Data Protection Executive Summary
No decision maker wants to be profiled in major media as being asleep at the wheel while a massive data breach, ransomware attack, or malicious insider incident unfolds at their organization. Careers rise and fall on a decision maker’s ability to deftly guide an organization through the stormy seas of cyber threats, vulnerabilities, and security incidents, as does the reputation of the organization itself. Protecting data to ensure appropriate usage and avoid unauthorized or inappropriate usage is a major task for decision makers with responsibility for protecting the integrity of corporate data assets.
KEY TAKEAWAYS
- The term “data protection” encompasses a range of offensive and defensive plays to ensure that data is used by the right person for the right task at the right time – and nothing else. The growing number and variety of cyber threats and attacks makes this challenging to achieve.
- Organizations have been and are being impacted by cyber incidents including phishing attacks, ransomware (newly combined with data exfiltration), zero- day malware threats, mis-configuration of cloud services enabling massive data breaches, and account takeovers. Targeted attacks are especially pernicious and challenging to detect. Figure 1 illustrates just how serious this problem has become.
- Employees are a frequent cause of data loss for organizations. So-called insider threats include inadvertent data loss from mistakes and negligence, as well as malicious data loss by disaffected employees undertaken due to a range of motivations. For organizations paying attention, however, the signs of upcoming data protection issues can be seen in advance.
- A growing panoply of privacy regulations around the world is contributing to the drive for heightened data protection approaches. GDPR, CCPA, HIPAA, PCI- DSS and others impose requirements on how personal and sensitive data is handled by organizations, and the principle of extra-territoriality redraws the lines of jurisdictional applicability.
- Shadow IT services, the use of personal devices, the adoption of a “cloud-first” or “cloud-only” strategy, and merger and acquisition activity, among others, represent a collection of other threats to data protection. Decision makers must evaluate the relevance and magnitude of these threats and develop appropriate counter-measures.
- Addressing the data protection challenge requires proactivity by decision makers. Engage the board, conduct a thorough audit across the organization, implement best practices, and use training and technology to strengthen defenses, elevate protections, and mitigate the major data protection risks facing your organization.
This white paper has been prepared by Osterman Research and looks at offensive and defensive plays thats can be used to mitigate an organizations risk from attack.
Related Posts
Data Exfiltration Detection: Best Practices and Tools
What do businesses need to be doing in order to improve their data exfiltration detection capabilities?
What Causes Victims to Pay in a Ransomware Attack? The Psychology
Learn the main reasons why victims of a ransomware attack are forced to pay, such as the need to avoid operational disruption or the deceptive methods used by attackers to establish confidence.
BlackFog Announces SOC 2 Type II and TX-RAMP Certifications
BlackFog earns SOC 2 Type II and TX-RAMP certifications, boosting trust in its ADX technology for robust data security and ransomware prevention.
The Hidden Crisis: How Stress is Forcing 1 in 4 Chief Information Security Officers to Quit
According to research we recently commissioned, 1 in 4 CISOs are considering quitting their jobs within the next six months, and 54% are open to new opportunities.
Ransomware Detection: Effective Strategies and Tools
What ransomware detection tools and techniques should businesses be using in order to improve their security?
Understanding Double Extortion Ransomware: Prevention and Response
What is double extortion ransomware and what should firms know in order to protect against this threat?