Personal information has grown increasingly more digital. Hospital records, banking information and private company data are only a few examples of information that has been targeted in previous attacks.
This Data Privacy Week, security leaders have shared both thoughts and advice on how best to protect personal information.
Alec Nuñez, Director of Business Compliance at Poll Everywhere:
“The number one issue when it comes to data privacy is the lack of education and guidance for an organization’s team. Human error has been and will continue to be the number one cause of data security issues; there is no competition. Companies can significantly minimize the impact of it by crafting best practices and creating training programs for the handling of data with the intent that it become second nature for all.”
Don Boxley, CEO and Co-Founder of DH2i:
“Today, as organizations endeavor to protect data — their own as well as their customers’ — many still face the hurdle of trying to do so with outdated technology that was simply not designed for the way we work and live today. Most notably, many organizations are relying on virtual private networks (VPNs) for network access and security. Unfortunately, both external and internal bad actors are now exploiting VPN’s inherent vulnerabilities.”
Surya Varanasi, CTO, Nexsan:
“Today, it would be extremely challenging to find an organization that isn’t backing up their data. However, today that just isn’t enough. Cybercriminals have become increasingly aggressive and sophisticated, along with their ransomware and other malware. And now, the threat isn’t just that they will hold your data until payment, cybercriminals are now threatening to make personal and confidential data public if not paid. It is therefore critical that cyber hygiene must include protecting backed up data by making it immutable and by eliminating any way that data can be deleted or corrupted.”
Brian Dunagan, Vice President of Engineering at Retrospect:
“Every organization, regardless of size, faces the real possibility that they could be the next victim of a cyberattack. That is because today’s ransomware, which is easier than ever for even the novice cybercriminal to obtain via Ransomware as a Service (RaaS), strikes repeatedly and randomly without even knowing whose system it is attacking. Ransomware now simply searches for that one crack, that one vulnerability, that will allow it entry to your network. Once inside it can lock-down, delete and/or abscond with your data and demand payment should you wish to keep your data private and/or have it returned.”
Adam Marrè, CISO at Arctic Wolf:
“It’s critical for consumers to stay vigilant as online platforms and social media apps, especially those that are free, still do come with a cost. Algorithms designed to direct users to apps and keep them there longer often work in manipulative ways that do not align with users’ best interests, collecting detailed and sensitive data that can be used to target people via phishing emails, propaganda and/or controlling/accessing devices.”
Jason Kravitz, leader of law firm Nixon Peabody’s Cybersecurity & Privacy practice:
“While an impenetrable cyber defense is the ideal scenario, that is not realistic in the short term. As a result, cyber resilience should be the centerpiece of every organization’s plan. A potential recession this year will put enormous pressure on companies to reduce costs. However, cutting cybersecurity spend is a dangerous — and potentially catastrophic — way to balance a budget."
Eve Maler, ForgeRock CTO and past Forrester Research security and risk analyst:
Eric Bassier, Senior Director of Products at Quantum:
“According to a recent study of IT and business executives, two out of five revealed that their organizations had suffered from successful ransomware attacks. Even worse, over 80% reported that they had paid ransoms to get their data back. That’s because cybercriminals are always on the hunt for new ways to trick users into clicking on links which open the door to ransomware infiltration. Ransomware is just one threat in the ever-growing cyber threat landscape. It is imperative that organizations have a documented plan on how they are protecting and recovering their data — in every stage of its lifecycle — from all manners of cyber threats.”
Corey Nachreiner, Chief Security Officer at WatchGuard Technologies:
“Data Privacy Day provides a yearly reminder that data privacy and data security are inextricably linked. Even as laws around the world increasingly recognize the rights of individuals to control how information about them is collected, used and stored, they are also putting greater responsibility on companies for being good stewards of that data and holding them accountable when they aren’t. But protecting data from malicious actors is everyone’s responsibility."