Over the last few years, the enterprise security landscape has drastically changed. In 2019 alone more than half of British businesses fell victim to malware and cyber-attacks - an increase of 40% when compared to the previous year – with average losses soaring from $229,000 (£176,000) to $369,000 (roughly £283,519).
The rapid adoption of digital technologies and the vast amount of data that is gathered by them means that every corner of a business needs constant monitoring and protection. Managing this task is even more challenging due to regulatory mandates such as the EU General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA) and the Payment Card Industry Data Security Standard (PCI DSS).
About the author
Hope Swancy-Haslam, Sr. Director, OpenText.
The second major problem facing security teams today is a lack of budget and staff. Recent research from Databarracks discovered that over half of UK businesses have seen their cybersecurity budgets either stay the same or decrease over the last twelve months. On top of all this is the growing shortage of skilled, knowledgeable information security professionals.
The convergence of these issues for the enterprise will make the challenge of responding to the thousands upon thousands of security alerts every day a significant one – especially when you consider that automated attacks are becoming more sophisticated and frequent.
To be prepared for every eventuality, key members of the security, privacy and compliance teams must join forces to plan, manage and monitor protection efforts. These groups increasingly care about and track the same KPIs, anyway. By working together to share more information, these teams can set the organisation’s governance plan in place and then ensure that both security and privacy policies are in line with the regulatory requirements for their industry.
This is especially important for heavily regulated industries such as financial services, healthcare and the public sector to greatly reduce the likelihood of a damaging breach.
The information advantage
The biggest advantage an organisation can give itself when defending against cyber threats is to better understand its sensitive data and where that data resides. To gain this understanding, collaboration between these groups in answering the following questions is required:
- what types of data are sensitive for this particular organisation?
- where is this data located?
- is the security team alerted when sensitive data changes location?
- are systems in place to know if unauthorized users are accessing or storing sensitive data?
Such an approach can lead to a more effective process of managing and monitoring employee security, privacy and compliance policies. By removing silos and working more closely together, a better understanding of data locations, security posture, and access is also achieved which creates a baseline to operate from when managing both security and risk.
With this information advantage, security and privacy teams can then purposefully and aggressively control their data. Most organisations have adopted a “Defense-in-depth” strategy which incorporates layers of defense that analyse the perimeter, network streams, and most importantly, takes security endpoints and devices into account. Given recent incidences of ineffective perimeter defense technologies against targeted attacks, endpoint visibility and control is proving to be a successful method to discover and mitigate the impact of active and ongoing breaches.
Faced with a shortage of resources and skills in the industry, enterprises are increasingly looking to endpoint detection and response solutions which use various data analytics techniques to detect suspicious system behavior, provide contextual information, block malicious activity, and provide remediation suggestions to restore affected systems. To meet the breach discovery and investigation mandates common in most regulation frameworks, this ability to continuously collect and analyse endpoint data will be vital to identify incidents as they occur and before damage can be done.
Looking ahead, security, privacy and compliance teams must foster a more interconnected way of working to navigate the complexities of information governance and data security today. Yet these teams are continuously being tasked to do more with less.
Against a backdrop where attackers are increasingly skilled at compromising endpoints, stringent regulatory frameworks are in play, and businesses are collecting more data than ever before, technology needs to make up the difference with real-time continuous endpoint monitoring and fearless response capabilities.
This convergence of security, risk and privacy teams coupled with endpoint and response solutions can become a force-multiplier for success as organisations look to reduce risk and address benign threats before they escalate into a data breach.
- Protect yourself online with the best antivirus software.