Join us on November 9 to learn how to successfully innovate and gain efficiencies by improving and scaling citizen developers at the Low-Code/No-Code Summit. register here.
Eighteen minutes: In less time than it takes to receive a typical food delivery order, a sophisticated bad actor can completely compromise your network. Such a violation can not only irreparably damage the reputation of your organization, but also have a significant impact on its bottom line. The average cost of one breach reached a staggering $4.35 million this year, an all-time high. While some companies may weather such a financial blow, it may spell doom for many others.
The motive for these attacks is clear: to access sensitive, personal or proprietary data generated and stored anywhere and anytime. Today, businesses of all sizes across all industries continue to grapple with how to properly store, manage, control, govern and secure this valuable resource, especially in our post-pandemic digital frontier.
As the data landscape continues to evolve in size and complexity, so do security threats. While we have enjoyed a slight respite over the past two years as many malicious actors shifted their focus to exploiting COVID-19 economic aid, they have now refocused their gaze on targets in traditionally lush pastures like financial services, telecommunications, energy and healthcare.
The reality is that no business is immune to cybersecurity challenges, from the largest global corporations to family-run shops. So here are five ways businesses large and small can mitigate their risks, identify their vulnerabilities, and position their organizations for security success.
Data security: think about your employees
Without a doubt, the greatest cybersecurity threat to an organization is its people. Whether intentionally through an insider attack or unintentionally through social engineering, most breaches occur with significant insider cooperation.
“Jan, I’ve been busy with meetings all day and need you to immediately buy $500 worth of Apple Cards and send them to me as gifts for our clients.”
Does this dodgy text or email sound familiar? At some point, we’ve all received some version of these phishing scams, often allegedly from a CEO or senior executive, asking us to click on a link, update software, or buy a number. odd number of gift cards. Ironically, it’s often our desire to be helpful that gives bad actors a foot in the door. As more and more organizations seek to “democratize” data or make it accessible to more business users, it is critical that teams receive regular training and education to help them recognize the different types of threats and understand the procedures to properly handle such incidents.
Zero trust approach
Network security has traditionally been viewed as external versus internal: bad actors on the outside, good actors on the inside. But with the rise of the cloud and access to networks through cellphones, desktops, laptops, and many other devices, it is no longer possible or responsible to have such a clean separation.
Companies should instead set up a zero trust architecture: Essentially, a network-wide suspicion of anyone or any device inside or outside the perimeter. Rather than giving every employee or contractor full network access, start with minimal permissions or those they need for their role and require authentication on every network plane. This establishes a more layered security that makes sideways movement more cumbersome if a bad actor walks through the door or receives a key.
Secure hybrid multicloud
The future is hybrid. A modern data strategy can no longer be one-dimensional. Not on premise or in the cloud or multicloudbut a flawless marriage between them.
Organizations need a platform that is scalable, adaptable, and flexible: scalable to properly store and process massive amounts of data and diagnose vulnerabilities before they become a breach; adaptable to quickly build machine learning (ML) models on new data sources; and flexible to allow data and workloads to move freely to optimize cost, performance and security.
A hybrid model allows high-value, deeply sensitive data to remain on-premises while leveraging the cost-effective, elastic properties of multicloud to handle less sensitive information. When developing a hybrid model, ensure that your platform can enforce consistent security and governance policies throughout the data lifecycle, regardless of where it is stored or moved. or what they are used for.
Built-in data security and governance
For data to be used responsibly and effectively, it must be secure and consistently governed. If you don’t trust any of these fundamentals, then you can’t trust sharing the information either. Businesses should invest in a data solution with built-in security and governance capabilities early on in their digital transformation journey. It’s extremely difficult – and expensive – to go back and lock in a third-party solution later.
The stakes are even higher for companies operating in tightly controlled environments, with different rules of sovereignty and international, federal, state, industry or internal standards and regulations. All must be based on security and governance, not the other way around.
Secure and govern real-time data
While point solution providers may manage a few petabytes of data, in the enterprise world, a single customer’s data can exceed that. Moreover, a large part is unstructured data in motion that streams from the edge through billions of devices, sensors, and a myriad of other applications. This presents a huge security challenge for organizations and leaders.
As such, a key component of any cyber threat detection and mitigation strategy is the ability to ingest and track real-time data at scale. Understanding its provenance, or record, is vital – what is its lineage? Did it arrive well? Was it tampered with in the pipeline? What happened to him when he arrived? If a data platform provider lacks the ability to manage and protect large-scale streaming data, businesses will likely find that the figurative barn door will be closed after the horses have already been stolen.
Cybersecurity in 2023 and beyond
Data security has never been more complex or complicated, and a difficult geopolitical climate has only compounded the threats. Security vulnerabilities have increased exponentially, fueled by new remote work strategies and global stressors such as inflation, food shortages, rising unemployment and a looming recession.
With new innovations such as the metaverse, cryptocurrency and DeFi, 5G and quantum computing in their infancy, the cyber battle lines where corporations and bad actors engage will be continually redrawn. Although there has been a greater emphasis on security across industries, with many organizations taking significant steps to mitigate their exposure, we still find ourselves in an endless game of cat and mouse. For every step we take to become better, smarter, and safer, bad actors mirror our footprints, often armed with equal determination, ingenuity, and technological assets.
For organizations to be truly data-centric, they must prioritize security and governance as a fundamental pillar of any data management strategy. If they don’t, they might find themselves letting the foxes into the coop – without even knowing it.
Carolyn Duby is a Technical Field Director and Head of Cybersecurity at Cloudera.
Welcome to the VentureBeat community!
DataDecisionMakers is where experts, including data technicians, can share data insights and innovations.
If you want to learn more about cutting-edge insights and up-to-date information, best practices, and the future of data and data technology, join us at DataDecisionMakers.
You might even consider contributing an article your own!