Data has never been more important to businesses than it is today. Today it is at the core of what makes a company valuable. Data yields many insights about customer and consumer behavior. Data also brings with it challenges, about data privacy, access and security.
Surveying the key issues and offering solutions, Guy Leibovitz, CEO of Cognigo, offers insights for Digital Journal readers.
Digital Journal: How valuable is data for businesses?
Guy Leibovitz: A century ago, organizations had physical assets as their foundations, but today, due to major advancements in machine learning and big data technologies, data is the lifeline of most businesses. Its value can be very difficult to measure, but it is clear that the more you know about your customers, the better you can serve them, which leads to happier customers and more business. However, data loss can cause the exact opposite and impact a company very negatively.
DJ: Should consumers be worried about what happens to their data?
Leibovitz: Gartner predicts that more than 80 percent of organizations will fail to develop a comprehensive data governance program by 2021 so, in general, people should definitely be more alert about where they share their data. In addition to the risk of hackers harvesting your data for future attack purposes, the fact is that your data is private and includes personal information that you may not want to share with everyone.
Because many businesses today are based on consumer data, the granularity of that data has gone wild, with organizations knowing details like your favorite food, what time you go out for a run, and even what you had last night for dinner. While this can be very beneficial for both the consumer and the vendor, we must be able to trust our vendors. Thankfully, new regulations such as the GDPR and the CCPA are helping consumers regain this trust while empowering organizations to correctly handle their data.
DJ: Can more be done to protect what happens to data?
Leibovitz: The main differences between today and a decade ago are the sheer amount of data and the multiple storage silos such as laptops, servers and cloud services. Existing data protection solutions were not built to support these amounts of data, nor this type of distribution. According to Forrester, more than 62% of organizations don’t know where their most critical data resides, so the first action that organizations must take is to invest in a modern solution that empowers them to know where each piece of sensitive information resides at any given time.
Beyond that, organizations should centralize all data security and governance to ensure that they can detect vulnerable data and take action to mitigate the risk. The good news is that the abundance of data has brought with it an increase in AI technology which, if properly used, can simplify the challenge of discovering, classifying and protecting data.
DJ: What was driver behind GDPR?
Leibovitz: In my opinion, the GDPR is a natural move for lawmakers who are starting to understand the power that organizations wield by having so much access to personal data. That power, along with some very big and widespread data breaches over the past few years, has helped bring new regulation to life. The GDPR gives people the right to their data and makes organizations liable for their security (or lack thereof).
DJ: Will a GDPR-style legislation come to the U.S.?
Leibovitz: We believe that an all-encompassing federal bill for data privacy protection will eventually come to the U.S. For now, we are seeing individual states enacting their own privacy and cybersecurity legislation to protect consumers’ personal data. For example, California’s Consumer Privacy Act (CCPA) was signed last June, and Vermont passed the nation’s first law regulating data brokers. Many other states are passing some sort of privacy laws as well, and we expect this trend to continue in the future.
DJ: Why do data security issues continue to occur?
Leibovitz: Data is critical in today’s world, and criminal hackers have discovered how easy it is to make money by exploiting it. They are going after the businesses and organizations that do not properly secure their data, which forces them to deal with the consequences of a security lapse. This cycle will continue to repeat over and over again until companies realize they must be proactive in maintaining their data and make it a priority to keep it out of the hands of criminals.
DJ: What were 2018’s main data security issues?
Leibovitz: I would say that the biggest was probably the Facebook breach. Mark Zuckerberg was forced to testify for over four hours before the U.S. Senate, explaining how and why Facebook user data had fallen into the hands of an external data mining firm. It might not have been the biggest in terms of data loss, but it was definitely the biggest in terms of media attention and consumer awareness.
DJ: How can businesses and citizens better secure their data?
Leibovitz: Consumers can ask businesses to provide them with the information they have about them and detail exactly what the information is used for. This is called a Data Subject Access Request, and the GDPR has defined this as one of the services that organizations must provide if they store personal data. I also recommend sharing your data only when necessary, and only with trusted firms.
As for businesses, they should take the step of correctly handling their data and making sure all the information they have is accounted for. Using advanced AI technology, they can automate this action to properly discover, classify and protect their most critical data assets, thereby reducing the risk of a breach.
DJ: Where do most cyberattacks come from?
Leibovitz: Cyberattacks are no different than any other form of organized crime. They no longer originate from a single hacker, but rather a team of professional, technologically advanced criminals that may be distributed around the globe. We know that many of the attacks come from eastern Europe or China, but that does not necessarily mean the mastermind is based in the same location.
