Digitization received a strong boost during the corona pandemic. However, this is often at the expense of data security, which cybercriminals are increasingly exploiting. What companies can do now to increase the security of their data, why effective strategies do not necessarily have to be expensive and time-consuming - and what role employees play in this context.
Due to the pandemic, human and financial resources were deployed in many companies to increase data security. |
Data security often plays a subordinate role in business decisions. In addition, the additional costs make many data security solutions unattractive. The situation is exacerbated by the global pandemic and economic uncertainty. It forces companies to take unusual measures to keep business going. Which business trends are causing companies to fall into the data security trap? What can companies do to use affordable means to reduce the risk of data breaches?
For many companies, the coronavirus meant that a large part of the workforce was sent to the home office practically overnight. A report by the Information Systems Security Association (ISSA) found that most organizations were only "fairly well prepared" when it came to securing their remote devices and home-use applications. They had to secure devices, provide secure network access for remote employees, monitor network traffic, and coordinate IT infrastructure relocations and IT changes (e.g. swapping the server) with IT operations. According to the ISSA report, there was a 63rd year in April 2020 -percent increase in cyberattacks that can be traced back to the pandemic.
Another pandemic-related business trend is cost-effective pay-as-you-go models. For this purpose, workloads are shifted to cloud environments in order to use scalable database functions. A recent survey by Aptum found that since the coronavirus pandemic began, nearly two-thirds of companies have used cloud technology to scale infrastructure to meet demand and control costs. Almost half of the companies had installed cloud solutions to provide critical services to end customers. A pre-pandemic report by Oracle found that 92 percent of IT and security professionals surveyed identified a “cloud security vulnerability“See between the current and planned cloud usage and the maturity of their cloud security programs. If you compare the business trend of pay-as-you-go models with the results of the Oracle report, companies face catastrophic data breaches.
Data protection and compliance regulations must be adhered to, despite the unusual circumstances that the pandemic has brought with it. Security strategies must be developed and security controls must be extended to all cloud environments. In the time between implementing strategies and taking action, Imperva cybersecurity experts have identified some cost-effective solutions that will help companies minimize the risk of data breaches:
Employees need to be sensitized
How well data security is implemented in the company depends on the employees. It is therefore important that employees are regularly informed about the applicable safety regulations. A recent study by Kaspersky Lab has shown that only a tenth (12 percent) of the employees surveyed know their company's IT security guidelines and rules and that around 90 percent of security breaches can be traced back to human error. IT teams need to make sure mistakes don't become a habit. Password protection and multi-factor authentication should be an integral part of the internal “data security culture”. How and where employees connect to the company network should be kept in mind. To rule out risks from potentially unsecured systems, remote employees should connect to the company VPN when they want to access the cloud.
Service providers are not responsible for data security within the cloud
Like any service provider, the cloud service provider will do their best to ensure that there are no weak points in their overall system. Ultimately, however, the companies are responsible for the data within a cloud instance. Sometimes the best of a service provider is not enough. A recent analysis of 2 million scans of 300,000 public cloud resources found that more than 80 percent of organizations have at least one web-enabled workload that has been unpatched for more than 180 days. Another 60 percent have at least one neglected Internet-enabled workload that has reached the end of its life because it is no longer supplied with security updates. The scans ran via Amazon Web Services (AWS), Microsoft Azure, and the Google Cloud Platform (GCP). The security team must ensure that the cloud service providers comply with regulations and keep security patches up to date. The providers must be regularly checked on their threat intelligence teams, which keep an eye on all external risks. Internal and external access to cloud applications must be identified. In addition, companies should check which additional risks could arise from their own networks.
Strategies must be inexpensive and easy to implement
Due to the pandemic, human and financial resources were used to increase data security. Due to a large number of projects, important safety strategies fell by the wayside. Although additional IT staff cannot be financed for most companies, security experts could be hired for individual projects. They can make an important contribution to data security by locating and classifying sensitive information in the entire database of the company or by enabling 100 percent visibility of the database. In most cases, such projects help to improve the general security situation.
Organizations should also consider outside developers to implement a tool like User and Entity Behavior Analysis (UEBA). This enables anomalies to be discovered faster and security threats to be contained. In times of the coronavirus, UEBA becomes even more important because the database activities by remote employees are more diverse. Databases supporting cloud workloads are also being added, and internal and external security threats are also increasing. The use of UEBA can compensate for many of the pandemic-related challenges.
A hasty entry into new work dynamics and technologies can make the digital transformation of a company more difficult. However, with inexpensive and strategic measures, it is possible to turn current challenges into opportunities to do a better job with privacy and security.
0 Comments