May 2021 Roundup – Latest News, Trends & Updates in Data Centric Security
Encryption Helps Companies Avoid Breach Notifications
With nearly twice as many firms suffering a breach compared with the previous year, limiting the damage becomes more important, a survey finds.
Companies that encrypt sensitive data have a significant chance to avoid the most major costs from a data breach because the theft of encrypted information usually does not trigger data-breach notification laws.
In the survey, conducted by 451 Research and sponsored by encryption firm Thales, almost half of respondents (46%) said they avoided disclosing a breach in the past because the stolen information had been stored encrypted.
Overall, more than half of firms (56%) said they have suffered a breach in the past, while 41% of companies have suffered at least one data-loss event in the past 12 months, according to the “Thales 2021 Data Threat” report.
Cyberattacks have become more sophisticated each year and are not confined to just Fortune 500 companies alone. No business is safe from such cyberattacks and small businesses are more vulnerable to such attacks. Encryption helps block hackers from using proprietary data and information even if they can take advantage of a vulnerability.
Encryption protects financial, personal, and user authentication information and acts as a protective measure against the possibility of a data breach. It also helps to meet compliance regulatory measures as well.
No matter what size your business is, safeguarding your proprietary information is no longer an option, it is a necessity. With a strong security strategy that includes encryption and key management, your data is safe.
Two-thirds of CISOs Unprepared for Cyber-attack
Two-thirds of respondents to a global survey of CISOs have said that they do not feel their organization is prepared enough to cope with a targeted cyber-attack.
This widespread lack of readiness was unearthed by California enterprise security company Proofpoint during the creation of its first-ever annual 2021 Voice of the CISO Report. The report examines global third-party survey responses from more than 1,400 CISOs employed by mid- to large-size organizations.
Just under two-thirds of CISOs (64%) reported feeling at risk of suffering a material cyber-attack in the next 12 months. More than half (53%) said they are more concerned about the repercussions of such an attack in 2021 than they were in 2020.
In a world that is going extremely digital, cyberattacks have grown in number and sophistication. With the pandemic not coming to an end soon, businesses have resorted to a remote working style.
As the virtual workplace is expanding day by day, CISOs have to ensure digital security on the go. CISOs should not only focus on technology but concentrate on the business risks as well.
Cybersecurity is no longer the sole responsibility of the IT and security teams alone. It is essential that everyone in the organization is aware of the security needs and understands the security infrastructure.
As the work mostly happens on the public network and untrusted platforms while working from home, security has to be beyond the traditional boundaries of the organization. Therefore, there is a high demand for automated and continuous compliance and Zero Trust network strategies.
Number of Breached Records Soars 224% Annually
The volume of compromised records globally has increased on average by 224% each year since 2017, according to new findings shared by Imperva.
In light of the GDPR’s third anniversary this week, the data security firm crunched statistics on thousands of breaches over the past few years to better understand the evolving risk to businesses.
There were more records reported as compromised in January 2021 alone (878 million) than for the whole of 2017 (826 million).
“Information security adoption is slower than the adoption of digital services that make profit from the addiction to and consumption of the same online services. The increasing number of breaches every year is a result of this gap.”
Imperva is predicting that this year will see around 1500 data breach incidents and 40 billion records compromised.
Cybersecurity Ventures predicts that global cybercrime costs to grow by 15 percent per year over the next five years, reaching $10.5 trillion USD annually by 2025.
Cybercrime costs include damage and destruction of the data stolen, loss in productivity, theft of personal information and intellectual property, embezzlement, fraud, and reputational harm to an organization. Yet, despite the costs, businesses are slow to adopt even the basic IT security.
The majority of businesses are not financially ready when it comes to investing in security. Secondly, most cybersecurity measures take time to implement.
However, it is high time for businesses whether big or small to consider their cybersecurity seriously. Businesses must make security a key part of their digital transformation strategies. They should drive best-practice adoption strategies from access controls to tapping external expertise.
Adopting zero trust architecture can limit ransomware’s damage
The fact that a pipeline operator had to proactively shut down operations to deal with a ransomware attack highlights organizations’ lack of resiliency. But from a security perspective, technologies such as zero trust and micro segmentation could have limited the amount of damage ransomware was able to inflict.
Enterprises should move ahead with implementing zero trust architecture within their environment to mitigate the effects of this kind of malware, wrote Brian Kime, a senior analyst at research firm Forrester. Zero trust architecture limits lateral movement and contains the blast radius, Kime said.
Ransomware is the most commonly deployed malware and it is three times powerful than crypto mining and botnet malware. It remains a serious threat in spite of improved security solutions and measures.
Adopting Zero Trust architecture can limit ransomware’s damage. The Zero Trust principle focuses on controls during the design such as controls needed during authentication and authorization.
A Zero Trust Architecture requires authorization for any person or device attempting to connect to a network or access the resources. Further controls are present to prevent access to critical servers and data.
Zero Trust uses multifactor authentication and Micro-segmentation to make it difficult for an inside intruder as well as an outsider to get into the organization’s assets. Thus it is more effective in preventing ransomware and therefore businesses should think of investing in Zero Trust Architecture.
Data-centric security is key to resiliency, cyber risk report says
The COVID-19 pandemic changed more than how people work. Organizations boosted their security investments in response to an increase in cyberattacks and adopted a “data-centric” mindset to protect their information investments over the past year, according to a study Capgemini and Forrester released today.
With this data-centric approach, organizations are trying to reduce cyber risk and remove internal business growth barriers, according to the study, titled Making Your Business Cyber-Resilient In 2021.
Securing data is fundamental for any business. As the threat landscape is widening day by day, organizations have to rethink their cybersecurity strategy. It is just not enough to act after a data breach has occurred. Organizations have to be prepared – they have to be cyber resilient.
Breakthrough digital technologies like artificial intelligence, machine or deep learning, user behavior analytics, and blockchain have created disruption and have also lead to an increase in the need for cybersecurity investments.
Data breaches pinpoint multiple failures within the business processes and procedures of an organization. Organizations have to put their data protection in order, they have to deploy data-centric security practices and secure their high- value assets.
With more than two decades of experience in data-centric security with a Zero Trust approach, SECUDE provides data-centric security solutions with Microsoft Information Protection for SAP and CAD data.