Between a Rock and a Hard Place: Protecting Data is More Challenging Than Ever

It seems that just about every day, there’s a new jaw-dropping statistic that illustrates the tremendous growth of cyberattacks and data breaches that organisations are facing today. The attacks are not just increasing in number, but they’re also increasing in impact to your organisation and, most importantly, impacting the sensitive data of your organisation’s clients. This infographic that illustrates the world’s biggest data breaches and hacks in recent years, shows a considerable  escalation in breaches involving hundreds of millions of data records per breach. That’s your sensitive data and your client’s sensitive data at risk.

While it’s more difficult than ever to protect your client’s data, the stakes for doing so are higher than ever. Data privacy and data breach notification laws continue to be strengthened worldwide, putting more pressure on companies to protect client data and promptly notify them when their data is exposed. When it comes to protecting data and meeting their data protection obligations, organisations today are between a rock and a hard place.

The Challenges of Protecting Data Today

In fact, you could actually say organisations are between a rock and a rock and a hard place, as they are experiencing three difficult data protection challenges, including:

Data Security Threats Are Ubiquitous

Cybercrime is continuing to rise and, despite the emergence of best practices to avoid them, we’re seeing more cyberattacks and data breaches than ever. Here are four statistics that illustrate just how ubiquitous data security threats are today:

• In 2020, the FBI’s Internet Crime Complaint Centre (IC3) experienced a 69% increase in the volume of cybercrime complaints received since 2019 for a total of 791,790.
• It takes an average of 287 days for security teams to identify and contain a data breach.
• In another recent survey of 5,600 IT professionals, 66% of respondents had experienced a ransomware attack in the past year.
• In that same survey, the average ransomware payment grew 470% over the past year from $170,000 to $800,000.

Even as organisations continue to strengthen their practices regarding data security, it only takes one mistake to become a cybercrime victim.

Identifying Sensitive Data is More Challenging Than Ever

One of the reasons for the continued rise of data breaches is the challenge of identifying sensitive data in organisations. With data in the world expected to rise to 163 zettabytes (163 trillion gigabytes) by 2025, identifying important sensitive data within an organisation is becoming increasingly challenging due to the overwhelming volume of redundant, trivial or obsolete (ROT) data and the volume of dark data not used to gain insights for decision making. The amount of ROT and dark data within an organisation can be as much as 85%!

Regulations Are Continuing to Evolve

While protecting data is more difficult, the stakes for failing to do so continue to rise and evolve. While GDPR became effective in 2018 to protect data rights for citizens of the EU and CCPA became effective in 2020 to do the same for California citizens, four other states – Virginia, Colorado, Utah and Connecticut – have passed their own data privacy laws in the past fifteen months. In fact, California has already voted to replace their own law effective next year.

Not only that, the Securities and Exchange Commission (SEC) proposed amendments to its rules to enhance and standardise disclosures regarding cybersecurity risk management, strategy, governance, and incident reporting by public companies includes a requirement for  regulated companies to disclose information about a cybersecurity incident within four business days!

Addressing Today’s Data Protection Challenges

Protecting your organisation’s data (and the sensitive data of your clients) requires a combination of (you guessed it!) best practices and leveraging technology. To address today’s data protection challenges, your organisation needs to: 1) stay current with regulatory developments; 2) implement and keep current strong policies and procedures; 3) apply automation to the privacy compliance function within your organisation and 4) apply automation to the data loss prevention (DLP) function within your organisation.

Conclusion

Over the next few posts, we will address each of these four areas of data protection in detail to discuss leveraging these best practices and technology automation mechanisms to protect your organisation’s (and your clients’) sensitive data. With the right combination of data protection procedures and tools, your organisation doesn’t have to remain between a rock and a hard place forever!

For more regarding Cimplifi data reduction and analytics capabilities, click here. For more on security, privacy, and compliance solutions, visit the new security, privacy, and compliance centre on the Cimplifi website here.

Read the full blog series here: Part 1    Part 2    Part 3    Part 4    Part 5    Part 6