Already, the year is drawing to a close which means two things:
• It’s mulled wine season
• We’re almost 2 years into the pandemic
And it’s predictions time!
Over the last 12 months the number of records breached in data security incidents has increased by 224%1 and it’s now not a matter of if it happens, but when. According to IBM the average cost of a data breach is £2.7m2. There is still much work to be done by organisations, but what steps will they take in 2022 to reduce the likelihood of a breach occurring?
Investing in data professionals, governance teams and technology tools removes the need for manual processes, therefore reducing the risk for your organisation. By giving staff ongoing training, you create awareness and equip them with the knowledge to protect your organisation. By ensuring people understand that data governance and security teams are trying to help them, they are part of a bigger process that’s contributing to the security of the organisation.
It’s absolutely critical that there’s a solid data governance structure in place with data owners and data stewards in the business to allow decisions and responsibilities to be accounted for. You can also embed data privacy, protection and security by design. For example, the process by which data is shared in your organisation or where data is shared in an ecosystem.
This is a step most organisations fail to take, so don’t let this be you. Formulate your policies, don’t leave them as pieces of paper. Turn those policies into practice, so they remain front and centre and embed the principles and policies in process. Use software tools like data discovery to track where policies are being followed and where they aren’t, so you can nudge people to do the right thing.
It can be hard to have the conversation around investment in risk mitigation if you haven’t had a breach, but with data breaches and cyber security threats on the rise, can your board really afford not to invest to protect your organisation? Talk to the board in their own language, find out what will make them listen. Many vendors will offer free trials, why not take them up on these offers? In fact, Exonar offers a free 2-week ‘Test Drive’ allowing organisations to see how discovering their data in detail could drive the success of their existing data programmes.
Conduct tabletop exercises to calculate what the impact of a breach would be. Figure out what’s an acceptable level of risk to the businesses. Consider internal costs, what the regulatory implications are and the impact of the reputational damage in the event of a breach. All these should be evaluated so that the business is prepared and practiced in how they would respond in the event of a breach. The key here is that senior leadership teams need to be part of the process.
The focus for organisations is no longer simply just prevention, because hackers determined to get into your infrastructure will find a way to do so. As we said in point 5 above, it’s about how you prepare for the inevitable. Part of that prevention, is knowing what data you have and where it is so you can find a secure anything that’s sensitive, out of policy or valuable. By running a programme of data discovery and indexing, you can expose the risks and the ‘crown jewel’ data and make informed decisions about how to improve security. In addition, having an index of your data means that if your organisation is subject to a ransomware attack, you can see instantly what was taken. Find out more about the benefits of data discovery here.
This is not new, we are constantly learning how to improve and this is no different if your organisation is subject to a data breach. Try to turn the breach to your advantage. A situation that looks particularly dark and gloomy can reap many benefits in the long term.
To find out how Exonar can help your organisation strengthen its breach risk profile, talk to us – it’s what we do!