This is part 2 in a series for Data Privacy Day 2022. Don't forget to apply for our Cyber Top 20 List - recognizing the top companies in cyber!
Data Privacy Day occurs each year on January 28 and was created to raise awareness and promote privacy and data protection best practices. Data Privacy Day's educational initiative originally focused on raising awareness among businesses as well as users about the importance of protecting the privacy of their personal information online, particularly in the context of social networking.
We heard from privacy and security experts from across the world about how far we've come in the past year in terms of data privacy understanding and implementation -- and how far we still have to go...
Gorka Sadowski, chief strategy officer, Exabeam
“Every year, Data Privacy Day is a timely reminder that organizations are custodians of our private information and that they must do everything in their power to protect our data from misuse and unauthorized leaks. Right now, information exfiltration via ransomware and insider threat seems to be rampant. The security community must better work together and prioritize innovation and collaboration above competition to fight our shared cyber enemies.
As global ransomware payments skyrocket, it proves that cybercriminals are willing to collaborate and pool resources with other threat actors to develop new ways to breach organizations around the world. Our greatest hope in defeating such highly coordinated cyberthreats is to become united in fending off their multifaceted attacks. To that end, I’m pleased to see governments finally mobilizing against cyber adversaries to prevent devastating consequences on companies in both the public and private sectors.
In addition to the various laws and mandates that preserve privacy and data standards for individuals, we remain committed to showing the world that cybersecurity is really a team sport. Our XDR Alliance was created to foster an open approach to extended threat detection, investigation and response (TDIR) for security teams everywhere. As the founding organization, we believe that a unified approach to fighting cybercrime is the future to stopping the adversaries from gaining new ground.”
Keith Neilson, Technical Evangelist, CloudSphere
“In the U.S. alone, there are several disparate federal and state laws, some of which only regulate specific types of data - like credit or health data, or specific populations - like children. Combine these regulations with the many different international laws that aim to ensure data privacy, such as GDPR, and compliance for companies with global operations becomes an extremely complex undertaking.
Data Privacy Day serves as a reminder that cyber asset management should be a top priority for every organization. Enterprises cannot ensure compliance and data security unless all assets are properly known, tagged, and mapped in the cloud. To avoid jeopardizing sensitive company or customer data, organizations must take the first step of cyber asset management to secure visibility of all cyber assets in their IT environment and understand connections between business services. This includes identifying misconfigurations and automatically prioritizing risks to improve overall security posture, allowing for real-time visibility and management of all sensitive data.”
Jeff Sizemore, Chief Governance Officer, Egnyte
“Data Privacy Day reminds us of the mission-critical requirement to safeguard data amid rising cyberattacks and companies’ adaptation to longer-term hybrid-work models. Due to increased cyber-risk and a strong consumer desire for privacy protection, there continues to be a steep rise in state-by-state data privacy requirements, with movement toward a potential federal privacy law anticipated later this year. By 2023, it’s predicted that 65% of the world’s population will be covered by privacy laws.
Increasingly, with personal privacy viewed as a human right, how vendors manage consumer and employee data will determine how much the public trusts and wants to do business with them. To comply with governmental requirements during the global pandemic, organizations may need to store employees’ Protect Health Information (PHI) like vaccination statuses for their employees, which creates its own privacy impact.
Additionally, protecting unstructured data will likely be one of the biggest challenges in 2022. If you can’t see it, you can’t govern it. If you can’t govern it, you definitely can’t manage privacy. Organizations need to have visibility into structured and unstructured data to build out effective data governance programs. Thankfully, there are data security and governance solutions available to protect that information holistically. Expect to see ongoing privacy assessments become more common in the days ahead. Those who put privacy at the forefront and ensure they are solving the problem comprehensively will be the ones who come out on top.”
Avi Raichel, VP, Zerto GTM, a Hewlett Packard Enterprise company
“Data Privacy Day serves as a critical reminder that data privacy and protection are increasingly challenging matters and organizations have no other choice than to take them seriously. Ransomware attacks are here to stay as they continue to rise in both volume and severity and as cybercriminals keep developing new and unexpected methods to encrypt data. It is estimated that by 2031, ransomware is expected to attack a business, consumer, or device every two seconds.
According to research from IDC, 95.1% of organizations suffered a malicious attack in the past 12 months and 43% of those organizations have experienced unrecoverable data loss, proving the devastating impacts of ransomware and other cyberattacks. Organizations must understand that protecting your data from ransomware is no longer about if you can recover, but rather how quickly you can get your business back up and running.
Since no single solution can offer protection from ransomware attacks with 100% certainty, having a disaster recovery and backup solution based on continuous data protection (CDP) offers companies the ability to be resilient in the face of potentially catastrophic circumstances. Companies using CDP can resume operation at scale in minutes and recover to a state a few seconds before an attack. Ultimately, having continuous data protection will put the power back in the hands of the organizations who are prepared.”
Lex Boost, CEO, Leaseweb USA
“IBM recently reported that 2021 saw the highest average cost of a data breach in 17 years, with the cost rising from $3.86 million in 2020 to $4.24 million. As a result, data protection has been getting more attention than it ever has before. The headlines consistently permeating the news might be a source of dread for IT administrators and their teams, but luckily, they are not alone. Choosing the right hosting provider can help tremendously.
Many hosting providers are picking up their proverbial swords and helping the fight against cyberadversaries. The right hosting provider can deliver extra protection by offering 24/7 security-related support services to act as an extra set of eyes against attackers. In addition, hosting providers can also provide standard security training for employees so that they can become more cyberaware.
Data Privacy Day should serve as a reminder to choose hosting providers who are willing to enter the battle against adversaries and safeguard your data.”