It should come as no surprise that security (and data protection in particular) continued to be a top concern for enterprises in 2018. Though this will continue in 2019, what will be surprising are the priorities, players and guidelines that will affect how proper data protection measures are implemented and the role security professionals will play in implementing technology initiatives.
The chief issue with security in 2018 will remain unchanged in 2019 – organizations will continue to seek out a ‘silver bullet’ solution to their security challenges, despite the fact that no such thing exists. As a result, we will continue to see organizations struggle with adopting a successful data protection strategy without a fundamental shift in thinking.
While the notion of consolidating security solutions to a single proposal that requires few resources that will ‘solve everything’ is certainly appealing, the reality is that this approach doesn’t work. Going ‘all-in’ on a particular technology (i.e. going ‘all in’ on encryption or cloud without deploying complementary solutions), still leaves organizations vulnerable to both external attacks and data mishandling at multiple levels. What is needed is a comprehensive, multi-faceted approach that addresses the work needed to set up and feed realistic policies that meet an organization’s specific goals.
This year, Marriott, one of the world’s largest hotel chains, disclosed a data breach that impacted more than 500 million users worldwide. To put this in perspective, chances are you or someone you know had their information impacted. Though this is certainly one of the largest breaches of its kind, the message we can take from this, remains the same as it is for any size of breach – organizations simply aren’t doing enough to protect their sensitive data.
The point that is being overlooked with many security breaches is; enterprises continue to think about data protection incorrectly. A lot of attention continues to be paid to access, but the fundamental questions that must be asked are around data. For example – how was the data protected? Actually, we should maybe take a step back further and ask, was the data even protected?
Organizations of all shapes and sizes will continue to struggle with how to deal with and protect sensitive personal information, however, the problem is particularly pronounced for large, multi-national corporations including Facebook, Google and even Twitter. Though regulations like PCI and GDPR protect elements of personal data, they aren’t all-encompassing, so look for these behemoths to make a move to acquire security firms as a means of addressing this critical challenge.
