Not long ago, the borders of your data environment were relatively well-defined. But now, everything has changed. As the cloud, mobile devices and social media give us new ways to communicate and conduct business, they also open up new avenues for attacks — tempting the bad guys to steal your data.
Hardly a week goes by without headlines about a major data breach. In the last year alone, we have seen many company records stolen, resulting in loss of sensitive data, compromised brand reputation and huge costs incurred. According to the “2015 Cost of Data Breach Study,” the total cost of data breaches is rising globally. A single data breach, on average, costs $3.8 million, an increase of 23 percent since 2013.
2015: The Year of the Data Breach
Many have dubbed 2015 the year of data breaches. Some breaches gained more attention than the others, but all were impactful.
- Office of Personnel Management (OPM): Personnel records of 22 million current and former federal employees were compromised in a breach of the OPM. The breach went undetected for about a year — 343 days, according to Network World.
- Ashley Madison: Data records of 37 million customers were compromised. The breach was discovered in July 2015, but when cybercriminals got in is undisclosed.
- Premera: The personal information of 11 million people was compromised, according to CNN. The attack went undetected for nine months and was one of the first hacks discovered in 2015.
Are there lessons that could be taken from these attacks? Yes. Ask yourself these questions: How are you protecting personally identifiable information (PII)? How do you handle a data security alert? Is your security team too occupied with its day-to-day operations? How do you gather security intelligence?
The Problem: People, Processes and Technology
Today’s organizations need to be open for business while protecting their most critical data from unauthorized access. But the compliance-driven practices of the past can leave you exposed to attack. Instead, you need to address the enterprise’s people, processes and technology — the three legs of a data security tripod — to reduce the growing threat of data breaches.
- People: Do you have the right talent to manage your data security program? How do you ensure that all bases are covered around the clock?
- Processes: Do you have an end-to-end, defined process for data protection with the right stakeholder involvement?
- Technology: Do you leverage the full features and functionalities of your data security solution? How do you gain security intelligence?
Often, the data security posture focuses more on technology and less on the other two aspects — people and the processes. Well, can you get a perfect shot with a tilted tripod? No.
How Can the Problem Be Solved?
Data protection is about more than finding a silver-bullet solution. Technology needs to be supported by the right security controls and processes — an end-to-end approach for safeguarding the entire organization, including your users, data, applications and infrastructure. All of this needs to be carefully monitored and managed by a skilled set of people.
In rare cases, you can find the answers internally. More often than not, however, you need to look for external help. It goes without saying that if you look for an external partner, the partner should have a proven ability to execute.
Look to balance your data security tripod, with internal or external help, to get that perfect shot (e.g., reduce the likelihood of a data breach). Technology alone is not the solution to the problem.
You need the right people to analyze the data as well as a process that defines how alerts should be handled. That’s how you can protect your data in this era of data breaches.