There was no shortage of talking points on data protection in 2018, from concerns over data risk and compliance requirements to the challenges of operational complexities. When we surveyed some of the most prominent trends and themes from the last year, three topics stood out among the many facets of these core cybersecurity challenges: regulatory compliance, data breach protection and risk management.

As we settle into 2019, let’s take a closer look at what we learned in the past year and explore how organizations around the world can improve their data security posture in the long term.

Navigating Your GDPR Compliance Journey

When the General Data Protection Regulation (GDPR) took effect last May, companies were seeking guidance and best practices to address their compliance challenges. Although this sense of urgency is beginning to diminish, the demand for data privacy controls will only increase as organizations across industries and geographies adjust to the post-GDPR world.

In January 2020, the California Consumer Privacy Act (CCPA) will go into effect, and Brazil’s data protection law, Lei Geral de Proteção de Dados Pessoais (LGPDP), will kick in the following month. Many of the processes and requirements — not to mention the benefits — associated with GDPR compliance will be highly relevant to organizations’ preparations for these new regulations. In the year ahead, security teams should continue to focus on:

  • GDPR readiness: Complying with GDPR can require changes across nearly every aspect of your business, from customer communications to social media interactions and data protection processes for handling and storing personal and financial information. Analyze your GDPR readiness and kick-start compliance with this five-phase GDPR action plan.
  • How to report a breach: The GDPR requires companies to report a breach within 72 hours of their becoming aware of it, where feasible — an unprecedented timeline. Be sure to understand the requirements for reporting a breach, from the root cause to the assessment of the scope and the mitigation action plan.
  • GDPR and business success: Beyond the challenges and demands of compliance, the GDPR can be good for your business. When managed appropriately, compliance can help drive the organization to a more robust and future-proof security posture.

Data Protection Is a Hot Topic as Breaches Soar

Given that 27 percent of organizations will experience a recurring material breach in the next two years — coupled with the rapid proliferation of attack vectors such as the internet of things (IoT) — it’s no surprise that data security was top of mind for security professionals in 2018. Below are some of the salient themes:

  • Avoiding breaches: Data breaches are on the rise, due in part to an increase in the number of attack vectors created by complex IT environments. Yet many of these breaches are preventable. While every organization’s challenges are different, some of the most common data security mistakes can put enterprise and customer data at serious risk.
  • Responsibility: Who is responsible for data risk management? Blamestorming — the unpleasant, often futile process of pointing fingers — often follows a breach. By determining who is ultimately accountable before a breach, the C-suite can help prevent a breach in the first place and avoid the blamestorming.
  • Maintaining control over data: With the increasing number of ransomware variants, it’s critical to augment ongoing user education with technical controls and processes for optimal protection. Yet these measures can only do so much; technologies and processes that deliver preventive protection and instant remediation can help you maintain control of your data in the face of an attack.

Gain the Upper Hand Through Risk Management

Hand in hand with concerns about breaches, organizations are proactively seeking ways to understand, reduce and mitigate the risks that lead to these breaches. The third most popular topic covered a variety of risk mitigation and management themes that can help organizations on their journey toward smarter data protection, including:

  • Formalizing processes: Proactively finding and protecting the crown jewels is the only pre-emptive advantage organizations have in the battle of the breach. Creating and deploying formal risk management processes can help organizations evaluate information assets and the vulnerabilities that threaten to compromise them.
  • Structured versus unstructured data: Both structured and unstructured data are core business assets. That’s why it’s important to understand the differences between them and key considerations for assessing the risk levels for both structured and unstructured data when building a data protection strategy.

As you grapple with today’s data privacy, protection and risk management challenges — and prepare for tomorrow’s — these lessons, best practices and expert opinions from 2018 can help guide your security strategy and improve your data protection posture in 2019 and beyond.

Learn more about data protection

More from Data Protection

Transitioning to Quantum-Safe Encryption

With their vast increase in computing power, quantum computers promise to revolutionize many fields. Artificial intelligence, medicine and space exploration all benefit from this technological leap — but that power is also a double-edged sword. The risk is that threat actors could abuse quantum computers to break the key cryptographic algorithms we depend upon for the safety of our digital world. This poses a threat to a wide range of critical areas. Fortunately, alternate cryptographic algorithms that are safe against…

How Do You Plan to Celebrate National Computer Security Day?

In October 2022, the world marked the 19th Cybersecurity Awareness Month. October might be over, but employers can still talk about awareness of digital threats. We all have another chance before then: National Computer Security Day. The History of National Computer Security Day The origins of National Computer Security Day trace back to 1988 and the Washington, D.C. chapter of the Association for Computing Machinery’s Special Interest Group on Security, Audit and Control. As noted by National Today, those in…

Resilient Companies Have a Disaster Recovery Plan

Historically, disaster recovery (DR) planning focused on protection against unlikely events such as fires, floods and natural disasters. Some companies mistakenly view DR as an insurance policy for which the likelihood of a claim is low. With the current financial and economic pressures, cutting or underfunding DR planning is a tempting prospect for many organizations. That impulse could be costly. Unfortunately, many companies have adopted newer technology delivery models without DR in mind, such as Cloud Infrastructure-as-a-Service (IaaS), Software-as-a-Service (SaaS)…

Millions Lost in Minutes — Mitigating Public-Facing Attacks

In recent years, many high-profile companies have suffered destructive cybersecurity breaches. These public-facing assaults cost organizations millions of dollars in minutes, from stock prices to media partnerships. Fast Company, Rockstar, Uber, Apple and more have all been victims of these costly and embarrassing attacks. The total average cost of a data breach has increased by 2.6% since 2021 and is now $4.35 million. Organizations that don't deploy zero trust security models also incur an average of $1 million more in…