[ad_1]
Guest Comment: January 28th is Data Privacy Day. In Europe it is known as Data Protection Day. While data privacy is about deciding who has access to what information, data protection is about protecting that information. A data breach blows both out of the water.
Data breaches can occur in any organization. Our latest research, conducted in collaboration with Ponemon Research, shows that just under half (48%) of organizations surveyed across five countries have experienced a data breach incident involving the loss or theft of confidential information about customers, prospects, or customers. I understand that you experienced this last year. or an employee. This rises to 54% for financial services organizations.
We will discuss the main causes of data breaches later. First, let’s talk about risk.
Cybersecurity requires senior management-level support to be fully effective. And risk is a language that all business leaders understand. When it comes to ensuring a robust and compliant approach to data privacy and protection, business leaders need to know “what happens” if they lose valuable data.
|
What does a data breach mean for your business?
This study revealed that not all data loss carries the same level of business risk. This is important because it allows organizations to focus their security resources accordingly.
Not surprisingly, financial data tops the list of information that would have the greatest financial or operational impact on an organization if lost or stolen. Overall, 43% of respondents ranked this as one of their two most affected by data loss.
Other interesting insights include:
- Loss of employee records has the second largest impact overall (37%). The difference between second place and his third place (Customer Personally Identifiable Information, PII, 36%) is small, but the difference is higher among the largest organizations surveyed (40%). This may reflect the fact that organizations often have more detailed, sensitive and confidential information about their employees than about their customers. This can be exploited by attackers for extortion, recruitment of malicious insiders, and costly litigation and compliance violations for your business.
- Intellectual property loss affects small businesses (30%) more than large businesses (21%). This is probably because SMEs rely more heavily on IP for competitive advantage and are less likely to hold a wider range of assets.
- Loss of email and informal chat/text messages impacts large companies (32%) the most. This may reflect the risk of advanced email threats such as business email compromise and the need to maintain such records for legal disclosure and compliance.
Top causes of data breaches
Respondents were asked about the root causes of data breaches. The findings show how extensive the digital attack surface has become, with many weaknesses that can put networks and data at risk.
Root causes appear to fall into four categories: people, cyber threats, supply chain, and system failure/misconfiguration.
They include:
- Employee/Contractor Activities (Due to Negligence (Root Cause of 42% of Violations) or Malicious Acts (39%))
- IT security oversights – including unpatched vulnerabilities (34%) and system or operating process errors (41%)
- Mistakes by third parties (45%)
- External enemies — hacking (34%), phishing (39%), viruses or other malware (49%).
Elsewhere in the study, one in six (17%) successful phishing attacks resulted in the loss of sensitive information, compared to one in five in manufacturing (22%) and public sector (21%) organizations. This indicates that the number of cases exceeds the number of cases. %), as did respondents from the UK (23%) and France (21%).
Many of these potential breakpoints can be addressed with effective security technologies and policies.
Data protection
Given that approximately 1 in 2 companies experienced a data breach last year, it’s not a huge leap to think that all organizations will experience a data breach over time. At the very least, every organization should approach data security and compliance as if it were a fact.
Regardless of the size of your organization, you can’t go wrong as long as you get the basics right. These include a robust approach to authentication and access, using multi-factor authentication as standard and ideally moving to a zero trust approach.
Your IT infrastructure is equipped with defense-in-depth, AI-powered security technology that covers the entire attack surface and all entry points, from devices to APIs, cloud assets, and more, providing complete visibility. Must be.
Ideally, this should be supported by 24/7 security operations and monitoring, allowing threats to be responded to, mitigated, and neutralized before they progress further into the cyber kill chain.
In addition to this, you need to continuously back up your data. Ensure all backup data is encrypted both at rest and in transit. Apply the gold standard of 3:2:1. That is, using two different media he makes three backup copies, one of which he takes offline.
Employee engagement and training are critical. Every employee should understand why cybersecurity is important, the latest threats and scams to be aware of, and what to do if they see something suspicious.
know your duties
Finally, be sure to understand and comply with the data privacy and protection regulations of the markets in which you do business.
In the United States, information regarding data privacy is available from the Cybersecurity and Infrastructure Security Agency (CISA), the National Institute of Standards and Technology (NIST), the Federal Trade Commission (FTC), and many other public, private, and educational institutions. Available.
The same applies to EMEA and Asia Pacific. Deloitte’s European Data Guidance and Asia Pacific Data Guidance contain the latest information on data protection and privacy laws and developments across the region, in addition to key regional sites such as the GDPR Compliance Checklist.
Barracuda commissioned Ponemon Research to conduct an international study on the security challenges faced by organizations with 100 to 5,000 employees and the financial impact of breaches. Ponemon surveyed 1,917 IT security professionals in the US (522), UK (372), France (329), Germany (425), and Australia (269) in September 2023. I did. A report on the results is Cybernomics 101is available.
[ad_2]
Source link