Yet, as Craig Adams, Managing Director for EMEA at Protecht, argues, “data can be a double edged sword; whilst it can offer new insight for businesses, the consequences organisations face for losing data are severe. With the regulatory, reputational and financial damage, data loss can cause an organisation, it’s no wonder 44% of risk management experts list cyber attacks as their most pressing concern.”
That is why Data Protection Day is so important – it is a crucial reminder for organisations to evaluate their data protection methods and ensure that they are protecting it in the most effective way. But how do we do this? We spoke to eleven industry experts to find out.
KEEP YOUR ENEMIES OUT
The problem of cyber crime continues to grow. Just in the past couple of months alone, the UK has seen some of its biggest organisations, including the Royal Mail and The Guardian, fall victim to cybercriminals’ traps. As Christopher Rogers, Technology Evangelist at Zerto, a Hewlett-Packard Enterprise company, describes, we are in the “golden age of cybercrime”, in which “data protection is not such an easy task.”
He references the IDC report, ‘The State of Ransomware and Disaster Preparedness’ which found that “83% of organisations had experienced data corruption from an attack, and nearly 60% experienced unrecoverable data as a result. So, while it is clear there is a dire need for more effective data protection, it is also crucial that businesses have disaster recovery solutions in place should the worst occur.”
“Recovering from a cyber attack will far outweigh the financial costs of implementing and maintaining solutions,” warns Hugh Scantlebury, CEO and Founder of Aqilla. “In the face of increased costs of doing business, many may be looking to cut back on their cybersecurity measures in order to reduce costs. But, lack of investment in cybersecurity is a false economy.”
“It’s crucial that businesses prioritise the protection of their data, not just today, but every day,” agrees Eric Bassier, Senior Director of Products at Quantum. “In 2023, data protection and recoverability are uncompromising, vital components to the success and sustainability of any business.”
Raffael Marty, EVP and GM of Cybersecurity at ConnectWise, adds: “This Data Protection Day, we want to draw attention to how security threats impact data privacy issues. Businesses need to remain agile and responsive to the evolving threat landscape in order to keep theirs and their customers’ and users’ data private.”
THE BRICKS OF THE BUNKER
There are a number of steps that businesses can take to build their defences. First of all, they should utilise the strengths that they already have – their employees.
“Hackers may be becoming more sophisticated, but the fact remains that the majority of successful cyber-attacks include some form of human error – whether that’s clicking a dodgy link, opening a malicious email, entering a password where it shouldn’t be entered, or any of the myriad ways hackers attempt to confuse and exploit people’s lack of awareness complacency,” explains Andy Swift, Cyber Security Assurance Technical Director at Six Degrees. “Appropriate employee cyber security training remains essential for businesses looking to avoid accidental and malicious downtime and data breaches.”
With the rise of remote working over the past few years, and the likelihood for it to continue well into the future, training your employees to spot such attacks is more important than ever as they work outside of corporate firewalls.
Andy Bates, Practice Director – Security at Node4, adds that its latest research proves this point: “This year Node4’s annual Mid-Market IT Priorities Report revealed that 84% of IT decision-makers in mid-market companies think that their influence over IT purchases has diminished in the last 12 months. This is rooted in the long-time practice of the bring your own device (BYOD) phenomenon, where individuals routinely connect their own devices to corporate IT networks. This escalating trend of shadow IT will only make effective data protection harder – if not impossible.”
“These remote environments are as variable as they are unpredictable,” emphasises Audun Fosselie Hansen, Co-founder and CEO at Celerway. “Configuring and deploying large numbers of routers remotely can present challenges and it’s not uncommon for staff to rely on their personal mobile phone connections and unsecure public Wi-Fi networks. Providing seamless, high-performance connectivity is often the focus in these remote scenarios, but this cannot be achieved by compromising security. Any remote connectivity scenario must ensure the network keeps customer and corporate data secure by prioritising a foundational Zero Trust approach to network security.”
However, employees should not be the only line of defence. As technology advances, so do data protection methods. Previously, many have relied solely on passwords to keep their data safe. But Jasson Casey, CTO at Beyond Identity, urges organisations to “focus on passwordless authentication and phishing-resistant MFA if they are to finally shut the front door.
“By eliminating passwords and weak MFA, organisations can block a whole class of attack pathways. The security industry has focused on and invested billions in threat detection and incident response (TDIR). This made total sense because adversaries were gaining undetected access to networks and staying there for months and even years. But what if we could leverage the detection and response tech stack to make authentication even better? The journey to strong authentication of an identity starts with passwordless, phishing-resistant MFA.”
Similarly, Liad Bokovsky, Vice President of Solutions Engineering at Axway, stresses that “investing time and resources into robust API security measures such as understanding vulnerabilities, taking a multi-faceted approach, implementing a zero-trust mindset, prioritising security, and staying informed about the latest threats is more critical than ever in 2023’s rapidly evolving security environment.”
He summarises, “It’s time to quit playing recovery and instead stop the attackers in their tracks.”
Reflecting on the lessons of Data Protection Day, Terry Storrar, Managing Director at Leaseweb UK, concludes: “Data Protection Day is a great opportunity to take stock of how secure your data really is. And, for those who have entrusted their data to a cloud hosting provider, the day should serve as a reminder to choose carefully and ensure your provider is willing to go the extra mile to secure your data”.
