According to Forrester's Understand The State Of Data Security And Privacy: 2015 To 2016 report, in the past 12 months, the top three most common breaches were: internal incident within an organisation (39%), external attack targeting an organisation (27%), and external attack targeting a business partner/third-party supplier (22%). Also personally identifiable information (PII) was one of the top two data types compromised most in a breach.
In order to implement truly effective data security, you need to understand people and data, and how they interact. And applying more budget and additional alerts won't necessarily make for a more secure environment, but it might just stop people from doing their jobs effectively. It might seem inconceivable that threats to your data might come from within your organisation, but as data becomes increasingly valuable – some have described it as the new gold or oil – you can't afford to rule out any possibility. Even accidental data loss can have a negative impact on your business. Over and above the impact of the loss of your intellectual property, there's also the matter of regulatory compliance, whereby legislation such as POPI dictates that you need to keep customers' personal data secure.
The good news is, that if you can identify high risk users, you can implement data protection controls. In addition, identifying high risk data behaviours means that such users can be investigated further. The latest thinking in protecting your company data against internal threats is to combine deep visibility and analytics to normal user behaviour. This enables the business to quickly identify and record high risk behaviour, and take remedial action, regardless of whether the user behaviour is malicious or accidental. The end goal is to prevent insider theft and the exfiltration of critical data, regardless of whether the cause is hijacked systems, rogue insiders or negligent end users.
The way in which you protect your critical data has to constantly be changing to keep pace with the myriad ways in which data can be compromised. ForcePoint Security Labs has just released its annual report on security predictions for 2017, and it underlines just how rapidly security threats are evolving.
10 security predictions for 2017
1. The digital battlefield is the new cold (or hot?) war – Cyber-attacks are being regarded as acts of war.
2. Millennials in the machine – A new digital generation in the workplace will pose new threats and opportunities around data.
3. Compliance and data protection convergence – The European Union's General Data Protection Regulation (GDPR) becomes a legal requirement as of May 2018.
4. Rise of the corporate-incentivised insider threat – Where the organisaation inappropriately leverages its customers' personal data to meet corporate profit expectations and other performance goals
5. Technology convergence and security consolidation – Vendor consolidation could result in smaller security vendors closing down, which means that their offerings might not be supported going forward.
6. The cloud as an expanding attack vector – Increasing migration to the cloud brings with it new and different security concerns.
7. Voice-first platforms and command sharing – Human and technology convergence such as the use of voice-activated artificial intelligence means the ways in which we access the Web, data and apps will change.
8. AI and the rise of autonomous machine hacking – The widespread implementation of autonomous and automated hacking devices will drive the development of automated and autonomous patching.
9. Ransomware escalation – The use of ransomware is expected to escalate in 2017 and this is going to expand to target competitors' R&D data in the race to be at the forefront of tech innovation.
10. Abandonware vulnerability – Users in the IT security industry continue to use abandoned or obscure software, unknowingly and unnecessarily putting themselves at risk.
Read the full report here: https://www.forcepoint.com/resources/reports/2017-forcepoint-security-predictions-report