Threats to your data are virtually everywhere these days, and too often, data compromises seem almost inevitable. But with a proactive approach to data security, organizations can fight back against the seemingly endless waves of threats.
IBM Security X-Force found the most common threat on organizations is extortion, which comprised more than a quarter (27%) of all cybersecurity threats in 2022. Thirty percent of those incidents occurred in manufacturing organizations. Malware attacks via backdoors made up 21% of all incidents, and 17% were ransomware attacks. For the 12th year in a row, the average cost of a breach was the highest in the US healthcare industry at $10.10 million.
Data protection, defined as protecting important information from corruption, damage or loss, is critical because data breaches resulting from cyberattacks can include personally identifiable information (PII), health information, financial information, intellectual property and other personal data. Data breaches can be disastrous for organizations. But the loss of personal information in a data breach can also have significant consequences on an individual, including financial loss, identity theft, other fraud, emotional distress and even damage to reputation.
Closely related to data security and an integral part of taking a proactive stance toward it is data privacy (link resides outside of ibm.com), or how data is stored, accessed and secured against improper access, theft or other loss. An example of the importance of data privacy is in the healthcare industry, where it’s critical to protect confidential patient information for patient trust and comply with regulations.
Data security is the practice of protecting digital information from unauthorized access, corruption or theft throughout its entire lifecycle. It refers to the processes and tools used to safeguard a corporation’s data across all platforms and applications—both on-premises and in cloud computing—from unauthorized access, corruption, accidental disclosure, modification and loss.
The key to secure data is maintaining an organization’s data confidentiality, integrity and availability (CIA) throughout its lifecycle. That can include trade secrets and other sensitive information.
A comprehensive data security strategy (link resides outside of ibm.com) includes people, processes and technology. It means physically securing servers and user devices, managing and controlling access, application security and patching, maintaining thoroughly tested, usable data backups and educating employees. But it also means having a comprehensive set of threat management, detection, and response tools and platforms that protect sensitive data across today’s hybrid cloud environments.
It’s important to remember that sensitive data needs to be protected from both insider and outsider threats. Outsiders can include lone hackers and cybercriminals who can belong to a criminal group or a nation-state-sponsored organization. Threats can come in the form of destructive malware, phishing or ransomware.
Insider threats include current and former employees, customers or partners, and accidental breaches by employees. One such breach occurred in May 2022, when a departing Yahoo (link resides outside of ibm.com) employee allegedly downloaded about 570,000 pages of Yahoo’s intellectual property (IP) just minutes after receiving a job offer from one of Yahoo’s competitors. In 2021, a Dallas (link resides outside of ibm.com) IT employee was fired for accidentally deleting 15 terabytes of Dallas police and other city files.
Best cybersecurity practices mean ensuring your information security in many and varied ways and from many angles. Here are some data security measures that every organization should strongly consider implementing.
Monitoring your users and who can access what data is also important.
Another critical area is making sure you take care of your platforms, computers and records, both current ones and those you are disposing of.
Amid growing public concern about data privacy, governments worldwide are introducing stringent compliance regulations. Current approaches to data privacy and data protection are mostly reactive, which can place an onerous burden on compliance officers as current regulations evolve, new industry regulations are introduced, and the penalties of non-compliance continue to rise.
To comply with data protection regulations, highly regulated industries require organizations to maintain high data security. For instance, the California Privacy Rights Act (CPRA) (link resides outside of ibm.com) protects the privacy rights of California consumers, and Health Insurance Portability and Accountability Act (HIPAA) applies to US healthcare organizations. The PCI Data Security Standard (PCI DSS) helps businesses accepting credit cards to process, store and transmit credit card data securely.
There are many reasons it’s vital to be proactive about keeping data safe. The threat of data breaches or losses, failed audits or regulatory compliance failures can not only damage an organization’s reputation and compromise intellectual property, but also bring about substantial fines. For instance, data breaches under the EU’s General Data Protection Regulation (GDPR) can cost an organization up to 4% of its global annual revenue or 20 million euros, whichever is more.
Fines for not complying with data privacy laws can also be steep in the US. Violating HIPAA Privacy Standards can bring fines ranging from USD 1000 to USD 50,000 per violation. The Federal Trade Commission (FTC) can assess penalties of up to USD 40,000 per violation of the FTC Act or the Children’s Online Privacy Protection Act (COPPA), with each day of non-compliance being a separate violation and fine.
Yet, facilitating compliance is challenging as data sets, organizational structures and processes become increasingly complex. For example, much of today’s data resides across a hybrid multicloud environment, on-prem and in multiple clouds and data lakes.
Companies need to get proactive about data security since a breach can be disastrous for their bottom line. In 2022, it took an average of 277 days to identify and contain a data breach. But if organizations could shorten this time to 200 days or less, they could save an average of USD 1.12 million. Stolen or compromised credentials, the most common type of breach, cost companies USD 150,000 more than other types of data breaches. They also took the longest time to identify, at 327 days.
Having an open, intelligent approach to accessing, curating, categorizing and sharing data across the enterprise helps strengthen compliance and also enables more insightful, data-driven decision making. The more you know and protect your sensitive data, the better you can use that data in new projects and increase your organization’s innovation.
The automated data governance capabilities in IBM data fabric solutions ensure a required level of privacy is enforced as sensitive data is consumed within key endpoints across a distributed data landscape. By combining data fabric and data security, organizations can ensure their data remains compliant and secure, and their networks are protected.
As an organization’s data footprint expands across various environments, partners and endpoints, the threat landscape also expands. Cybercriminals seeking to exploit security vulnerabilities put sensitive and valuable information at risk. It’s vital to confidently protect data, which is a critical foundation of every business operation.
Data security solutions (link resides outside of ibm.com), whether implemented on-premises or in a hybrid cloud, help organizations gain greater visibility and insights into investigating and remediating cybersecurity threats, enforcing real-time controls and managing regulatory compliance.
IBM Security Guardium offers a comprehensive solution of products designed to help clients protect sensitive data, preserve privacy and address compliance throughout the data security lifecycle.
Visit the data governance page