Light Dark
October 3, 2018 By Paula Musich 3 min read
Data Protection
Risk Management

As enterprises undergo digital transformation and explore new opportunities offered by cloud technology, many lose sight of the digital risks they’ve encountered along the way. Like the pioneers who headed into the Wild West more than a century ago, companies today face a range of unseen dangers as they move unwittingly into potentially hostile territory. From developers and engineers collaborating via cloud-based, consumer-focused data sharing platforms to independent contractors retaining access credentials long after their projects are completed, the risks to critical data are expanding along with the attack surface.

Whether it’s digital transformation, cloud computing, extended supply chains or outsourcing, it’s imperative for organizations to establish a formal data risk management program that’s more than just a governance, risk and compliance program designed to check the boxes for auditors. Data risk management programs put mission-critical data — an organization’s crown jewels — at the center of the effort. Ensuring the confidentiality, integrity and availability of that data, no matter where it lives or who touches it, is the top priority.

Join the Nov. 1 webinar

Round Up the Posse: The Importance of Multiple Stakeholders

To be successful, a data risk management program requires the involvement of multiple stakeholders, including data owners; line-of-business managers; IT and security professionals; legal, HR and finance departments; and multiple members of the C-suite, all the way up to the CEO. All these parties have a hand in identifying the enterprise’s crown jewels, where they are located, who handles or processes them and where they flow not only within the organization, but outside of it as well.

An effective program also requires input from security professionals who can understand how the inherent risks of ownership, privilege rights, locality, sensitivity and complexities associated with third-party application integrations can be used as backdoors into mission-critical data or cause serious business disruption.

Other common challenges organizations encounter when developing a data risk management program include:

  • Manual process bottlenecks that greatly impact the organization’s ability to scale;
  • Siloed IT systems, each with their own data store, that lack sufficient controls and make it difficult to prioritize risk, thereby creating the potential for exposure;
  • Friction between IT operations and security teams due to the lack of a common language and differing priorities, which makes it hard for them to work in concert to prioritize risks and take immediate remediation actions in the event of a serious breach; and
  • The ability to distinguish between pedestrian events and those that could disrupt business operations, such as the theft and disclosure of sensitive intellectual property (IP).

Take the Reins: Developing Measurements That Actually Mean Something

Successful data risk management programs require security professionals to develop key performance indicators (KPIs) or risk measurements that actually mean something to business executives. Tactical metrics and reporting from tools designed to serve the needs of security analysts do not translate well into the language of business risk. However, by ingesting useful data from a range of security tools that can then be combined with other strategic operational metrics and contextual information, it’s possible to present such data to business executives in a way that allows them to better grasp where existing security controls are adequate and where additional resources are needed.

Such tools include security information and event management (SIEM), data loss prevention (DLP), application security, security response management, vulnerability assessment, and data monitoring systems. A dashboard that takes all that highly technical data and boils it down to sensible risk measurements can benefit multiple stakeholders within an organization as they work to mature their data risk management practices. A data risk manager with a business-centric approach can reduce the time it takes to investigate and remediate threats, and potentially avoid or minimize damages and cost.

Circle the Wagons: It’s Time for a Focused Data Risk Management Program

As enterprises embrace digitization, cloud and IT automation, most are still in the pioneering stages — if they’ve begun at all — of developing a data risk management program. With a vastly expanded threat surface, highly sophisticated and well-funded threat actors seemingly immune to law enforcement, and increasingly complex and porous organizational structures, it’s time to circle the wagons around mission-critical data assets. There’s no better time to create a programmatic approach by automating and orchestrating data risk management.

Join the Nov. 1 webinar

 |  |  |  |  |  |  |  |  |  |  |  |  | 
Paula Musich
Research Director

More from Data Protection
November 19, 2024

Communication platforms play a major role in data breach risks

4 min read - Every online activity or task brings at least some level of cybersecurity risk, but some have more risk than others. Kiteworks Sensitive Content Communications Report found that this is especially true when it comes to using communication tools.When it comes to cybersecurity, communicating means more than just talking to another person; it includes any activity where you are transferring data from one point online to another. Companies use a wide range of different types of tools to communicate, including email,…

November 8, 2024

SpyAgent malware targets crypto wallets by stealing screenshots

4 min read - A new Android malware strain known as SpyAgent is making the rounds — and stealing screenshots as it goes. Using optical character recognition (OCR) technology, the malware is after cryptocurrency recovery phrases often stored in screenshots on user devices.Here's how to dodge the bullet.Attackers shooting their (screen) shotAttacks start — as always — with phishing efforts. Users receive text messages prompting them to download seemingly legitimate apps. If they take the bait and install the app, the SpyAgent malware gets…

November 7, 2024

Exploring DORA: How to manage ICT incidents and minimize cyber threat risks

3 min read - As cybersecurity breaches continue to rise globally, institutions handling sensitive information are particularly vulnerable. In 2024, the average cost of a data breach in the financial sector reached $6.08 million, making it the second hardest hit after healthcare, according to IBM's 2024 Cost of a Data Breach report. This underscores the need for robust IT security regulations in critical sectors.More than just a defensive measure, compliance with security regulations helps organizations reduce risk, strengthen operational resilience and enhance customer trust.…

Topic updates

 Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2024 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature