Consumers trust and expect businesses to keep their personal data safe. They take it for granted that organisations, especially large ones, have the resources to deliver business resilience; with the right protection and safety measures in place to stop their data from being stolen. However, government data released in 2017 showed that almost half of UK firms had been a victim of a cyber breach or attack in the previous year. And our latest research found that 40 percent of frontline IT workers throughout the UK believe their organisation is more exposed today, than it was a year ago, when the WannaCry attack hit.
With such enormous impact felt around the globe, you would assume that WannaCry and other high-profile breaches would have been a wake-up call for organisations to get their cybersecurity in order, and you would be right. However, many are still struggling to take action from the lessons learned which is also taking a toll on customer loyalty.
A recent survey by PwC found that brand trust is fading, with only a quarter of consumers feeling confident about how companies handle their sensitive and personal data. What’s more, nearly 90% say they will take their business elsewhere if they don’t trust that a company is handling their data responsibly.
Even with this increased consumer concern over data security, our research reveals that businesses haven’t implemented lessons learned from previous attacks, with 70% of frontline IT workers saying they have not improved their patch management processes since last year’s WannaCry ransomware attack, despite this being one of the main reasons behind the global breach. Without these basic hygiene measures in place, how can organisations comply with new government regulations, overcome challenges and know whether their customer data is protected, should another attack hit?
Complying with new government regulations
Governments are taking significant action when it comes to protecting customer data, introducing new rules and regulations around how businesses collect and process personal information.
The now enforceable GDPR has shone a light on the amount of consumer data held by businesses and what they do to protect it. Under GDPR, organisations are accountable for upholding data security standards to ensure that they safeguard customer data correctly. And as part of this, CIOs and security teams are now responsible for disclosing the effect of a data breach due to a cyberattack within 72 hours.
For IT operations and security teams, new regulations present an opportunity to start working together to ensure they understand where data exists in their organisation, how it’s being used, and how it’s being protected. As such, organisations no longer see GDPR as just a compliance issue, but as an opportunity to build business resilience and retain customer trust.
Overcoming the challenges
As organisations look to overcome challenges, it is critical they have the right people, processes, and protection in place to ensure that they are not selling a false sense of security.
Organisations need to build a true strategy for business resilience management. This means having real-time visibility of where threats exist across their environment. If they can’t pinpoint current vulnerabilities or the origin of a threat, how can they expect to be able to defend against them and protect customer data? It’s equally important that security and operations work with the same dataset and work with a single source delivered live by their endpoints. This can only happen if they break down organisational silos and work as one team, to avoid an accountability gap and ultimately build resilience across the entire business.
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.