Data Protection Executive Summary
No decision maker wants to be profiled in major media as being asleep at the wheel while a massive data breach, ransomware attack, or malicious insider incident unfolds at their organization. Careers rise and fall on a decision maker’s ability to deftly guide an organization through the stormy seas of cyber threats, vulnerabilities, and security incidents, as does the reputation of the organization itself. Protecting data to ensure appropriate usage and avoid unauthorized or inappropriate usage is a major task for decision makers with responsibility for protecting the integrity of corporate data assets.
KEY TAKEAWAYS
- The term “data protection” encompasses a range of offensive and defensive plays to ensure that data is used by the right person for the right task at the right time – and nothing else. The growing number and variety of cyber threats and attacks makes this challenging to achieve.
- Organizations have been and are being impacted by cyber incidents including phishing attacks, ransomware (newly combined with data exfiltration), zero- day malware threats, mis-configuration of cloud services enabling massive data breaches, and account takeovers. Targeted attacks are especially pernicious and challenging to detect. Figure 1 illustrates just how serious this problem has become.
- Employees are a frequent cause of data loss for organizations. So-called insider threats include inadvertent data loss from mistakes and negligence, as well as malicious data loss by disaffected employees undertaken due to a range of motivations. For organizations paying attention, however, the signs of upcoming data protection issues can be seen in advance.
- A growing panoply of privacy regulations around the world is contributing to the drive for heightened data protection approaches. GDPR, CCPA, HIPAA, PCI- DSS and others impose requirements on how personal and sensitive data is handled by organizations, and the principle of extra-territoriality redraws the lines of jurisdictional applicability.
- Shadow IT services, the use of personal devices, the adoption of a “cloud-first” or “cloud-only” strategy, and merger and acquisition activity, among others, represent a collection of other threats to data protection. Decision makers must evaluate the relevance and magnitude of these threats and develop appropriate counter-measures.
- Addressing the data protection challenge requires proactivity by decision makers. Engage the board, conduct a thorough audit across the organization, implement best practices, and use training and technology to strengthen defenses, elevate protections, and mitigate the major data protection risks facing your organization.
This white paper has been prepared by Osterman Research and looks at offensive and defensive plays thats can be used to mitigate an organizations risk from attack.
Related Posts
Lake Dallas ISD Chooses BlackFog to Prevent Data Exfiltration
Lake Dallas ISD serves about 4,000 students in Denton County uses BlackFog's anti data exfiltration to protect the school district and ensure data doesn’t end up in the hands of cybercriminals.
Wizard Spider: Taking A Look At The Notorious Russian Cybercrime Group
Wizard Spider is a notorious Russian cybercrime group which is part of a larger cyber-cartel known as the Ransom Cartel or Maze Cartel.
Ransomware Focus: LockBit Attacks in 2024
Latest information on all LockBit attacks both disclosed and undisclosed in 2024
Ongoing: New Ransomware Gangs in 2024
Ransomware gangs continue to break records and BlackFog will track all new ransomware gangs in 2024.
Data Security Services: What do Firms Need to Know?
Why should firms be considering data security services as part of their cyber protection strategy?
BlackFog Sweeps the 20th Annual 2024 Globee Awards for Cybersecurity
BlackFog Named Triple-Winner in the 20th Annual 2024 Globee Awards for Cybersecurity