It seems that just about every day, there’s a new jaw-dropping statistic that illustrates the tremendous growth of cyberattacks and data breaches that organizations are facing today. The attacks are not just increasing in number, but they’re also increasing in impact to your organization and, most importantly, impacting the sensitive data of your organization’s clients. This infographic that illustrates the world’s biggest data breaches and hacks in recent years, shows a considerable escalation in breaches involving hundreds of millions of data records per breach. That’s your sensitive data and your client’s sensitive data at risk.
While it’s more difficult than ever to protect your client’s data, the stakes for doing so are higher than ever. Data privacy and data breach notification laws continue to be strengthened worldwide, putting more pressure on companies to protect client data and promptly notify them when their data is exposed. When it comes to protecting data and meeting their data protection obligations, organizations today are between a rock and a hard place.
The Challenges of Protecting Data Today
In fact, you could actually say organizations are between a rock and a rock and a hard place, as they are experiencing three difficult data protection challenges, including:
Data Security Threats Are Ubiquitous
Cybercrime is continuing to rise and, despite the emergence of best practices to avoid them, we’re seeing more cyberattacks and data breaches than ever. Here are four statistics that illustrate just how ubiquitous data security threats are today:
- In 2020, the FBI’s Internet Crime Complaint Center (IC3) experienced a 69% increase in the volume of cybercrime complaints received since 2019 for a total of 791,790.
- It takes an average of 287 days for security teams to identify and contain a data breach.
- In another recent survey of 5,600 IT professionals, 66% of respondents had experienced a ransomware attack in the past year.
- In that same survey, the average ransomware payment grew 470% over the past year from $170,000 to $800,000.
Even as organizations continue to strengthen their practices regarding data security, it only takes one mistake to become a cybercrime victim.
Identifying Sensitive Data is More Challenging Than Ever
One of the reasons for the continued rise of data breaches is the challenge of identifying sensitive data in organizations. With data in the world expected to rise to 163 zettabytes (163 trillion gigabytes) by 2025, identifying important sensitive data within an organization is becoming increasingly challenging due to the overwhelming volume of redundant, trivial or obsolete (ROT) data and the volume of dark data not used to gain insights for decision making. The amount of ROT and dark data within an organization can be as much as 85%!
Regulations Are Continuing to Evolve
While protecting data is more difficult, the stakes for failing to do so continue to rise and evolve. While GDPR became effective in 2018 to protect data rights for citizens of the EU and CCPA became effective in 2020 to do the same for California citizens, four other states – Virginia, Colorado, Utah and Connecticut – have passed their own data privacy laws in the past fifteen months. In fact, California has already voted to replace their own law effective next year.
Not only that, the Securities and Exchange Commission (SEC) proposed amendments to its rules to enhance and standardize disclosures regarding cybersecurity risk management, strategy, governance, and incident reporting by public companies includes a requirement for regulated companies to disclose information about a cybersecurity incident within four business days!
Addressing Today’s Data Protection Challenges
Protecting your organization’s data (and the sensitive data of your clients) requires a combination of (you guessed it!) best practices and leveraging technology. To address today’s data protection challenges, your organization needs to: 1) stay current with regulatory developments; 2) implement and keep current strong policies and procedures; 3) apply automation to the privacy compliance function within your organization and 4) apply automation to the data loss prevention (DLP) function within your organization.
Over the next few posts, we will address each of these four areas of data protection in detail to discuss leveraging these best practices and technology automation mechanisms to protect your organization’s (and your clients’) sensitive data. With the right combination of data protection procedures and tools, your organization doesn’t have to remain between a rock and a hard place forever!
For more regarding Cimplifi data reduction and analytics capabilities, click here. For more on security, privacy, and compliance solutions, visit the new security, privacy, and compliance center on the Cimplifi website here.