It is really frightening. First, the self-driving startup, Alphabet Inc.’s Waymo made a great hue and cry about 14,000 proprietary design files that were stolen by a former Google employee, and the information landed in the hands of the competition. This was then followed by 8761 files leaked online, by an allegedly disgruntled insider that had all the details about the hacking capabilities of CIA’s centre for Cyber Intelligence. All these are more than enough to shock the world.
These incidents not only raise a flag about insider threats, it compels C-suite panel at enterprises and organizations to worry about the new vulnerabilities that are capable of impacting personal and organizational computing technologies that portray new trajectories of attack. It becomes more difficult for data management and analytic solution providing companies to gain trust from their customers who are required to share their humongous datasets for descriptive, predictive & prescriptive analytics.
May it be the CIA or Waymo, their valuable assets in form of proprietary designs and cyber-espionage tools, were stolen, devalued and turned into potential liabilities. These are the same assets that once used to drive revenue or establish organizational goals, which now have become toxic. Most of the users are not aware and if are, they do not think much about the data that they create, access and store with regards to toxicity. But it is high time they understand the gravity of the situation.
Data growth is racing ahead but information security is not
Billions and trillions have been spent, willingly or unwillingly, by organizations as part of efforts made to move analog information into a digital medium. The one we fondly know as data digitization. Companies moved their financial information, product plans, strategic sales and operations initiatives, and highly confidential patient, customer and employee records from paper to digital files, emails and of course the clouds. But aforementioned data breaches supposedly are the indication that these companies underestimated the importance of data security. Their sole focus was increasing the productivity and never bothered whether the data would be safe from hackers, insiders, competitors and other nations – at times.
And this is exactly why I strongly feel that the growth in data is racing ahead whereas security of data is lagging behind big time. And this is not only for those few thousand dollar companies, but multi-million dollar business houses such as Sony, Mossack Fonseca, the U.S. Office of Personnel Management – OPM and the Democratic National Committee – DNC; are not untouched.
So ideally the files and emails that are supposed to increase revenue and further organizational goals, when stolen, disrupt and subvert plans. I have been telling on and off that look after your data so that it looks after your business. Seek assistance from data management and analytics experts as bpm partnership; mindset & not the toolset ensure success. If you as an organization store valuable data, it is likely to get stolen if not today or tomorrow, some way or the other. And why only insiders, your data breach is something that could be orchestrated by someone who has never ever heard of you; ransomware, a form of file extortion, is now a $1 billion business.
3 big cybersecurity mistakes
The cybersecurity spending across the globe is expected to exceed $1 trillion in coming 3-5 years, is what Cybersecurity Ventures claim. So my question is if organizations are spending heftily, why do they encounter so many breaches?
- Companies spend more than required time and attention in protecting their systems and networks, and not on protecting the data their systems and networks were created for. It is like forgetting the oil and protecting the refinery.
- Companies focus solely on preventive technologies leaving them vulnerable to threats; they did not think of and their technologies that were not designed to prevent. They are not sure when an insider will be compromised and when their preventive controls might fail.
- The approach to data security has always been reactive and not proactive or strategic. The net result is a failure to reduce meaningful risk. According to the Forrester study, 34% of organizations know where their sensitive files are located and less than 40% enforce a need-to-know access model.
All these are indicators that “DATA” the invaluable asset an organization spends time and money creating, using and storing – may be a toxic liability to brand reputation, revenue and national security.
Data security should drive revenue & organizational growth
Instead of neglecting the detective capabilities and opting for reactive data security solutions, companies are required to take up an approach where data security is a fine blend of distinct functionalities, including detection. Such a solution would blend, either through data security platform or through API integration; data classification and discovery, permissions management, user behavior analytics, advanced threat detection and response, auditing and reporting, data access governance, and data retention and archiving – everything under one umbrella.
The aim here is to fence the data, similar to how credit card companies build context by assessing the way we use our credit cards. They conclude as to which all transactions are right for each person and which are the ones that are not. These advancements in detection empower us to keep our money easily available but protected at the same time. This is how the data also needs to be made conveniently available and protected, all at the same time.
A proactive or a strategic approach towards data security elevates the detective capabilities. It ensures that those breaches and insiders are found and are quickly stopped. Further reducing the risk to organizations by limiting the amount of damage these insiders can do. It increases the efficiency of the efforts put in to maintain data security with current staffing. Needless to say that in most of the events, the potential savings is far more than the cost involved in data breach.
