Data security has been one of the most talked about topics for the last few years. Organizations in all industries are taking notice and implementing elaborate security measures to help protect data. Likewise, consumers are more aware of their data privacy and security rights than ever before.
If you work in an organization that takes data security seriously, you’ll probably have noticed the effect that the focus has had on your day to day role. Anything from regularly rotated, complex passwords to multi-factor authentication protocols, biometrics and other forms of authentication have been widely adopted. Whilst many probably see this as an inconvenience, for us working in the data security industry it’s a sign that things are moving in the right direction.
On the other hand, data loss, data breaches and cyberattacks continue to increase year on year. When we look retrospectively at huge data breaches during an investigation, it’s easy to see why this is the case. The state of some organizations’ security when it comes to their sensitive data leaves a lot to be desired. Data on the black market holds a real, intrinsic cash value, yet we refuse to treat it like case; allowing anyone within the organization with the inclination to be able to access it.
We have seen organizations that claim to be secure, through dangerous security states or excessive permissions, leave their data openly exposed to threats from within the business and from external attacks. What’s worrying, is that the situation isn’t improving; it’s actually getting worse.
A research team from Digital Shadows scanned a collection of file storage technologies and discovered that the number of exposed files had increased by 50% on the previous year. This equated to over 2.3 billion files that are within the reach of attackers and insider threats.
In many cases, the data breaches we see that happen to large organizations are not down to their own poor data security. In today’s world, most multi-national organizations rely on an interconnected web of third-parties, partners and suppliers. Those, often smaller, companies may well not have security strategies or solutions that are up to the standards of a larger organization. For example, the now infamous attack on Target back in 2013 occurred through one of their contractors.
Nowadays, almost every organization (regardless of size) relies on relationships with other organizations and individuals to conduct business. Whilst relationships help businesses to grow, they also drastically increase the potential attack surface. It also means that a company’s data security is only as strong as it’s weakest link.
What does this mean for organizations looking to ensure they protect their data and maintain compliance with industry standards? Well, we’ve said it many times before but it’s worth repeating: Trust is not a security strategy. Data security is a shared responsibility. Within the organization, the security team needs to know where their sensitive data is, who has access to it and what users are doing with it. The rest of the organization must be sure to adhere to password policies and other security practices. Standards also need to be set when dealing with any third-parties.
Every person in today’s world needs to ensure that they take data security seriously and work together to help combat the increasing number of threats that we face. Whilst it will be impossible to completely eliminate data breaches, it might be possible to make data security second nature. Let’s at least make it difficult for attackers to get their hands on our data, shall we?