This is part 4 in a series for Data Privacy Day 2022. Don't forget to apply for our Cyber Top 20 List - recognizing the top companies in cyber!
Data Privacy Day occurs each year on January 28 and was created to raise awareness and promote privacy and data protection best practices. Data Privacy Day's educational initiative originally focused on raising awareness among businesses as well as users about the importance of protecting the privacy of their personal information online, particularly in the context of social networking.
We heard from privacy and security experts from across the world about how far we've come in the past year in terms of data privacy understanding and implementation -- and how far we still have to go...
Luke Kenny, Lead Security Principal, Trustwave:
“Data privacy isn’t just about day-to-day data protection and compliance anymore. Organizations need to approach data privacy with an ‘assume-breach’ mindset. How swift and effective an organization can respond to a crisis like a data breach, greatly affects short-term and long-term data privacy efficacy. Companies need to be conducting regular crisis simulations across their entire organization, not just IT and security disciplines, to ensure they can effectively respond to an incident and mitigate impact.”
Troy Saunders, Chief Information Security Officer, CentralSquare Technology:
“As organizations collect and manage more data than ever before, data privacy regulations are becoming more critical to ensure citizen’s personally identifiable information is protected. It’s important to remember that access to data should not come at the expense of sacrificing data privacy and security.
Data Privacy Week reminds us of the value of data to empower governments to make informed decisions and collaborate across jurisdictions and state lines. Whether it be through GDPR, HIPAA, FERMA, PPRA, or state and local data privacy and protection legislation, public and private sector organizations must work together to balance privacy, security and trust to build smarter and safer communities for the future.”
Saket Modi, Co-Founder and CEO, SAFE Security:
“If the last few years have taught us something, it is the fact that digital security has an impact on both consumers and businesses. Whether it is the leaked credentials of customers on the Twitch hack or the leak of Pandora papers, data protection and cybersecurity are on top of everyone’s agenda. There was a surge of cyberattacks than ever before throughout 2021, and according to data from Check Point Research, corporate networks saw 50 percent more attacks per week when compared to the previous year, and yet businesses continue to depend on traditional methods of cyber risk management.
As we continue to embrace remote work, the cloud, and a technology-first world, organizations need to ensure data security irrespective of where and how it is accessed. Security and risk management executives need to know the real-time risk postures across the enterprise, and at a micro-level across people, process, technology, cybersecurity products, and third parties.
As we enter into 2022, digital immunity and data protection will become the key pillar of growth, trust, and customer retention for businesses, and they will need to efficiently and seamlessly manage an ever-increasing threat profile and attack canvas.”
Sharron Reed Gavin, Data Privacy Officer, Contrast Security:
“It's not a question of 'if' but 'when' a malicious actor will attempt to violate an individual's or company's privacy. I believe that, in addition to technical controls, privacy and security awareness are the most important defense when it comes to a successful program – from new hire onboarding to annual training, as well as awareness sessions throughout the year.
Employees are a company's greatest asset when it comes to privacy practices; they are the eyes and ears, common sense, and practical intelligence of any great company. The winners in every sector will be the ones that are best at automating their business and implementing the most proactive security and privacy defenses.”
George Gerchow, Chief Security Officer, Sumo Logic:
“Health and wealth will always be top targets of attacks. Not just FinTech or healthcare companies specifically, but since health and wealth are what matters most to humans, cybercriminals will hit us where it hurts. One example of “health” is the PII data that is being collected as employees enter company campuses. How is that data being retained and secured? What does the privacy around that data look like? Lastly, what about the security of the actual devices themselves? There’s going to be more uncertainty as campuses open up and cybercriminals will continue to attack all of that. In terms of “wealth,” this means attacking us where our money resides. I wouldn’t be surprised if the stock market is a top target in the coming years.”