Data Protection Executive Summary
No decision maker wants to be profiled in major media as being asleep at the wheel while a massive data breach, ransomware attack, or malicious insider incident unfolds at their organization. Careers rise and fall on a decision maker’s ability to deftly guide an organization through the stormy seas of cyber threats, vulnerabilities, and security incidents, as does the reputation of the organization itself. Protecting data to ensure appropriate usage and avoid unauthorized or inappropriate usage is a major task for decision makers with responsibility for protecting the integrity of corporate data assets.
KEY TAKEAWAYS
- The term “data protection” encompasses a range of offensive and defensive plays to ensure that data is used by the right person for the right task at the right time – and nothing else. The growing number and variety of cyber threats and attacks makes this challenging to achieve.
- Organizations have been and are being impacted by cyber incidents including phishing attacks, ransomware (newly combined with data exfiltration), zero- day malware threats, mis-configuration of cloud services enabling massive data breaches, and account takeovers. Targeted attacks are especially pernicious and challenging to detect. Figure 1 illustrates just how serious this problem has become.
- Employees are a frequent cause of data loss for organizations. So-called insider threats include inadvertent data loss from mistakes and negligence, as well as malicious data loss by disaffected employees undertaken due to a range of motivations. For organizations paying attention, however, the signs of upcoming data protection issues can be seen in advance.
- A growing panoply of privacy regulations around the world is contributing to the drive for heightened data protection approaches. GDPR, CCPA, HIPAA, PCI- DSS and others impose requirements on how personal and sensitive data is handled by organizations, and the principle of extra-territoriality redraws the lines of jurisdictional applicability.
- Shadow IT services, the use of personal devices, the adoption of a “cloud-first” or “cloud-only” strategy, and merger and acquisition activity, among others, represent a collection of other threats to data protection. Decision makers must evaluate the relevance and magnitude of these threats and develop appropriate counter-measures.
- Addressing the data protection challenge requires proactivity by decision makers. Engage the board, conduct a thorough audit across the organization, implement best practices, and use training and technology to strengthen defenses, elevate protections, and mitigate the major data protection risks facing your organization.
This white paper has been prepared by Osterman Research and looks at offensive and defensive plays thats can be used to mitigate an organizations risk from attack.
Share This Story, Choose Your Platform!
Related Posts
From Reactive to Proactive: Cyber Risk Reduction at Hillcrest Insurance with BlackFog vCISO
Hillcrest Insurance stopped phishing and ransomware attacks with BlackFog’s proactive vCISO service, gaining 24/7 protection and peace of mind.
Why AI Prompt Injection Is the New Social Engineering
Find out why cybersecurity pros should be treating AI prompt injection hacks in the same way as social engineering attacks.
Adaptive Security: Why Cyber Defense Needs to Evolve with the Threat Landscape
What does adaptive security involve and why is it essential in an era of AI-powered cyberthreats?
Prompt Injection Attacks: Types, Risks and Prevention
Understand how AI prompt injection attacks work, the damage they can cause and how to stop them in this comprehensive guide.
LLM Cybersecurity: How Businesses Can Protect and Leverage AI Safely
Learn about some of the key LLM cybersecurity issues that need to be considered when adding tools like generative AI to firms' systems.
How Can a Zero-Trust Approach Help Guard Against LLM prompt injection attacks?
Adapting zero-trust network security principles for use with AI is one way in which businesses can defend models from LLM prompt injection attacks.