The burning platform for data security and compliance
Opinion by: Gavin Meyer, Executive Director, Itec South Africa
“We have connected all of our lives — personal, professional and national — to the Internet. That’s where the bad guys will go because that’s where our lives are, our money, our secrets.”
That was the stark prediction of then FBI director James Comey back in 2013. At the time, he told the Senate Homeland Security Committee that the risk of cyberattacks would become the top national security threat to the United States.
His words have proved eerily prophetic. Whether you’re a small business or a large enterprise, it’s not a case of if you will be attacked anymore, but when. But ensuring your data is secure isn’t important just for your own purposes: it’s required by a growing raft of compliance regulations.
Today, data security and compliance is a discussion we’re having with 80% of our customers. It affects every business, and every part of the business – even to the extent of ensuring your suppliers and your staff are compliant as well.
How much security do you need? A good starting point is to know what’s legally required to keep your customers safe and keep their personal data out of harm’s way. Then you’ve got to protect your business information, which is your source of competitive advantage.
Part of the challenge is that many companies still see data security and compliance as a cost, a grudge purchase or a box-ticking exercise. To us, it’s the exact opposite: it’s a saving, if you consider the staggering impact and cost of data breaches on companies.
Data breaches hit you hard in three main areas: financial costs, disruption to your operations, and reputational damage. According to a Ponemon Institute survey, cyberattacks cost companies an average of $3.62 million per breach. It takes 191 days to find a breach, and a further 66 days to contain it.
Meanwhile, the cost to acquire new customers doubles after a data breach, and the loss of trust means people will exit your customer base. It’s no use telling people you care about their data, when the evidence suggests exactly the opposite.
Companies that get proactive about compliance are creating huge strategic advantages for themselves. Done properly, compliance makes your business more risk aware, more transparent to regulators and able to reduce operational costs.
But to make it work, you’ve got to realise that data compliance and security is a continuous process, not a once-off event. You need to plan ahead, and send a clear message throughout your organisation that you take data compliance and security seriously. It’s not just a question of installing a few firewalls and some bells and whistles: it’s a culture that has to be embedded and reinforced.
Why? Because only 40% of cyberattacks come from the outside. Sixty percent of data breaches either come from within your company, or through attackers targeting end users. Even is this day and age, we still see people leaving their laptops unguarded, or their passwords stuck to their screens on a sticky note.
Indeed, the endpoint has become one of the primary points of attack, and for good reason: an attacker who compromises the endpoint can use the user’s credentials to gain access to the organisation’s data. Most endpoint attacks take advantage of the fact that users are administrators in their local workstations. People also tend to carry their laptops with them, which often have sensitive information on them. That’s why endpoint security and data encryption are key tools for any company looking to become secure and compliant.
You’re never going to stop the bad guys knocking at your door. The trick is to make sure they stay outside, while you – and your customers – are safely indoors.