Join top executives in San Francisco on July 11-12, to hear how leaders are integrating and optimizing AI investments for success. Learn More
Eighteen minutes: In less time than it takes to receive a typical food delivery order, a sophisticated bad actor can completely compromise your network. Such a breach can not only irreparably harm your organization’s reputation, it can severely impact its bottom line. The average cost of a breach reached a staggering $4.35 million this year, an all-time high. While some businesses can ride out such a financial hit, it may sound the death knell for many others.
The motive behind these attacks is clear: To access sensitive, personal or proprietary data generated and stored anywhere and everywhere. Today, businesses of all sizes in all sectors continue to grapple with how to properly store, manage, control, govern and secure this prized resource, particularly in our post-pandemic digital frontier.
As the data landscape continues to evolve in both size and complexity, so do security threats. While we enjoyed a slight reprieve over the last two years as many bad actors diverted their attention to exploiting COVID-19 economic relief, they’ve now retrained their gaze on targets in traditionally lush pastures like financial services, telecommunications, energy and healthcare.
The reality is that no company is immune to cybersecurity challenges, from the largest global enterprises to mom-and-pop shops. So, here are five ways businesses big and small can mitigate their risks, identify their vulnerabilities and position their organizations for security success.
Join us in San Francisco on July 11-12, where top executives will share how they have integrated and optimized AI investments for success and avoided common pitfalls.
Data security: Mind your people
Without a doubt, the biggest threat to an organization’s cybersecurity is its people. Either willingly through an insider attack or unwittingly through social engineering, most breaches occur with significant internal cooperation.
“Jan, I’m tied up in meetings all day and need you to purchase $500 in Apple Cards immediately and send them to me as gifts for our clients.”
Does this shady text or email sound familiar? At some point, we’ve all received a version of these phishing scams, often purportedly from a CEO or senior leader, asking us to click on a link, update software, or purchase an odd amount of gift cards. Ironically, it’s often our desire to be helpful that gives bad actors a foot in the door. As more organizations look to “democratize” data or make it accessible to more business users, it’s paramount that teams receive regular training and education to help them recognize various types of threats and understand procedures to properly handle such incidents.
Network security has traditionally been thought of as outside versus inside: bad actors outside, good actors inside. But with the rise of cloud and with access to networks by mobile phones, desktops, laptops and any number of other devices, it’s no longer feasible or responsible to have such a neat separation.
Businesses should instead implement a zero-trust architecture: Essentially, a network-wide suspicion of anyone or any device inside or outside the perimeter. Rather than giving every employee or contractor complete network access, start with minimal permissions or those they need for their role and require authentication on every network plane. This establishes more layered security that makes lateral movement more tedious should a bad actor break through the door or be given a key.
Secure hybrid multicloud
The future is hybrid. A modern data strategy can no longer be one-dimensional. Not on-premises or cloud or multicloud, but a seamless marriage between them.
Organizations must have a platform that’s scalable, adaptable and flexible: scalable to properly store and process massive amounts of data and diagnose vulnerabilities before they become a breach; adaptable to quickly build machine learning (ML) models on new data sources; and flexible to allow data and workloads to freely move to optimize cost, performance and security.
A hybrid model allows high-value, deeply sensitive data to remain on-premises while taking advantage of the elastic, cost-effective properties of multicloud to manage less sensitive information. When developing a hybrid model, ensure your platform can enforce consistent security and governance policies throughout the data’s entire lifecycle, regardless of where it’s stored or moved to, or what it’s used for.
Built-in data security and governance
For data to be used responsibly and effectively, it must be secured and governed consistently. If you don’t have confidence in either of those foundational elements, you also can’t have confidence when sharing the information. Businesses must invest in a data solution that has security and governance capabilities built in from the onset of their digital transformation journeys. It’s extremely difficult — and expensive — to go back and bolt on a third-party solution later.
The stakes are even higher for enterprises operating in tightly-controlled environments, with different sovereignty rules and international, federal, state, industry or internally-designated standards and regulations. Everything must be built on top of security and governance, not the other way around.
Secure and govern real-time data
While point solution providers may manage a few petabytes of data, in the enterprise world the data of just a single customer can exceed that. Additionally, much of it is unstructured data in motion that streams in from the edge through billions of devices, sensors and a myriad of other applications. This presents an immense security challenge for organizations and leaders alike.
As such, a key component of any cyberthreat detection and mitigation strategy is the ability to ingest and track real-time data at scale. Understanding its provenance, or record, is vital — what’s its lineage? Did it arrive securely? Was it tampered with in the pipeline? What happened to it once it arrived? If a data platform provider doesn’t have the capability to manage and protect streaming data at scale, it’s likely businesses will find that the figurative barn door will be closed after the horses have already been stolen.
Cybersecurity in 2023 and beyond
Data security has never been more complex or complicated, and a fraught geopolitical climate has only escalated the threats. Security vulnerabilities have increased exponentially, fueled by new remote-work strategies and global stressors such as inflation, food shortages, increased unemployment and a looming recession.
With new innovations such as the metaverse, cryptocurrency and DeFi, 5G and quantum computing all in their infancy, the cyber battle lines where businesses and bad actors engage will continually be redrawn. While a greater emphasis has been placed on security across industries, with many organizations taking significant measures to mitigate their exposure, we still find ourselves in an endless game of cat and mouse. For every step we take to get better, smarter and safer, bad actors mirror our footprints, often armed with equal determination, resourcefulness and technological assets.
For organizations to be truly data-first, they must prioritize security and governance as a foundational pillar of any data management strategy. If they don’t, they may find themselves letting the foxes into the henhouse — and never even know it.
Carolyn Duby is field CTO and cybersecurity lead at Cloudera.
Welcome to the VentureBeat community!
DataDecisionMakers is where experts, including the technical people doing data work, can share data-related insights and innovation.
If you want to read about cutting-edge ideas and up-to-date information, best practices, and the future of data and data tech, join us at DataDecisionMakers.
You might even consider contributing an article of your own!