Page 62 - Cyber Defense eMagazine forJune 2021
P. 62

The media headlines refer to these attacks as ‘data breaches’, yet the default approach to data security
            for all these organizations has been concentrated on protecting the network - to little effect. In many
            cases, these data breaches have seen malicious actors access the organization’s network, sometimes
            for long periods of time, and then have their choice of data that’s left exposed and vulnerable.


            So what’s the reasoning behind maintaining this flawed approach to data protection? The fact is that
            current approaches mean it is simply not possible to implement the level of security that sensitive data
            demands when it is in transit without compromising network performance. Facing an either/or decision,
            companies have blindly followed the same old path of attempting to secure the network perimeter, and
            hoping that they won’t be subject to the same fate as so many before them.


            However, consider separating data security from the network through an encryption-based information
            assurance overlay. This means that organizations can ensure that even when malicious actors enter the
            network, the data will still be unreachable and illegible, keeping the integrity, validity and confidentiality
            of the data intact without affecting overall performance of the underlying infrastructure.


            Regulations and compliance
            Regulations such as GDPR have caused many problems for businesses globally. There are multiple data
            regulations  businesses  must  comply  with,  but  GDPR  in  particular  highlighted  how  vital  it  is  for
            organizations to protect their sensitive data. In the case of GDPR, organizations are not fined based on
            a network breach; in fact, if a cyber hacker were to enter an organization’s network but not compromise
            any data, the company wouldn’t actually be in breach of the regulation at all.


            Regulations  including  GDPR  and  others  such  as  HIPAA,  CCPA,  CJIS  or  PCI-DSS,  are  focused  on
            protecting vulnerable data, whether it’s financial, healthcare or law enforcement data. The point is: it all
            revolves around data, but the way in which data needs to be secured will rely on business intent. By
            implementing an intent-based policy, organizations can ensure their data is being handled and secured
            in a way that will meet business goals and deliver provable and measurable outcomes, irrespective of
            how the regulatory environment might evolve over time - as it inevitably will.


            Preventing data breaches
             The growth in digitization means that there is now more data available to waiting malicious actors, and
            sensitive data is becoming increasingly valuable across all business sectors.


            To ensure the continued security of valuable, sensitive data, a change in mindset is required when it
            comes to any cyber security investment. A CISO must consider essential questions, for example: Will
            this technology protect my data as it moves throughout the network? Will this solution keep data safe,
            even if criminals are able to hack into the network? Will this strategy ensure the business is compliant
            with regulations concerning data security, and that if a network breach does occur, the business won’t






            Cyber Defense eMagazine – June 2021 Edition                                                                                                                                                                                                62
            Copyright © 2021, Cyber Defense Magazine.  All rights reserved worldwide.
   57   58   59   60   61   62   63   64   65   66   67