Today, data is understood to be the fuel that propels companies’ growth and success. As a result, safeguarding that valuable resource is more important—but also harder—than ever.
According to a new “SonicWall Cyber Threat Report” (March 2018), cyberattacks are becoming the number-one risk to businesses, brands, operations, and financials, and there were 9.32 billion malware attacks in total in 2017, representing an 18.4% increase over 2016.
Meanwhile, the most recent IBM/Ponemon “Cost of Data Breach Study” (June 2017) places the average total cost of data breach for the 419 companies participating in its research at $3.62 million, with the average cost per lost or stolen records at $141.
Defending against threats has also become more difficult, according to the Cisco 2018 Annual “Cybersecurity Report,” which points out that encryption was meant to enhance security, but the expanded volume of encrypted web traffic (50% as of October 2017), both legitimate and malicious, has created more challenges for companies trying to identify and monitor potential threats. Cisco researchers identified more than a three-fold increase in encrypted network communication used by malware samples it inspected over a 12-month period. The report cites the use of machine learning as presenting a benefit to companies in terms of improving network security, and in time, learning how to detect unusual patterns in web traffic, cloud, and IoT environments.
Mastering how to thwart potentially ruinous cyberattacks is critical for organizations of all sizes because of the importance of data to company success and the risk that breaches—or simple mishandling—can present in terms of regulatory penalties and customer loyalty. The new EU General Data Protection Regulation which will go into effect May 25, 2018, defines specific guidelines on how EU residents’ data must be collected and stored by companies around the world. It also promises to impose fines for failure to do so of up to 4% of worldwide revenue or €20 million, whichever is greater. Sounding an ominous note, Gartner has predicted that by the end of 2018, more than 50% of companies affected by GDPR will not be in full compliance with its requirements. As if that were not enough, the revised Markets in Financial Instrument Directions (MiFID II) went into effect at the beginning of 2018 in the EU, adding sweeping regulatory changes that will impact transaction reporting on all financial instruments traded in Europe and affect U.S. firms that do business with European counterparts or customers.
According to Bloomberg, “regulators want to be able to spot risks early and quickly reconstruct events when something suspicious happens, so MiFID II will force the investment community to keep tabs of almost everything.”
With the variety of regulatory mandates, potential fines for non-compliance, and the overall risk landscape for breaches heightening, now, more than ever, companies must take steps to have a comprehensive data management game plan and avoid one-off solutions to each new challenge that appears. On the following pages, industry experts outline the approaches and best practices that they advise for maintaining data security and compliance in order to be prepared for today’s regulations and cyber threats as well as any new ones that may emerge down the road.