- Peter Woollacott, Head of Huntsman, a global cyber-security firm
The modern company is undoubtedly going through a transformative period. As recently as 10 years ago, the idea that a company could have some of its most valuable property stolen, and not notice or act for days after the fact, would have seemed unfathomable.
Today, data breaches such as these are not only happening, but becoming commonplace.
The rise of this nightmarish threat can be attributed to the following:
1. Companies have access to great detection tools but have no idea how to use them.
Cyber-security experts have been warning companies for years of the need to secure their IT infrastructure, and have been providing the technology to make this possible. Most companies heeded that warning and invested in the necessary technology. However, companies have become overwhelmed with the amount of data coming from this technology in a way that they struggle to differentiate between false threats and real ones – until it is too late to prevent a breach.
Fix: Investing in technology is necessary, but it is equally as important to invest in employees who know how to use the technology effectively and efficiently
2. Inadequate Information Governance (IG) practices.
In another article, we discussed why every company should prioritize having an effective, holistic IG program in place in order to mitigate the risk of using information and gain a competitive edge. Companies with no IG program in place are the ideal candidates for various types of IG risks, including those that relate to cross-border transfers of data, retaining data for excessive amounts of time, using personal data for inappropriate purposes, and failing to comply with prescribed requirements in the event of a data breach.
Fix: Having an effective IG policy that is tailored to the needs and practices of your company is indispensable to mitigate risk.
3) "I've built a mighty castle – I'm safe!"
So you've invested in state-of-the-art security, the best encryption options on the market, and developed a sturdy IG program. You must feel pretty comfortable behind those castle walls. This type of thinking is risky because it loses sight of the biggest vulnerability in any well-designed system – the human component. Many of the world's most secure networks have been compromised simply because an employee responded to a malicious email or clicked on a bad link.
Fix: Many companies operate on a "castle and moat" basis which means that their defences are largely outward-facing. Turning some of the defences inward and investing in the training and monitoring of the company's personnel can help solve this problem.