Article by Adam Strange, Data Classification Specialist, HelpSystems
Ongoing Growth in Remote Working will Create Data Security Threats
- The far-reaching impact of COVID-19 includes the intensified threat of malicious cyber attacks as well as an escalating number of damaging data breaches across almost every sector of business. The rapid shift to remote working during the pandemic left many employers exposed to hackers and highlighted multiple examples of serious network and data vulnerabilities.
- For example, in a recent article, Infosecurity Magazine quotes research finding that attacks on the biotech and pharmaceutical industry alone rose by 50% in 2020 compared to 2019. And in the defence sector, The Pentagon is seeing a huge rise in cyber attacks through the pandemic, where unprecedented numbers of employees are forced to communicate through their own devices.
- As more companies move to facilitate a semi-permanent remote workforce, data security ecosystems will evolve to become more complex and advanced data management and classification solutions will be a critical technology investment.
- ‘Insider threat’ will be categorised as the most prominent tier 1 data security risk in 2021, necessitating stricter corporate guidelines and protocols in data classification, as well as comprehensive employee education programmes around data security.
- HelpSystems’ recent research interviewed 250 CISOs and CIOs in financial institutions about the cybersecurity challenges they face and found that insider threat - whether intentional or accidental - was cited by more than a third (35%) of survey respondents as one of the threats with the potential to cause the most damage in the next 12 months.
- Further, the latest Information Commissioner’s Office (ICO) report confirmed that misdirected email remains one of the UK’s most prominent causes of security incidents, demonstrating the need for all organisations to control the dissemination of their classified data.
- HelpSystems’ technologies in data security and classification are enabling businesses to regain control of sensitive data, identify sensitive data by scanning and analysing data at rest and classify and protect personal data by detecting PII at creation.
- In 2021 data governance will take centre stage in data security and privacy strategies. Companies will create Centres of Excellence (COE) to embed a solid data security culture across teams and corporate divisions and to formalise in-house data management processes, rolling out divisional best practice and placing data classification at the foundation of their data security strategy.
- Employees play a vital role in ensuring the organisation maintains a strong data privacy posture. For this to be effective, organisations need to ensure that they provide regular security awareness training to protect sensitive information. In terms of how they go about doing this, they must invest in user training and education programmes.
- The security culture of the firm must be inclusive towards all employees, making sure they are continually trained so that their approach to security becomes part of their everyday working practice, irrespective of their location, and security becomes embedded into all their actions and the ethos of the business.
- Data classification solutions will allow businesses to protect data by putting appropriate security labels in place. HelpSystems data classification uses both visual and metadata labels to classify both emails and documents according to their sensitivity. Once labelled, data is controlled to ensure that emails, documents and files are only sent to those that should be receiving them, protecting sensitive information from accidental loss, through misdirected emails and the inadvertent sharing of restricted documents and files.
- Accenture quote that 94% of Fortune 100 companies experienced supply chain disruptions from COVID-19, and that as much as 40% of cyber threats are now occurring indirectly through the supply chain.
- 2020 has been the year where businesses realised more than ever that data security across the supply chain was only as strong as its weakest link, where exposing a business’s network and sensitive data to its suppliers had the potential to carry significant additional risk.
- HelpSystems’ recent report interviewed 250 CISOs and CIOs from financial institutions about the cybersecurity challenges they face and nearly half (46%) said that cybersecurity weaknesses in the supply chain had the biggest potential to cause the most damage in the next 12 months.
- But sharing information with suppliers is essential for the supply chain to function. Most organisations go to great lengths to secure intellectual property (IP), personally identifiable information (PII) and other sensitive data internally, yet when this information is shared across the supply chain, it doesn’t get the same robust attention.
- The demand for greater resilience across supply chain operations in 2021 will require businesses to move quickly to overhaul existing tech investments and prioritise data governance. Organisations must ensure basic controls are implemented around their suppliers’ IT infrastructure and that they have robust security measures in place.
- Advanced data classification capabilities will deliver assurance and control to numerous industries including finance, defence and government. HelpSystems advises organisations to ensure their suppliers have a robust approach to security and information risk with security frameworks such as ISO 27001 and Cyber Essentials in place.
- Organisations should implement a data classification scheme and embed data risk management into the procurement lifecycle processes from start to finish. By effectively embedding data risk management, categorisation and classification into procurement and vendor management processes, businesses will prevent their suppliers’ vulnerabilities becoming their own and more effectively secure data in the supply chain.
- An increased focus on data privacy and protection of personal data and the continuing shift in privacy law, as reflected in the EU’s landmark GDPR in 2018 and, this year, the US’s CCPA, and the CPRA set to take effect in 2023, has changed the data regulatory landscape. We can expect to see similar US compliance rulings come into force beyond California through 2021.
- In addition to individual state privacy rulings, we can expect to see federal US-wide regulation come into force.
- This new phase in privacy regulation will be complex and enforcement will demand changes in people, process and technology - proper corporate data governance programmes, employee training and solid data management systems in every organisation to counter reputational risk and hefty fines.
- Data automation will also be a priority as companies struggle to deliver relevant data protection strategies for every level of business and its users, across all platforms and infrastructures to conform with individual state and international laws.
- HelpSystems’ unified security, compliance and data classification solutions simplify compliancy reporting enabling business to easily generate the documentation necessary to identify security issues, give auditors the information that they need and prove compliance.
No comments:
Post a Comment