Ethan Searle, LanDynamix Business Development Director.
The explosion of structured and unstructured data is creating serious management headaches for organizations, and storing and managing this data is a huge effort.
However, as companies increasingly focus on protecting data privacy, protecting this avalanche of data takes the challenge to new levels.
Please know one fact. There is no silver bullet when it comes to data protection.
This is evidenced by Gartner Digital Markets' 2022 Global Software Buyer Trends Study, which found that 84% of businesses believe data privacy is the most valuable factor for their organization when purchasing software. has become clear.
It is important to approach data protection holistically within the context of your specific organization.
Start by understanding your business at a very granular level. That is, how do you generate revenue? What data is used to do so? How is that data accessed? Where is it stored on-premises or in the cloud? Across your systems? What redundancy does it have? How do employees access that data?
Once you have clearly planned the answers to these questions, consider how your data will or should be protected.
Please know one fact. There is no silver bullet when it comes to data protection. Companies often treat technology as a solution, but while technology has a role to play, it must be complemented by business processes and user education.
Data protection must align with how a company's data is structured and used. For example, the move to Office 365 removed Exchange servers, one of the easiest backdoors for hackers into corporate networks. Because Office 365 is so well protected, we're seeing a major shift in attacks against end users.
In the era of hybrid or fully remote employment, users access email through mobile devices outside the corporate firewall. Hackers can use such devices to access your email in a variety of ways.
Ultimately, the email passes through the hacker's servers before reaching the company's systems, giving the bad guys access to information such as who the suppliers are and what invoices are being sent. Masu.
We have seen invoices being intercepted and account details changed before the email continues to send. The only way to combat this type of behavior is to ensure your business processes are properly designed and inspect how payments are authorized. Is your staff ready to verify bank accounts before payments are processed?
User education is a critical third part of any data protection approach. The good news is that there are many excellent vendors with easy-to-use, well-thought-out products that focus on real-world examples of good and bad behavior.
When choosing the managed services route, companies should consider the benefits of outsourcing to their business. This approach can create shared value for businesses and providers.
Overall, the importance of having data policies in place that provide a framework for these approaches to work cannot be overstated.
Policies should specify things like who can access certain data and how the data can be shared. Again, no one size fits all, so your policy framework should be tailored to your business context and strategy.
As data continues to grow, compliance complexity increases, and regulations must evolve as data becomes more important.
Globally, GDPR provides a data security framework, and in the South African business environment, POPIA provides it. The real consequence for organizations is that while data retention is critical, it also poses a significant risk in the form of fines for substandard safeguards. Fines can be huge.
This is before considering the reputational damage and subsequent loss of business caused by the hack.
It is wise to be proactive about compliance, rather than simply checking a box. The need for compliance can actually lead companies to create effective data protection regimes.
Big data emerged when organizations realized how useful data could be if it could be properly aggregated and analyzed. Because of its increasing importance, it is valuable and has become a goal in itself.
Keeping in mind the risks associated with treasure troves, you can expect your security to become more robust and proactive. Emerging trends include increased specialization, such as security moving from network operations centers to its own facilities.
There is also a growing reliance on automation, which will play an increasingly important role in handling routine (but critical) tasks such as responding to security issues and managing security patches. Masu.
As the Internet of Things (IOT) increases the scale of networks, the need for automation increases. The adoption of data analytics in protection is a key trend, as is the use of artificial intelligence by security vendors, combining that power with big data to identify and proactively stop hacking trends. doing.
Rather, it should be called IOE (Internet of Everything), and it has increased risk in many ways.
Networks continue to expand significantly as sensors and SIM cards are placed on more objects and more data flows into corporate networks. Keeping the sensor and her SIM secure is a massive undertaking and will definitely create new weaknesses throughout the network environment.
The key question here is how the corporate network is designed. As always, this should start with a deep understanding of how your business works and what's important to it.
Properly segmenting your network is important to isolate mission-critical areas from other areas that are less secure or critical.
