Ahead of Data Privacy Day, on January 28, here are some comments from industry.
Chris Vaughan VP – Technical Account Management, EMEA at Tanium:
“Data Privacy Day is an opportunity to consider the impact that data breaches are having and how measures can be put in place by organisations to make data more secure. All too often we hear concerning details of customer data being accessed by attackers and the type of credentials that were stolen. These breaches can have profound implications for victims because of the personal nature of the data stored, not to mention the numerous regulatory issues that this causes for organisations.
“There are examples of recent data breaches that have had severe impacts, with some threatening the possible disclosure of sensitive information such as health records. It is vital that organisations have full visibility over the data they hold as well as an understanding of where it is located to reduce the possibility of costly breaches occurring – or, if they do occur, to minimise potential damage.
“It is also essential that IT teams have a clear strategy that they adhere to on the location of data and how it is secured, whether they are using a cloud or on-premise environment, so that any weak points and vulnerable devices can be identified and fixed before an incident takes place. Detecting unusual activity and unauthorised access to a company’s systems is only possible with a high level of visibility and control.
“In a world where people are very often working from home using their personal devices, every organisation now needs a comprehensive zero trust model that assumes all new devices and users are considered suspicious until proven otherwise. However, this alone is not enough. Organisations often think that creating a zero trust framework is a ‘one-and-done’ process. In reality, it is an interactive journey that must be reassessed at every step of the way. Cloud solutions often have a tool set that can continuously check the state of endpoints and attest to them much more readily, as long as they are switched on.
Through a zero trust approach and the use of effective tools to gain visibility of IT environments, organisations will give themselves the best chance of avoiding costly breaches in 2023.”
Stephen Oliver, General Manager North EMEA, Gigamon:
“In a world of evolving threats, data privacy is not always simple. SSL/TLS encryption is widely used by businesses as a key component of data privacy and security, especially as companies are shifting more workloads to the cloud. However, rather than simply protecting data from malicious actors, encryption is now often used by cybercriminals to hold a company’s data hostage or conceal their activity. In fact, over 3.3 million cyber-attacks in 2022 were hidden in encrypted traffic.
“Security teams need deep observability across all data, even encrypted traffic, to ensure it is safe. At the same time, they need to comply with strict data privacy legislation, like GDPR, that requires sensitive data remains protected and confidential. Which is where data masking comes in; it alters data in a way that makes it unreadable to unauthorised users, while still maintaining its structure. By obscuring the data before it is sent to security and monitoring tools, compliance becomes easier as sensitive information is not viewed, processed or stored but any threats can be detected.
“While data privacy compliance is a must, this cannot lead to blind security tools. Data masking allows for traffic intelligence and the eradication of blind spots, while also ensuring the confidentiality of sensitive information.”
Ronan David, Chief of Strategy at EfficientIP:
“Since its creation, the DNS has been the Achilles’ heel of an organisation’s network, resulting in it becoming a popular target for cyber criminals to breach networks.
“With all internet traffic following through the DNS, it is a leading point of entry for attackers and data exfiltration. For example, in 2022, 24% of DNS attacks resulted in the theft of sensitive customer information or intellectual property. Threat actors can also exploit the goldmine of information of DNS server to learn about a certain network and application, helping them to develop cyberattacks which can steal the most valuable and sensitive data.
“Data that is stolen under the noses of organisations can have damaging and lasting impacts. Customers, partners and employees trust businesses to look after their data, and when it is stolen that trust is broken. People lose confidence in digital services, which can then lead to long-term reputational damage as well as a significant financial hit.
“Organisations need to be able to stop the exfiltration of data at the earliest possible stage. Businesses need to be looking at real-time DNS traffic so that security teams can detect, locate and thwart hidden security threats. Furthermore, DNS-based application access control at the user level needs to be implemented to reduce the attack surface of businesses and block lateral movement, and ultimately, strengthen their security chain.”
And Allen Downs, Vice President Security and Resiliency Services, Kyndryl:
“It’s becoming more apparent that data is the most valuable asset for a modern business. As digital transformation accelerates across all industries, managing, protecting and assessing business critical data becomes increasingly complex for organisations.
“Enterprise data has become significantly more diverse, dynamic and distributed, whilst growing exponentially in volume. Data protection strategies must be robust enough to manage this increase in volume, while protecting against increasingly sophisticated cyber attacks and data corruption. A wholesale approach and change in strategy and architectural designs and the use of immutable storage, air gapping and active data protection is key to ensuring that enterprises can recover back to clean data.
“As work becomes more digital, business systems and processes are becoming even more connected. This interconnectivity increases the risk of a small event in one part of a company having a major disruptive impact across the entire organisation. A data protection solution, that can conduct a swift and efficient cyber backup, plus restore and maintain access to critical data, is essential in today’s digital age in order to protect data now and in the future.”
