October is National Cyber Security Awareness Month (NCSAM). Started by the National Cyber Security Division within the Department of Homeland Security and the non-profit National Cyber Security Alliance in 2004, the goal of this designation is to raise awareness of the importance of cyber security.
The consequences of not securing data have always been serious. But, in the past year, a number of new developments have made data protection more challenging, according to industry executives.
With the seemingly overnight switch to new work-from-home strategies amid the ongoing COVID-19 pandemic, the accelerated movement of workloads to the cloud, and a growing security skills shortage, it is time for data security and governance approaches to be rethought. The damage from a data breach can be devastating for organizations—potentially resulting in diminished business and hefty fines, not to mention the loss of customer trust. The risk is too great not to take data security threats seriously.
In recognition of NCSAM, DBTA reached out to industry leaders to explore the state of data security and privacy in 2020.
"Many organizations simply don’t imagine that the present security culture, configuration management, data security controls, and overall cloud strategy may open them up to the attacks and compromise we commonly see today," said Greg Jensen, senior principal director, security at Oracle. "Combined with the realities of understaffed organizations and the changes we have seen in 2020 the risks have never been greater."
According to IBM Security's 2020 Cost of a Data Breach Report, data breaches cost the more-than-500 companies surveyed an average of $3.86 million per breach. The study found that compromised employee accounts were the most expensive root cause. Based on in-depth analysis of data breaches experienced worldwide, 80% of these incidents resulted in the exposure of customers' personally identifiable information (PII), and, out of all types of data exposed in these breaches, customer PII was also the costliest to businesses studied.
WFH and Cloud
A separate IBM study found that more than half of surveyed employees new to working from home due to the pandemic have not been provided with new guidelines on how to handle customer PII, despite the changing risk models associated with this shift.
"When it comes to businesses' ability to mitigate the impact of a data breach, we're beginning to see a clear advantage held by companies that have invested in automated technologies," said Wendi Whitmore, vice president, IBM X-Force Threat Intelligence, commenting on the research. "At a time when businesses are expanding their digital footprint at an accelerated pace and the security industry's talent shortage persists, teams can be overwhelmed securing more devices, systems, and data. Security automation can help resolve this burden, not only supporting a faster breach response but a more cost-efficient one as well."
Microsoft also surveyed nearly 800 business leaders of companies of more than 500 employees in India, Germany, the U.K., and the U.S. to better understand their views of the pandemic threat landscape, implications for budgets and staffing, and how they feel the pandemic could reshape the cyber security landscape long-term. It found that an "alarming number" of businesses are still impacted by phishing scams, and that security budgets and hiring increased in response to COVID-19, and also that cloud-based technologies and architectures such as Zero Trust are significant areas of investment moving forward.
Providing secure remote access to resources, apps, and data was found to be the number-one challenge for security and IT teams. Additionally, for many businesses, the limits of the trust model they had been using, which relied on company-managed devices, physical access to buildings, and limited remote access to specific business apps, became clear during the pandemic. To address this weakness, the top security investment made during the pandemic has been multi-factor authentication (MFA).