compromised, and most importantly, only provide access to data according to what a user or a system needs to. 

Our data is one of our most valuable resources and cybercriminals know that. By implementing zero trust policies, organisation can ensure that their employee’s credentials, and their customer’s data is secure and protected from the prying and watchful eyes of the cybercriminal community.

  Read Less
February 08, 2022
John Smith
EMEA CTO
Veracode

Data protection is increasingly important to businesses in Europe with the onset of regulations and compliance measures, like GDPR and Schrems II, threatening to cost businesses millions if they don’t comply. In fact, in 2021 European data regulators issued €1.1 billion (£920 million) in GDPR fines – a huge 585% increase compared to 2020.

Increasingly, businesses require their data to stay in the EU when it goes through application scanning, and our European instance, the “European Region”,

.....Read More

Data protection is increasingly important to businesses in Europe with the onset of regulations and compliance measures, like GDPR and Schrems II, threatening to cost businesses millions if they don’t comply. In fact, in 2021 European data regulators issued €1.1 billion (£920 million) in GDPR fines – a huge 585% increase compared to 2020.

Increasingly, businesses require their data to stay in the EU when it goes through application scanning, and our European instance, the “European Region”, enables this by providing EU data residency for customers. Eventually, all cloud-based solution providers will need to establish data instances to help customers secure their information.

It’s also important businesses shore up their software security to protect private data from hackers. With the growing adoption of open source, there is increased systemic risk in the software supply chain. As more developers rely on open source, we’ve reached a tipping point where greater risk comes from open source than a developer’s custom code. Therefore, it is more important than ever that businesses shift security left in the software development lifecycle, empower developers by training them on best practices in secure coding, and provide the tools to find and fix vulnerabilities in their software.

  Read Less
January 27, 2022
Richard Walters
CTO
Censornet
  1. A step closer to Walled gardens to protect data

“The international focus on data privacy laws will take us a step closer to Walled Internet Gardens. Country specific regulation from the General Data Protection Regulation (GDPR) to the California Consumer Privacy Act (CCPA) and China’s Personal Information Protection Law (PIPL) will mean organisations need to manage multiple data protection legislation in various jurisdictions, placing an onus on in-country data residency.”

  1. Automation will
.....Read More
  1. A step closer to Walled gardens to protect data

“The international focus on data privacy laws will take us a step closer to Walled Internet Gardens. Country specific regulation from the General Data Protection Regulation (GDPR) to the California Consumer Privacy Act (CCPA) and China’s Personal Information Protection Law (PIPL) will mean organisations need to manage multiple data protection legislation in various jurisdictions, placing an onus on in-country data residency.”

  1. Automation will replace the 24x7 security analyst

“The lack of cybersecurity skills and budget will mean the 24x7 security analyst for the mid-market will be automation. The sophistication of automation to manage security event alerts will be critical to risk reduction. Pre-agreed cyber response rules and the ability of automated defences to act autonomously will be critical to stopping attackers in motion.”

  1. Consolidation to platforms to reduce complexity

“There will be a shift from best of breed point solutions to cyber platforms where cyber defences consolidate multiple threat defences. This decline of point solutions has been triggered by mid-market organisations now using between 30–50-point products to protect their data. Finding this array of technology either too costly or complex to manage, they will seek to consolidate costs and better protect their organisation by shifting point solutions to a platform.”

  1. Ransomware will cause human casualty 

“Ransomware has shifted from targeting large organisations to mid-market organisations over recent years. This is a clear signal that ransomware will continue to permeate our society. The next cause for concern will be when ransoms are demanded to keep ‘Operational Technology’ (OT) operational – a hospital medicine dispensing machine for example.

  Read Less
January 27, 2022
Chris Boyd
Lead Malware Intelligence Analyst
Malwarebytes

As Data Privacy Day is upon us, it is important that everyone adheres to the three C’s. Firstly, check your socials – we live in a society in which we feel obliged to project every detail of our lives across the internet. This eats away at our privacy and increases the risk of unsolicited and private information being shared. Re-evaluating this mindset could boost your privacy and security considerably. Secondly, consider alternating browser usage every so often. Switching from one browser

.....Read More

As Data Privacy Day is upon us, it is important that everyone adheres to the three C’s. Firstly, check your socials – we live in a society in which we feel obliged to project every detail of our lives across the internet. This eats away at our privacy and increases the risk of unsolicited and private information being shared. Re-evaluating this mindset could boost your privacy and security considerably. Secondly, consider alternating browser usage every so often. Switching from one browser to another can help keep advertisers and profilers on their toes and gives you greater insight into security measures put in place by the developers. It's also important to ensure your browser is legitimate and not rogue software or simply an advertisement farm masquerading as a privacy tool. And finally, challenge yourself – the evolution of social media, camera phones and smart devices threatens other people’s privacy by allowing multiple parties to access it. We need to be as motivated to protect the privacy of others as we are our own.

  Read Less
January 27, 2022
Kevin Bocek
VP Security Strategy & Threat Intelligence
Venafi

Let’s Encrypt has boomed in popularity with developers over the last few years, as it gives developers a quick, free and easy way to issue TLS machine identities for all manner of critical web services – from websites to customer applications. In fact, our recent crawler report [scotthelme.co.uk] with Scott Helme shows that Let’s Encrypt now has millions of active certificates in use – 28% of the top 1 million sites make use of it. This means that when Let’s Encrypt suddenly has to

.....Read More

Let’s Encrypt has boomed in popularity with developers over the last few years, as it gives developers a quick, free and easy way to issue TLS machine identities for all manner of critical web services – from websites to customer applications. In fact, our recent crawler report [scotthelme.co.uk] with Scott Helme shows that Let’s Encrypt now has millions of active certificates in use – 28% of the top 1 million sites make use of it. This means that when Let’s Encrypt suddenly has to revoke millions of certificates– as is the case right now – it can create major upheaval, putting critical services at risk of outage, with organisations having to quickly find and reissue potentially tens of thousands of machine identities within just two days. Doing this manually is almost impossible, and highly prone to potentially costly errors – even more so given that businesses could have more than 57,000 machine identities that they aren’t even aware of. To protect against events such as these, which are becoming increasingly common, security teams should be automating machine identity management. By doing so, they can avoid manual rotation, replacement, and revocation of all machines – and not be nervous of the consequences when misconfigurations such as the one from Let’s Encrypt, occur.

  Read Less
January 27, 2022
Joseph Carson
Chief Security Scientist & Advisory CISO
Thycotic

The notion of real ‘privacy’ is perhaps something that no longer truly exists. Internet connected device usage has exploded in recent years, bringing huge changes to our society, but this has come with risks as we’re all tracked and monitored 24/7. 

It means we need to consider not just data privacy, but the safeguards that govern how data is collected and processed. Thanks to stricter regulations, the public now has greater say on how their data is used, but regulatory bodies need to continue

.....Read More

The notion of real ‘privacy’ is perhaps something that no longer truly exists. Internet connected device usage has exploded in recent years, bringing huge changes to our society, but this has come with risks as we’re all tracked and monitored 24/7. 

It means we need to consider not just data privacy, but the safeguards that govern how data is collected and processed. Thanks to stricter regulations, the public now has greater say on how their data is used, but regulatory bodies need to continue to pressurise companies and governments to maintain good cyber security practice, incorporating the principle of least privilege to protect collected data and provide users with transparent access to such data. 

Our personal data is becoming more and more profitable, and many will begin to ask how citizens will be incentivised, or perhaps paid, for their data? What will the future hold for personal data ‘renting’?

  Read Less
January 27, 2022
Chad McDonald
VP of Customer Experience
Arxan

The number of identities linked to businesses has dramatically increased over the past two years, and as organisations begin their digital transformation, they need to be able to keep their identity data under control and properly managed.   

For years now, organisations have suffered from scattered identity data across multiple sources which all use different protocols or are in modern cloud repositories that can’t connect back to legacy, on-premise technology. This inevitably results in an

.....Read More

The number of identities linked to businesses has dramatically increased over the past two years, and as organisations begin their digital transformation, they need to be able to keep their identity data under control and properly managed.   

For years now, organisations have suffered from scattered identity data across multiple sources which all use different protocols or are in modern cloud repositories that can’t connect back to legacy, on-premise technology. This inevitably results in an identity sprawl with organisations having overlapping, conflicting, or inaccessible sources of data, making it impossible to build complete and accurate user profiles.   

This not only causes frustration for employees, who have to remember multiple logins credentials for all of the different applications and profiles that they need as part of their day-to-day job, but also poses significant GDPR and security risks.   

The recent news story of the UK government being fined £500,000 for the New Year honours data breach is an example of the poor processes that happen when governing identity data. Poor identity management will result in data not being fully secured and organisations suffering data breaches. Without accurate user profiles, systems are unable to determine what individuals should and should not be able to access. Siloed systems increase likelihood of a failure in identity management which increases an organisation’s attack surface. This increases the chances of a successful breach and increases the likelihood that it will remain undetected over time.   

Whilst identity sprawl is causing significant challenges to businesses across the world, it is a problem which many organisations don’t realise they have or, if they do know about it, they have decided to turn a blind eye as they believe there is no solution to sanitise and streamline their identity data.   

With the number of cyberattacks substantially increasing during the pandemic, organisations must put in measures which can stop identity sprawl by ensuring they have a unified global profile which has all the attributes of a user irrespective of which source it’s located in. Organisations that fail to manage identity data will suffer from further data breaches as threat actors know that data is not secure and easy to get hold of. Whilst this sounds like a complicated problem to solve, it can be easily done thanks to Identity Data Fabric.   

The concept of Identity Data Fabric is to unify distributed identity data from all sources in an organisation and create a resource that delivers identity data on-demand wherever and whenever needed. Applications are then able to access identity data using different formats and protocols, irrespective if it’s on-premise or in the cloud.   

Not only does the Identity Data Fabric approach ensure that businesses have access to all their identity data, but it also ensures that users’ profiles can be regularly updated in real-time. Businesses can be confident that employees have access to the right information, yet they’re not able to access areas they don’t need for their job. With identity data in one flexible and manageable system there is less chance of that data being accidentally leaked by employees or stolen by cyber criminals and it is more likely that the identity data and processing will be accurate across all systems.

  Read Less
January 27, 2022
Adam Brady
Director, Systems Engineering, EMEA
Illumio

During Data Protection Week last year, we highlighted the frequency of successful ransomware attacks, warning organisations that privacy and consumer data is such a high-value currency that if an attacker knows what they have, they’ll exploit it for every last penny. 

I’d like to be able to reflect on the past year and say that we’ve collectively gotten control over ransomware, but the reality is that following detrimental attacks such as those on Colonial Pipeline and JBS, as well as

.....Read More

During Data Protection Week last year, we highlighted the frequency of successful ransomware attacks, warning organisations that privacy and consumer data is such a high-value currency that if an attacker knows what they have, they’ll exploit it for every last penny. 

I’d like to be able to reflect on the past year and say that we’ve collectively gotten control over ransomware, but the reality is that following detrimental attacks such as those on Colonial Pipeline and JBS, as well as Ireland’s HSE, we’re still in the midst of an escalating ransomware crisis. 

As we push forward with 2022, estimates suggest that security spending will top $150 billion this year. Will that spending alone be enough to turn the tables on attackers and mitigate catastrophic ransomware attacks? Unfortunately not.

As organisations scope out their security strategies for the coming year, it’s not only important they have the necessary resources to execute on their strategies, but also that they’re planning to spend those resources on initiatives that will make a meaningful impact. In order to guarantee better data protection and cyber resiliency, organisations need to focus on mapping out and fully understanding their risk, isolating (not only preventing) attacks, and consequently securing their data and critical applications.

For organisations who are currently unable to see risks in your environment or who are struggling to minimise the impact of ransomware and cyberattacks, let today be your reminder to take action. It’s time for all organisations to adopt an “assume-breach" mindset, so that when this day comes around next year, you can look back on 2022 with confidence in your cyber resiliency and the security and privacy of your data, and your clients’ data.

  Read Less
January 27, 2022
Brooks Wallace
VP EMEA
Deep Instinct

The protection of data should be a priority for all organisations, however, the increase in cyber and ransomware attacks over the past two years has meant that now, more than ever, our data has never been at greater risk. In fact, 80 percent of ransomware attacks involves data exfiltration. This could be customer data, employee information, patient data, intellectual property or financial information- the list goes on. It also doesn’t end with the one attack. Often, the data stolen in a

.....Read More

The protection of data should be a priority for all organisations, however, the increase in cyber and ransomware attacks over the past two years has meant that now, more than ever, our data has never been at greater risk. In fact, 80 percent of ransomware attacks involves data exfiltration. This could be customer data, employee information, patient data, intellectual property or financial information- the list goes on. It also doesn’t end with the one attack. Often, the data stolen in a ransomware attack is used in a double extortion whereby the attackers not only steal the data, but then threaten to publish it online for other cyber criminals to use in further attacks. They can also demand ransom from the victim’s clients or suppliers, making it a triple extortion. There is no end to how attackers will use our data in a ransom attack.

Ransomware is a genuine threat to all organisations and with the attack method being so prolific in its exfiltration of data, organisations need to look at what more they can do to protect their customers from being the target of an attack and having their valuable and personal information stolen.

All too often, we are taught the best way to respond to a cyber attack is to mitigate it. By doing this, we are settling for the scenario that the attacker has already entered the network and is looking to deploy malware, or launch a ransomware attack and steal data. By this time of course, it is already too late and the damage may well have been done. It also becomes much harder for security teams to work out what the attacker has accessed and infected in order to respond to, and mitigate the damage caused.

Fortunately, there is a way in which organisations can guarantee that their data is secure from ransomware and other cyber attacks, but in order to ensure protection, they need to shift their mindset from mitigation to prevention.

Organisations can do this by implementing deep learning. Deep learning learns in a much more complex way than traditional systems like machine learning (ML) via a deep neural network inspired by the human brain. The neural network is left to process large quantities of raw, unlabelled data which it then determines as malicious or benign. Because deep learning tools learn independently, they can process vast amounts of data compared to traditional ML tools that require manual input. 

As a result, the technology is not only able to accurately identify more complex patterns than traditional ML, but it operates at exponentially higher speeds. The bleeding edge of the technology can detect and block malware in just 20 milliseconds. At this speed, we effectively move from prevention to prediction as attacks are stopped before they can truly begin.

With complete preventative options available, businesses who choose to stick with mitigation solutions are providing attackers with the opportunity to gain access to their customer’s data which can be used in further attacks or held hostage in a ransom attack. We have witnessed a somewhat terrifying growth in cyber attacks in the past couple of years and trying to find a solution to stopping them can feel hopeless. However, with a shift in mindset and a recognition that in fact there are solutions that can completely stop a cyber attack from even entering a network, we have a much higher chance of our data being safe and protected.

  Read Less
January 26, 2022
John Vestberg
President and CEO
Clavister

While I applaud that a whole week has been dedicated to the subject of data privacy, culminating in Data Privacy Day on 28th, it truly is an issue that deserves attention all year round. With that said, if the initiative raises awareness of the issue and encourages individuals and businesses to take ownership of their current understanding and setups, that can only be a positive.  

It’s an unfortunate truth that millions of people continue to be blissfully unaware of how their data is being

.....Read More

While I applaud that a whole week has been dedicated to the subject of data privacy, culminating in Data Privacy Day on 28th, it truly is an issue that deserves attention all year round. With that said, if the initiative raises awareness of the issue and encourages individuals and businesses to take ownership of their current understanding and setups, that can only be a positive.  

It’s an unfortunate truth that millions of people continue to be blissfully unaware of how their data is being used, exploited and under threat from differing regulations. Different countries and regions have different data and privacy regulations and its challenging to know what your all your data needs to comply with. Personal data isn’t always stored in the same country you’re in and that brings sovereignty into play. Take the US, for instance, home of many of the world’s largest cloud infrastructure providers, data stored there must have encryption backdoors built in – meaning your data might be being viewed by parties you had no intention of seeing it.  

Fortunately, there is an alternative. If businesses stick to European-based providers to house their data and ensure that all the third-party software and services providers are also based in the region too, they can be rest assured knowing their information is closer to home and not under the watchful eye of third parties. It’s advice such as this that should be taught during this week and beyond.

  Read Less
January 19, 2022
Keith Neilson
Technical Evangelist
CloudSphere

In the U.S. alone, there are several disparate federal and state laws, some of which only regulate specific types of data - like credit or health data, or specific populations - like children. Combine these regulations with the many different international laws that aim to ensure data privacy, such as GDPR, and compliance for companies with global operations becomes an extremely complex undertaking.  

Data Privacy Day serves as a reminder that cyber asset management should be a top priority for

.....Read More

In the U.S. alone, there are several disparate federal and state laws, some of which only regulate specific types of data - like credit or health data, or specific populations - like children. Combine these regulations with the many different international laws that aim to ensure data privacy, such as GDPR, and compliance for companies with global operations becomes an extremely complex undertaking.  

Data Privacy Day serves as a reminder that cyber asset management should be a top priority for every organization. Enterprises cannot ensure compliance and data security unless all assets are properly known, tagged, and mapped in the cloud. To avoid jeopardizing sensitive company or customer data, organizations must take the first step of cyber asset management to secure visibility of all cyber assets in their IT environment and understand connections between business services. This includes identifying misconfigurations and automatically prioritizing risks to improve overall security posture, allowing for real-time visibility and management of all sensitive data.

  Read Less
What do you think of the topic? Do you agree with expert(s) or share your expert opinion below.
Be part of our growing Information Security Expert Community (1000+), please register here.