By Ross Anderson – In today’s digital landscape, data has emerged as a cornerstone of competitive advantage across virtually every industry sector.
Data, often likened to the new oil of the 21st century, pervades digital devices, interactions, and transactions at an unprecedented rate. However, this ubiquity underscores the critical need to safeguard this asset at all costs.
As part of this, business leaders must ensure their capturing, storing, and usage of data remains compliant with continually evolving data regulations and governance requirements. Think of the likes of the General Data Protection Regulation (GDPR) of the EU and the Protection of Personal Information Act (POPIA) in South Africa. These, and similar regulations around the world, have contributed to reshaping the landscape of data management.
While each of these regulatory environments has subtle differences, the golden thread remains the importance of protecting individual privacy and granting users more control over their personal information.
Moreover, compliance is not something companies can consider optional. It becomes part of their license to do business. Violations can result in significant financial fines, potential jail time for executives, and reputational damage that can see customers leaving for a competitor.
To mitigate against this risk, companies must adopt privacy-by-design approaches, ensuring that data collection, processing, and storage practices are secure. In this way, they can foster trust with customers. However, this highlights the importance of safeguarding data in this complex environment. Cybersecurity measures are essential to protect data from breaches, theft, and misuse.
To do so effectively requires a combination of solutions. For example, disk encryption, advanced threat protection for PCs and servers, email security and firewalls, as well as comprehensive company-wide policies that promote data security awareness among employees.
Structural start
Of course, cybersecurity solutions are critical in this regard. But before companies implement technology to defend their data environment, they need to consider their organisational structure. A Sophos survey has found that those businesses with a dedicated cybersecurity team within a wider IT team report the best overall cybersecurity outcomes.
Another key insight from the Sophos survey is that if a company lacks essential cybersecurity skills and capacity, how it structures the team makes little difference to many of the security outcomes. This highlights the need to put the right measures in place to educate employees about cybersecurity best practices especially when it comes to protecting mission-critical business data. It is a general view that people will always be the weakest link in the cybersecurity chain.
After all, the best cybersecurity solutions in the world mean little if an employee clicks on a suspicious link, runs malware, or does not follow best practices around data protection.
Focusing on data recovery
Companies must prioritize data security by examining the quality of their backups. In business continuity, the adage holds: a backup alone holds little value, but the successful restoration of a backup is invaluable. Failure to restore or improper restoration following a data breach or compromise can yield significant organizational repercussions, particularly concerning compliance requirements.
The best backups are therefore the ones that restore correctly, are clean of all malware, and are encrypted so that the IT security teams know that they were not compromised after the backup was created. In practice, this is not always the case.
Research shows that while 96% of companies said they retrieved their data after paying ransom, only 65% of the encrypted data that was affected was restored. This highlights the importance of having secure backups and protecting those backups in more than one physical location.
Evolving environment
Cybercriminals are embracing advanced technologies like artificial intelligence, machine learning, and the like to perpetrate their attacks on company data. With the cloud becoming an integral part of the business operations of any local and international organisation, it has also become a major target for attackers. These criminals are looking to exploit less established cybersecurity practices than what has been done in traditional on-premises environments.
This makes having access to a managed threat response solution essential for the protection of data. In this instance, a fully-managed, 24×7 service delivered by experts who specialise in detecting and responding to sophisticated cyberattacks that technology solutions alone cannot prevent become a cornerstone for data defence.
Ultimately, decision-makers must adopt a new perspective on safeguarding data. Given its pivotal role in business success, prioritizing its protection is imperative. Companies must not only implement relevant technology solutions but also consistently educate employees on good data hygiene and cybersecurity best practices.
Ross Anderson is the business unit executive at Duxbury Networking