Data reigns king, but is security its shortcoming?
It’s easy to become complacent with news of yet more data breaches. They almost seem to be a daily occurrence making headlines. Yet, there is still an attitude that “this will never happen to us” amongst UK businesses – a regretful mistake to make. The reality of the situation is that every business across every sector is no longer fighting against individuals, but a sophisticated criminal network designed to steal and monetise company data.
Is data regulation helping?
Right now, not really. While there have been a number of data regulations put in place, the general industry belief is there isn’t enough focus being put on security.
However, the new EU Data Protection Regulation launched by the European Commission will help businesses become more proactive with regards to their hosting and data storage strategies. It means that service providers will be able to fulfil their role as a data processor, protecting the information it handles and stores on behalf of its customers.
This will also help businesses on the interpretation and protection required to avoid data breaches and violations of the law. The tougher fines and raised awareness should create a much better understanding in the C-suite of what data they hold, its value to the business and the controls required to protect these valuable assets.
But is this enough?
Sadly, this is only a stepping stone towards robust data protection. The threat landscape which businesses face today requires a lot more to be done. Cybercriminals can misuse data in multiple ways as they seek to monetise their efforts through extortion, identity theft or gaining access to networks using social engineering tactics. While many of the attacks from last year happened to systems that were not secured correctly, others were the result of skilled, determined attackers.
One of the most effective proactive methods is encryption. With two-thirds of large UK businesses experiencing a cyber breach or attack in the last year, every organisation should be able to admit they might have hacked and yes, data was stolen. However, as the customer information is securely encrypted the data is rendered useless in the wrong hands.
Do organisations have enough security in place?
Again, worryingly, the answer is no. Threats are continuing to grow and find new ways to target organisations, highlighted by a recent study by Arbor Networks which found 56% of organisations reported multi-vector attacks on infrastructure, applications and simultaneously.
TalkTalk was the most recent high profile case. Its clear high profile companies are becoming increasingly vulnerable due to the amount of customer data they hold and the weak security infrastructure surrounding it.
So what now?
Organisations need to accept that that at some point they will become a victim of a data breach or hack. It’s not a matter of ‘if’ but ‘when’.
To combat this, businesses must first be prepared to spot, react and defend against a breach quickly by having advanced threat detection services in place. They also need a partner in place an effective incident response programme.
Also, organisations need to look at security education as part of a company’s overall training programme. This makes sure the whole organisation is engaged in its cyber resilience. Each employee has their part to play in keeping assets safe so it is vital that security training and responsibilities filter from the top down.
In today’s threat landscape, organisations can no longer afford to be complacent when it comes to security. It needs to be top of the boardroom agenda. By implementing an effective security education programme alongside a strong threat intelligence system and incident response plan, and organisation can combat today’s cyber-criminal networks and protect their data assets.
Read more about Fujitsu’s ‘Secure Thinking’ offerings here.
Latest posts by Paul McEvatt (see all)
- Petya, Medoc and the delivery of malicious software - June 30, 2017
- Artificial Intelligence and automation is the obvious solution to defend today’s businesses - March 24, 2017
- Securing our connected future - January 4, 2017