Join us on November 9th to learn how to successfully innovate and achieve efficiencies by educating and scaling citizen developers at the Low-Code/No-Code Summit. Register here.
Eighteen Minutes: In less time than it takes to get a typical food delivery order, a sophisticated bad guy can completely compromise your network. Such a violation can not only irreparably damage the reputation of your company, but also significantly affect the bottom line. The average cost of a security breach this year hit a staggering $4.35 million, an all-time high. While some companies can survive such a financial hit, it can ring the death knell for many others.
The motive behind these attacks is clear: access to sensitive, personal or proprietary data generated and stored anywhere and everywhere. Today, businesses of all sizes in all sectors continue to grapple with how to properly store, manage, control, manage and secure this valuable resource, especially in our post-pandemic digital confines.
As the data landscape continues to evolve in size and complexity, so do security threats. While we’ve enjoyed a slight respite over the last two years as many bad actors turned their attention to exploiting the economic relief provided by COVID-19, they are now turning their sights on targets in traditionally lush pastures such as financial services, telecoms, energy and healthcare directed.
The reality is that no organization is immune to cybersecurity challenges, from the largest global corporations to the corner shops. So here are five ways organizations large and small can mitigate their risks, identify their vulnerabilities, and position their organizations for security success.
Learn how to easily build, scale, and manage low-code programs to create success for all on November 9th. Sign up for your free pass today.
Data security: take care of your people
Undoubtedly, the biggest threat to a company’s cybersecurity is its employees. Either intentionally through an insider attack or unwittingly through social engineering, most breaches occur with significant internal collaboration.
“Jan, I’ve been in meetings all day and I want you to buy $500 worth of Apple Cards right away and send them to me as gifts for our customers.”
Does this shady text or email look familiar? At some point, we’ve all received some version of these phishing scams, often purportedly from a CEO or senior executive urging us to click a link, update software, or purchase an odd number of gift cards. Ironically, it’s often our desire to help that gives bad actors a foot in the door. As more organizations seek to “democratize” data or make it accessible to more business users, it is paramount that teams receive regular education and training so they can recognize different types of threats and understand procedures on how to properly deal with such incidents .
Zero Trust Approach
Network security has traditionally been viewed as outside or inside: bad actors on the outside, good actors on the inside. But with the advent of the cloud and access to networks via mobile phones, desktops, laptops and any number of other devices, having such a clean separation is no longer feasible or responsible.
Enterprises should instead implement a Zero Trust architecture: Essentially, a network-wide suspicion of people or devices inside or outside the perimeter. Rather than granting every employee or contractor full network access, start with minimal privileges or those they need for their role and require authentication at every network layer. This creates a layered security that makes lateral movement more tedious should an evil actor breach the door or obtain a key.
Secure hybrid multicloud
The future is hybrid. A modern data strategy must no longer be one-dimensional. Not on-premises or cloud or multicloud, but a seamless connection between them.
Organizations must have a platform that is scalable, adaptable, and flexible: scalable to properly store and process large amounts of data and diagnose vulnerabilities before they become a security vulnerability; adaptable to quickly build machine learning (ML) models on new data sources; and flexible to allow data and workloads to move freely to optimize cost, performance and security.
A hybrid model allows high-value, highly sensitive data to remain on-premises while leveraging the elastic, cost-effective properties of multicloud to manage less sensitive information. When developing a hybrid model, ensure your platform can enforce consistent security and governance policies throughout the lifecycle of data, regardless of where it resides, moves, or what it is used for.
Integrated data security and governance
In order for data to be used responsibly and effectively, it must be consistently secured and managed. If you don’t have confidence in any of these basic elements, you cannot have confidence in sharing the information either. From the start of their digital transformation, organizations need to invest in a data solution that has built-in security and governance capabilities. It’s extremely difficult – and expensive – to go back to a third-party solution later.
The stakes are even higher for organizations operating in tightly controlled environments with varying sovereignty regimes and international, state, federal, industry-specific, or internally mandated standards and regulations. All must be built on security and governance, not the other way around.
Secure and manage real-time data
While point solution providers can manage a few petabytes of data, in the enterprise world, a single customer’s data can exceed that amount. Additionally, much of it is unstructured data on the move, streaming in from the edge through billions of devices, sensors, and a myriad of other applications. This presents organizations and executives alike with an immense security challenge.
Therefore, a key component of any cyber threat detection and response strategy is the ability to ingest and track real-time data at scale. Understanding his origin or record is crucial – what is his lineage? Did it arrive safely? Has the pipeline been tampered with? What happened to it when it arrived? If a data platform provider is unable to manage and protect streaming data at scale, companies will likely find the pictorial barn door shut after the horses have already been stolen.
Cybersecurity in 2023 and beyond
Data security has never been more complex or complicated, and a tense geopolitical climate has only escalated the threats. Security vulnerabilities have grown exponentially, fueled by new remote working strategies and global stressors such as inflation, food shortages, rising unemployment and a looming recession.
With new innovations such as Metaverse, cryptocurrency and DeFi, 5G and quantum computing still in their infancy, the cyber battle lines that corporations and bad actors are attacking are constantly being redrawn. Although there has been a greater focus on security across industries and many organizations are taking significant steps to mitigate their exposure, we are still caught in an endless game of cat and mouse. With every step we take to become better, smarter, and safer, bad actors mirror our footprints, often endowed with the same determination, ingenuity, and technological capability.
For organizations to truly put data first, they must prioritize security and governance as the cornerstone of any data management strategy. If they don’t, they might let the foxes into the chicken coop – and not even realize it.
Carolyn Duby is Field CTO and Cybersecurity Lead at Cloudera.
data decision maker
Welcome to the VentureBeat community!
DataDecisionMakers is the place where experts, including technical staff, working with data can share data-related insights and innovations.
If you want to read about innovative ideas and up-to-date information, best practices and the future of data and data technology, visit us at DataDecisionMakers.
You might even consider contributing an article of your own!
Read more from DataDecisionMakers