The fact that Data Privacy Day is being celebrated for the entire month of January rather than just one day this year is testament to the importance of data security, and reflective of a complacency that persists and urgently needs addressing amongst both businesses and individuals.
Despite attackers becoming more sophisticated and targets more unusual in today’s digital age, traditional attack methods are in fact still among the most popular for breaching data.
With digital technologies now seeping into every nook and cranny of 21st century life, industry experts discuss why cyber security has never been more vital.
Cyber security: a crucial measure to take
Tim Hickman, Partner at White & Case, argues that “the ICO’s response to the Dixons Carphone data breach further emphasises the importance of properly protecting customer data. A clear trend has emerged in the past 18 months, with many of the ICO’s most high-profile investigations focusing on data breaches involving financial data. Businesses that handle financial data therefore need to be especially careful to implement appropriate cyber security measures. In the past 12 months, the ICO has announced its intention to issue fines totalling hundreds of millions of pounds in respect of large-scale breaches involving financial data.”
“It is always possible to report a data breach to the ICO with the option of providing additional information once an investigation has taken place. However, pre-emptively reporting a data breach can have serious adverse consequences because such a report effectively requires the company to admit that it has suffered a breach.”
“Data Privacy Day [also] reminds us that customers are increasingly wary of how brands are using their data,” comments Nicola Pero, CTO at Engage Hub. “Research shows that 65% would stop using a brand that was dishonest about how it was using their data. This percentage seems poised to grow further and further in the years to come, driven by a core group of influencers for whom data privacy is a hot issue with political connotations, similar to climate change or gender inequality.”
Pero speculates that “brands will increasingly be unable to establish an emotional connection with their customers if they abuse or misuse their data. Realising that one of your favourite brands has been sharing or abusing your personal data in ways that you didn't expect would for some customers be similar to finding that a close friend has revealed a secret that was supposed to be for their ears only.”
David Higgins, EMEA Technical Director at CyberArk, explains that “it’s now well-established that data is the world’s most valuable asset, and a tempting target for malevolent hackers with varying motivations. More often than not, they are pursuing credentials that they can use to infiltrate businesses and target sensitive and valuable data. Attackers seek ways to cause irreparable damage across a whole range of industries, from seizing companies’ administration logins to hacking into medical data so as to hold individuals to ransom over the disclosure of sensitive personal information. As a tragic, but potentially realistic scenario, this could even result in a doctor being unable to perform a life-saving operation due to a lack of availability of the patient’s records for example.”
“Data privacy is an aspect of security that has become increasingly important to businesses and consumers alike,” comments Chris Hodson, CISO at Tanium. “Companies often fail in privacy and information protection because they simply don't understand the volume, breadth and sensitivity of information contained within their IT environments.”
In an attempt to solve this issue, Hodson suggests that “understanding what is in an IT environment is a crucial step to ensuring data is effectively protected. It is the job of IT operations and security teams to unite to establish complete visibility of their ecosystem and implement the controls necessary to support data protection and information privacy.”
The role of digital
Andrew Tsonchev, Director of Technology at Darktrace, maintains that technology itself will have a big part to play in working alongside humans – despite it being at the root of our security concerns today. “Large-scale data breaches, from Capital One last year to Marriott in 2018, have opened consumers’ eyes to the importance of holding businesses accountable.
“Data, and the systems that hold data, will always be vulnerable. If organisations are to truly protect consumer data, artificial intelligence (AI) will be critical, not just a nice-to have. Only AI can constantly monitor where critical data is and automatically stop it leaking out of an organisation and into the wrong hands.”
“An issue that is often overseen in terms of GDPR,” according to Chris Huggett, Senior Vice President for Europe and India at Sungard Availability Services, “is the result of an IT outage, which prevents businesses from keeping its services running. As a server or organisation’s infrastructure is down, data is then at risk to exposure and therefore a company is at risk of failing compliance. IT and business teams will need to locate and close any vulnerabilities in IT systems or business processes and switch over to disaster recovery arrangements if they believe there has been a data corruption.”
Huggett highlights that “an organisation’s speed and effectiveness of response will be greatly improved if it has at its fingertips the results of a Data Protection Impact Assessment (DPIA) that details all the personal data that an organisation collects, processes and stores, categorised by level of sensitivity. Data Privacy Day is a great opportunity to expose unknown risks that organisations face but moving forward it is vital that business leaders embed privacy into every operation. This is the only sustainable way to ensure compliance on an ongoing basis.”
Giving power to the people
“In the age of social media and the over-sharing of personal information, many forget that privacy is our right. It is protected by laws such as Article 8 of the European Convention on Human Rights,” reminds David Warburton, Senior Threat Research Evangelist at F5 Networks.
As a one-stop piece of advice, Warburton suggests that “if you do anything this Data Privacy Day, make it a positive step to enhance your business’ privacy stance by reinforcing the importance of cybersecurity and the dangers of social engineering. This should include robust employee awareness programmes that evolve in line with new social platforms and ensure a culture of responsible sharing.”
In addition to taking proactive steps to preventing cyber threats, Euan Davis, European Lead for Cognizant’s Center for the Future of Work notes that “over the coming years, we will see new roles within security departments emerge, requiring different capabilities to the jobs that we see on offer today. Some of these were outlined in a recent report by Cognizant, “21 More Jobs of the Future”, and include: Cyber City Analysts, Cyber Attack Agents, Juvenile Cybercrime Rehabilitation Counsellors and Cyber Calamity Forecasters.”
Data privacy, not something to ignore
The next decade is only set to see further developments and innovation in the cybersphere, which will inevitably expand the threat landscape. To have any chance at winning the battle, businesses need to ensure that data privacy permeates every aspect of the organisation.