May 15, 2020 By Rob Young 3 min read

Data security is on everyone’s mind these days, and for good reason. The number of successful data breaches is growing thanks to the increased attack surfaces created by more complex IT environments, widespread adoption of cloud services and the increasingly sophisticated nature of cybercriminals.

One part of this story that has remained consistent over the years is that most security breaches are preventable. Although every organization’s security challenges and goals are different, there are certain mistakes that many companies make as they begin to tackle data security. What’s worse, these mistakes are often accepted as the norm, hiding in plain sight under the guise of common practice.

Read the white paper: Five Common Data Security Pitfalls to Avoid

Five Common Data Security Pitfalls

Below are five common data security failures that, if left unchecked, could lead to unforced errors and contribute to the next major data breach.

1. Failure to Move Beyond Compliance

It is often said that compliance does not equal security, and most security professionals would agree with that statement. However, organizations often focus their limited security resources on achieving compliance and, once they receive their certifications, become complacent. As a result, many of the largest data breaches in recent years have happened in organizations that may have been fully compliant on paper.

2. Failure to Recognize the Need for Centralized Data Security

Compliance can help raise awareness of the need for data security, but without broader mandates that cover data privacy and security, organizations often forget to move past compliance and a focus on consistent, enterprise-wide data security. A typical organization today has a hybrid multicloud environment, which is constantly changing and growing. New types of data stores can appear weekly, if not daily, and greatly disperse sensitive data.

3. Failure to Assign Responsibility for the Data

Even when aware of the need for data security, many companies have no one specifically responsible for protecting sensitive data. This situation often becomes apparent during a data security or audit incident when the organization is under pressure to find out who is actually responsible.

4. Failure to Address Known Vulnerabilities

High-profile breaches in enterprises have often resulted from known vulnerabilities that went unpatched even after the release of patches. Failure to quickly patch known vulnerabilities puts your organization’s data at risk because cybercriminals actively seek these easy points of entry.

According to a recent IDC research report, organizations are struggling to manage data security across multi-cloud and hybrid environments. In fact, in a recent survey more than 37% of respondents indicated that the growing complexity of security solutions as a significant challenge, which often impedes data governance and policy enforcement.

5. Failure to Prioritize and Leverage Data Activity Monitoring

Monitoring data access and use is an essential part of any data security strategy. Organizations need to know who, how and when people are accessing data. This monitoring should encompass whether these people should have access, if that access level is correct and if it represents an elevated risk for the enterprise.

Taking Steps to Close Data Security Pitfalls

There is nothing easy about securing sensitive data to combat today’s threat landscape, but companies can take steps to ensure that they are devoting the right resources to their data protection strategy.

When starting on a data security journey, you need to size and scope your monitoring efforts to properly address the requirements and risks. This activity often involves adopting a phased approach that enables development and scaling best practices across your enterprise. Moreover, it’s critical to have conversations with key business and IT stakeholders early in the process to understand short-term and long-term business objectives.

To learn more about common data security missteps, read the white paper, “Five Common Data Security Pitfalls to Avoid.”

More from Data Protection

SpyAgent malware targets crypto wallets by stealing screenshots

4 min read - A new Android malware strain known as SpyAgent is making the rounds — and stealing screenshots as it goes. Using optical character recognition (OCR) technology, the malware is after cryptocurrency recovery phrases often stored in screenshots on user devices.Here's how to dodge the bullet.Attackers shooting their (screen) shotAttacks start — as always — with phishing efforts. Users receive text messages prompting them to download seemingly legitimate apps. If they take the bait and install the app, the SpyAgent malware gets…

Exploring DORA: How to manage ICT incidents and minimize cyber threat risks

3 min read - As cybersecurity breaches continue to rise globally, institutions handling sensitive information are particularly vulnerable. In 2024, the average cost of a data breach in the financial sector reached $6.08 million, making it the second hardest hit after healthcare, according to IBM's 2024 Cost of a Data Breach report. This underscores the need for robust IT security regulations in critical sectors.More than just a defensive measure, compliance with security regulations helps organizations reduce risk, strengthen operational resilience and enhance customer trust.…

Skills shortage directly tied to financial loss in data breaches

2 min read - The cybersecurity skills gap continues to widen, with serious consequences for organizations worldwide. According to IBM's 2024 Cost Of A Data Breach Report, more than half of breached organizations now face severe security staffing shortages, a whopping 26.2% increase from the previous year.And that's expensive. This skills deficit adds an average of $1.76 million in additional breach costs.The shortage spans both technical cybersecurity skills and adjacent competencies. Cloud security, threat intelligence analysis and incident response capabilities are in high demand. Equally…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today