In a way, this pandemic has kind of opened possibilities and equally exposed lapse in the system across every department. In this new norm, a key trend that is on the rise is “Privacy”. In fact, in the recent spate of attacks, millions of PII data have been exposed. As important as everything else are, security and privacy seem so often ignored. Every time I read about or hear about a breach, it is terrible than the previous one. Malwares, Ransomwares and Spywares are on an all time high and spreading through experts and novice users alike. Look at some of the biggest data breaches by impact in this article: Biggest Data Breaches.
When I sit back and think, can these be completely prevented? Or how do we minimize the impact of these? If you further dig deeper, maybe an end-to-end encryption and an appropriate anti-malware or equivalent could provide some relief. It is also important to have an individual or a team in the enterprise, responsible for thinking about such adverse risks and always be prepared for an eventuality, as well as focus on compliance to standards (regulatory or statutory). However, the basics are still not being practiced regularly while more and more untested technologies are being integrated within critical infrastructure. Most enterprises see these as expenses and not as cost of running business.
It is increasingly important to acknowledge and not keep it as an afterthought given that these attacks, most often than not, are by perpetrators (hacktivists or cyber criminals) that are professionally engaged to either damage the reputation of a brand or make commerce (extortion or blackmail or sell data in the black markets for misappropriation).
Many of todays existing technologies do offer counter solutions – like Encryption, Two-factor authentication, Tokens – most of the things that we may have followed and expect it to improve security, but none of these are still perfect. Organizations that don’t comply with regulation and consumer expectations run the risk of fines, bad publicity, and losing consumer trust. Privacy and Security affects almost all aspects of an organization.
This is the reason in today’s zero trust world, “security” and “privacy” has to be by design in everything that we do, and have a measure to know what we know and what we don’t? It is important to know if our organization is already compromised by any long-term exploit. Or What are you doing to minimize your attack? How many attempted breaches you identify every day? How many do you miss? How do you know?