High Stakes Game – Keeping Your Data Safe in A Post GDPR World
Published on Oct 29, 2018 at 6:37 am in
Data protection has always been important. Now it’s becoming urgent. The enforcement of the European General Data Protection Regulation (GDPR) from May, coupled with the continued growth in data breaches is driving the adoption of better data protection technology. Data is the lifeblood of companies: personal data, financial data, intellectual property, all are critical for your organization.
The GDPR regulations were also developed in response to the increase in cyberattacks and data breaches and it seeks to counter these through the collaboration of public and private entities. It calls on companies to adapt their data protection and privacy policies to much more restrictive requirements. To give an example, companies need to report significant personal data breaches under penalty of sanctions that can reach up to 4% of annual turnover.
After the latest cyberattacks that have hit companies and organizations around the world, it is important to improve on how companies safeguard data privacy and security. To give an example, security update protocols should be a priority for all companies. Cases such as WannaCry or Equifax reaffirm this, as every day that passes without patching a vulnerable system puts the company and the integrity of its data, including that of customers and suppliers, at risk.
According to Gartner, regulatory compliance and data privacy have been stimulating spending on security during the past three years, most recently in Europe around the General Data Protection Regulation coming into force. These regulations translate into increased spending, particularly in data security tools, privileged access management, security information and event management.
Many organizations are relying on their existing security measures, including protocols for particular customer segments, for GDPR compliance. But, as they build an inventory of personal data processing activities, they will need to ensure that security measures are proportional to the risks pertaining to different types of personal data. This calls for a structured approach to defining risk and the measures necessary for mitigation: “pseudonymization,” anonymization, encryption, deletion, etc.
For many companies, a change of mentality (and strategy) will be necessary to achieve the highest levels of security and protect their assets. Countering malware is only the beginning. We are entering an era in which the best security strategy entails trusting nothing. Any new process that wants to run on any device connected to the network must be previously approved, and those that are trusted will have to be closely monitored to detect any anomalous behaviour in the shortest possible time. Security based on detection and response in real time, with forensic reporting and details of how the attack occurred, is essential to avoiding future intrusions.
In the meanwhile, Gartner forecasts worldwide enterprise security spending to total $96.3 billion in 2018, an increase of 8% from 2017. Organizations are spending more on security not only as a result of regulations such as GDPR, but also because of shifting buyer mindset, awareness of emerging threats, and the evolution to a digital business strategy.
Gartner also forecasts that by 2020, more than 60% of organizations will invest in multiple data security tools such as data loss prevention, encryption and data-centric audit and protections tools, up from approximately 35% today.
New regulations and increased security incidents are driving the need for advanced data protection technologies that operate wherever data resides — in storage, in use, via collaboration or analytics, and either inside or outside the traditional organizational perimeter that includes your contact center.