To safeguard consumers, organisations need to keep prioritizing security hygiene year-round. This comes in the wake of cyberattacks on bodies like 23andMe, which went undetected for months.
As the cybersecurity threat landscape continues to evolve, the most common root cause of cyber-attacks this year were vulnerabilities (37 percent) – both widespread and less well-known vulnerabilities in hardware devices, followed by compromised credentials. This indicates that organizations are sometimes not patching. The main reason given for not updating the security features of software is often a lack of time.
Ideally, in the firm, security and IT teams should be separate; however, this is not really achievable in many organizations and hence the responsibility to protect ultimately falls on IT teams.
New research from CData shows that overburdened IT teams are leading to cybersecurity risks. IT employees spend up to 60 percent of their weeks servicing or managing data requests from other employees or teams, and more than a quarter of IT employees (27 percent) analyze data every single day of the week. In addition, 70 percent of employees are doing so more than half of the week.
Reviewing the survey, Kris Lahiri, co-founder and CSO of Egnyte tells Digital Journal: “Organizations and individuals are beginning to navigate an increasingly complex data privacy landscape, with companies storing more personally identifiable information while adhering to modern data privacy regulations enacted nationwide and globally, with 71 percent of countries today having some legislation currently in place.”
To do so garners business advantages, especially as consumers become more aware of data vulnerabilities. Here Lahiri observes: “More customers are considering how companies will use and store their data before agreeing to do business with them, especially with the recent advancements companies are making with AI, so it is vital to review your data privacy policies and how to serve your customer base best.”
One of the newer and considerable risks arises from artificial intelligence. Lahiri spells this out: “As AI technology becomes more commonplace, users will try to leverage these tools with their company data, much like during the “shadow IT” era. While heavily regulated companies may create explicit blocks on these tools, a more prudent approach is to review how these technologies protect the data privacy of the data that they use. Consider adding a company-wide AI policy to complement your data privacy policy.”
There is also a lack of coherent privacy legislation, particularly in the U.S., which is hampering progress toward better protection. Lahiri says: “In the U.S., 12 state consumer privacy laws are active today, with more plans to be enacted by the end of the year. This momentum around privacy regulations is going strong, so take the time to review new data privacy regulations and how they apply to your business. Don’t wait for a formal compliance request to get your privacy practices in order – stay one step ahead.”
In terms of the key advice, Lahiri says “stay proactive”. This can be achieved “by updating your data privacy policies and mapping your company data. Understand where your structured and unstructured data lives, how it is used, and who has access to it. By having a complete picture of the data that your organization stores, you can also see the potential risks that may arise so that you can bolster your cybersecurity defenses.”