Data security is critical to your organization’s reputation strategy
A company’s ability to keep data safe can directly affect whether customers trust the organization and remain loyal over time. According to Shred-it’s 2021 Data Protection Report, more than 8 out of 10 consumers decide which companies to do business with based on their reputation for information security.
Unfortunately, consumers tend to have low confidence when it comes to businesses and data security. One in three consumers believe that companies fall short in terms of timely, transparent communications around data leaks, and there is a general perception that these incidents only come to light when the company gets caught or is forced to reveal the event.
A recent Forbes Insight report found that 46% of organizations had suffered reputational damage due to data breaches and 19% of organizations suffered reputation and brand damage due to third-party security breaches. This points to the fact that data breaches have a toll on an organization’s brand and reputation.
Therefore, it is important to secure all sensitive information, especially personal information of your customers before it falls into wrong hands eventually leading to reputation and brand damage.
Here is what organizations can do. Firstly, they need a good data security solution that can efficiently monitor, provide proper access controls, and regularly audit who accessed what information. Secondly, implementing a Zero Trust Architecture will ensure not only outsider attacks but also prevent insider threats. Thirdly, ensure that the data security solution provides security even if the data is downloaded onto another environment especially when collaborating with third-party vendors and suppliers.
Workforce Burnout Presents Cybersecurity Risks, Report Finds
Pandemic-driven workforce burnout has been detrimental to the mental and physical health of workers across all industries, but a new report from 1Password found that burnout can also lead to increased cybersecurity risks.
“Despite the high level of automation in today’s business world, workplaces still rely heavily on human beings—and technology security professionals in particular— to implement the protocols that safeguard their assets, data, information and, ultimately, reputations,” the report noted.
“When even a small number of people relax their vigilance, organizations are at grave risk. Pervasive burnout among security professionals and other employees presents a significant cybersecurity threat.”
Negligent employees and contract workers are insider threats causing data breaches knowingly or unknowingly. Disgruntled employees can cause enough damage to an organization’s reputation. They perhaps feel that they are unjustly treated or they are driven by greed they look to gain a competitive advantage with the new employer. Ill-meaning employees can delete data or steal data software or intellectual property and have often know how to cover their tracks.
What can organizations do in such a situation? Organizations must focus on securing networks, systems, applications, and more importantly their data. They should stay abreast of the various security threats and solutions. They can partner with a good security expert to up their ante especially to protect their sensitive intellectual property.
Security Professionals View Ransomware and Terrorism as Equal Threats
In a survey of more than 1,500 security professionals, 60 percent of respondents reported viewing ransomware and terrorism as equal threats. Sapio Research conducted the survey on behalf of machine identity management provider Venafi.
The findings echoed the sentiments of the Department of Justice (DOJ), which announced in June 2021 that it would prioritize ransomware attacks at a level it previously reserved only for terrorism, Reuters reported.
Two-thirds of surveyed security professionals reported that their organization had suffered a ransomware attack over the past 12 months. Both large and small companies were impacted significantly by ransomware in the past year.
The findings validated previous (ISC)² research that showed a disconnect between cybersecurity leaders and C-suite executives when it comes to communicating ransomware risks.
Over a third of respondents said they would pay the ransom, but 57 percent of those respondents said they would reverse that decision if they had to publicly report the payment.
Ransomware attacks have gained mainstream as they continue to grow into one of the most costly and damaging cybercrimes, leading to a cost of $20 billion in 2020 alone. Moreover, these threat actors have evolved their tactics, techniques, and procedures and these gangs also share information amongst themselves. They also resort to underground forums and affiliate programs and technical software updates. Their demands also have multiplied manifold.
Businesses use multiple cloud environments and multiple dedicated data centers, and many applications. Digital transformation and cloud have pushed the need for security beyond the traditional perimeter.
Businesses must quickly adapt a Zero Trust model of security that uses the following guiding principles in action – Explicit verification, Least Privilege Access, and Automatic risk detection and remediation. Organizations that have already turned to a Zero Trust model have a competitive advantage over others that are yet to adopt this technology.
Why the Zero-Trust Journey Requires Strong Database Security
As the threat landscape evolves and adversaries find new ways to exfiltrate and manipulate data, the government has been finalizing zero-trust adoption guidance to adhere to the Biden administration’s cybersecurity executive order to “advance toward zero trust architecture” — and, important, build a more robust security program across government.
However, even as agencies adopt zero trust, many are only paying attention to the endpoints, leaving the database vulnerable to malicious attacks. The zero-trust methodology helps agencies protect data in any location, but we also need to ensure that compliance practices are updated to improve and accommodate database-specific security and improve the overall security posture.
While many businesses adopt Zero Trust Technology they pay attention only to the endpoints leaving the databases exposed to vulnerable attacks. Therefore, it is important to consider and classify databases as critical assets and ensure the security of the databases. Businesses should invest in a data-centric security program. They need a defense-in-depth security approach.
Layered security takes a holistic view of cyber defense and its goal is to prevent a single security vulnerability from compromising an entire system.
SECUDE’s HALOCORE provides full visibility and control of sensitive data handling across the entire SAP landscape.
UAE prepares for enforcement of landmark personal data protection law
The UAE is preparing for landmark new personal data legislation to come into force in a matter of weeks.
While the UAE Constitution and its penal code both have implications for the transfer and use of personal data, the new ‘UAE Data Protection Law’ (DPL) will be the first comprehensive federal data privacy law in the country’s history.
Barkha Doshi, data protection expert at Pinsent Masons, said the UAE now “joins the Kingdom of Saudi Arabia by passing a standalone federal data protection regime and brings comprehensive data protection legislation to another country in the Middle East.”
The law, which will come into force on 2 January 2022, is intended to protect “any data related to a specific natural person or related to a natural person that can be identified directly or indirectly by linking the data”.
Personal Information Protection law is the body of law that deals with the regulating, storing, and using of personally identifiable information, personal healthcare information, and financial information of individuals, collected by either government, public, or private parties.
Personal Information Law ensures that the personal information of individuals is protected and does not fall into wrong hands and is misused. Therefore, every country is now bringing its PIPL (Personal Information Protection Laws).
Data protection laws give individuals the power to know how their data is handled and used. Individuals also can take back ownership of their data and sue the organization if they know their data is misused. Therefore, the right approach for organizations is to adhere to the personal privacy laws enforced by their governments.
While Europe and other countries have established data privacy laws, followed by India and China, it is a good move for the UAE government to also follow suit.