| A Changing Perspective |
This multi-part series is designed to provide a deeper understanding of the threats your organization and its data face. As we speak to customers and partners, we see gaps in understanding when it comes to data security. Our goal is to educate our readers to understand the broad threat to your organization derived from your data and drill down to show the interdependencies and connections to help you take a holistic view of protecting your data.
Make no mistake, cybersecurity is data security at its core. It is not the entirety of data security, but it is a significant part of data security. If you ask people to explain cybersecurity you will hear a discordant mixture of responses, even from the experts – especially from the experts. Looking deeper into the similarities in the responses exposes an industry’s fundamental flaw. Cybersecurity has focused on building walls. They have been building walls to keep the data in and the bad actors out, which is a fatal flaw. While the cybersecurity industry has been focused on building walls the rest of the technology world has been focused on tearing walls down – making us more mobile, more connected, and more collaborative than ever before. Whatever perimeter may have remained was quickly marginalized by the COVID-19 pandemic.
How do we keep data safe in a world without walls? The first requirement is to understand exactly what needs to be protected and why. As a company, you are not actually protecting your data, you are safeguarding your financial responsibilities and incentives that are derived from that data. Seldom is data truly stolen. It is almost always copied and then either used or sold by a bad actor. Moreover, the concept of the data breach does not even represent the greatest financial threat to an organization – that title belongs to the government. On average, the cost of non-compliance is significantly greater than the cost of a data breach. This means your ability to manage and adapt to the byzantine regulatory structures governing the jurisdictions in which you operate is of critical importance.
Of course, this does not mean that an organization can focus on compliance and forget about the threat posed by the more traditional data breach. Failure to conflate the two leaves you vulnerable. While compliance risk covers a very narrow definition of critical data – it is regulated for a reason – vulnerabilities remain even with strict compliance. Reliance or adherence to compliance standards to define critical data is also problematic as that ignores significant amounts of data that should be considered critical for other reasons, such as intellectual property and proprietary data sets. Organizations need to start by identifying what data is critical to them to protect their financial interests, understanding both direct and indirect harm.
Once the critical data has been identified, the challenge becomes protecting that data. This is where a deep understanding of the threat is required. For far too long the focus on threat mitigation has been to look outside the company. This subjugation to the traditional understanding of data breaches leaves organizations exposed. In reality, looking outside only covers a fraction of the threat, and while necessary, focusing solely on the external exposure could be a fatal oversight. When you look at the numbers, only eleven percent of data breaches are perpetrated from the outside without any help – witting or unwitting – from the inside.
Next week we will begin to explore case studies in data breaches, analyzing how they happened and how Covax Polymer could have stopped them. We will begin to pose those uncomfortable questions that will help you better understand what you are missing.
Originally Posted On: September 28, 2020