Page 62 - Cyber Defense eMagazine forJune 2021
P. 62
The media headlines refer to these attacks as ‘data breaches’, yet the default approach to data security
for all these organizations has been concentrated on protecting the network - to little effect. In many
cases, these data breaches have seen malicious actors access the organization’s network, sometimes
for long periods of time, and then have their choice of data that’s left exposed and vulnerable.
So what’s the reasoning behind maintaining this flawed approach to data protection? The fact is that
current approaches mean it is simply not possible to implement the level of security that sensitive data
demands when it is in transit without compromising network performance. Facing an either/or decision,
companies have blindly followed the same old path of attempting to secure the network perimeter, and
hoping that they won’t be subject to the same fate as so many before them.
However, consider separating data security from the network through an encryption-based information
assurance overlay. This means that organizations can ensure that even when malicious actors enter the
network, the data will still be unreachable and illegible, keeping the integrity, validity and confidentiality
of the data intact without affecting overall performance of the underlying infrastructure.
Regulations and compliance
Regulations such as GDPR have caused many problems for businesses globally. There are multiple data
regulations businesses must comply with, but GDPR in particular highlighted how vital it is for
organizations to protect their sensitive data. In the case of GDPR, organizations are not fined based on
a network breach; in fact, if a cyber hacker were to enter an organization’s network but not compromise
any data, the company wouldn’t actually be in breach of the regulation at all.
Regulations including GDPR and others such as HIPAA, CCPA, CJIS or PCI-DSS, are focused on
protecting vulnerable data, whether it’s financial, healthcare or law enforcement data. The point is: it all
revolves around data, but the way in which data needs to be secured will rely on business intent. By
implementing an intent-based policy, organizations can ensure their data is being handled and secured
in a way that will meet business goals and deliver provable and measurable outcomes, irrespective of
how the regulatory environment might evolve over time - as it inevitably will.
Preventing data breaches
The growth in digitization means that there is now more data available to waiting malicious actors, and
sensitive data is becoming increasingly valuable across all business sectors.
To ensure the continued security of valuable, sensitive data, a change in mindset is required when it
comes to any cyber security investment. A CISO must consider essential questions, for example: Will
this technology protect my data as it moves throughout the network? Will this solution keep data safe,
even if criminals are able to hack into the network? Will this strategy ensure the business is compliant
with regulations concerning data security, and that if a network breach does occur, the business won’t
Cyber Defense eMagazine – June 2021 Edition 62
Copyright © 2021, Cyber Defense Magazine. All rights reserved worldwide.