Data Protection Day 2023: Industry Experts React

From the point of view of organisations, the landscape of data protection is constantly shifting. As Okey Obudulu, CISO at Skillsoft, points out, “delays to the UK Government’s Data Reform Bill have made it difficult for businesses to plan ahead, grappling with what the future of data privacy will look like post-Brexit.” 

But this uncertainty is no excuse for poor data protection practices. Obudulu continues, “whilst there’s no clear timeline in sight, the evolving regulatory frameworks around these topics require greater compliance input and oversight across all areas of business. Organisations need to recognise that every single employee has a role to play. From the CISO down, data protection is everyone’s responsibility.” 

The cyber threat looming over data 

We are living in the ‘golden age’ of cybercrime, with companies facing more attacks than ever. With this increased threat, it is vital that organisations make data protection a primary concern.

As Craig Adams, Managing Director for EMEA at Protecht, states, “data can be a double edged sword; whilst it can offer new insight for businesses, the consequences organisations face for losing data are severe.” With the increasing amount of data being stored, comes an increased risk of such attacks, as Adams outlines, “The predominance and increasing complexity of phishing and other associated credentials-based attacks is directly linked to the increasing volume of data being held by commercial organisations.”

And, if organisations are not properly prepared, these attacks are likely to be successful. Eric Bassier, Senior Director of Products at Quantum, explains: 

“According to a recent study of IT and business executives, two out of five revealed that their organisations had suffered from successful ransomware attacks. Even worse, over 80% reported that they had paid ransoms to get their data back. That’s because cybercriminals are always on the hunt for new ways to trick users into clicking on links which open the door to ransomware infiltration. Ransomware is just one threat in the ever-growing cyber threat landscape. It is imperative that organisations have a documented plan on how they are protecting and recovering their data – in every stage of its lifecycle – from all manners of cyber threats.”

Working against such a hostile threat environment, coupled with the economic struggles the world is facing, means it can be difficult for organisations to balance out the risks to data. However, it is in a company’s interest to invest in keeping data safe. As Hugh Scantlebury, CEO and Founder of Aqilla, highlights, “in the face of increased costs of doing business, many may be looking to cut back on their cybersecurity measures in order to reduce costs. But, lack of investment in cybersecurity is a false economy. Recovering from a cyber attack will far outweigh the financial costs of implementing and maintaining solutions.” 

In order to protect data, organisations must first start by limiting who has access to it. Gal Helemski, CTO and co-founder of PlainID, outlines that, “if a bad actor (which can be an employee sometimes) has gained access credentials, ensure that they don’t have automatic access to any or all data.” She highlights that “a critical aspect of zero trust architecture is the process of granting an authenticated entity access to resources. Authentication helps ensure that the user accessing a system is who they claim to be; authorisation determines what that user has permission to do.”

While the strategies put in place to protect data in the first place are invaluable, as Christopher Rogers, Technology Evangelist at Zerto, a Hewlett-Packard Enterprise company, points out, “it is also crucial that businesses have disaster recovery solutions in place should the worst occur.” 

He elaborates on how organisations can aid their own recovery by limiting downtime, stating: 

“When it comes to ransomware, the biggest financial killer is the downtime. Therefore, having a disaster recovery solution based on continuous data protection (CDP) in conjunction with backup is vital to equip companies with the ability to be resilient in the face of potentially catastrophic circumstances. Companies using CDP can limit downtime and restore operations in a matter of seconds or minutes, rather than days or weeks.”

The hurdle of mobility and flexibility

Alongside the increasing threats in the cyber sphere, there is the real-world challenge of hybrid working environments – and mobility in general. 

Alexis Suggett, Contracts Director EMEA and Data Protection Officer at Cubic Transportation Systems, recognises this, expressing that “in this digital age, people are becoming more mobile and distributed than ever before and this highlights the increasing importance of the privacy and protection of personal data.”

In her line of work, this means fortifying data held through mobile applications: “Forward-thinking transport agencies are leaning on mobile applications to modernise and simplify users’ payment and reward-earning capabilities. But with this increased use of mobile applications, it is essential that transport agencies ensure the payment data cycle is protected to prevent the chance of fraud.”

In the workplace, the popularity of working from home has also proved to be an obstacle on the road to ensuring data protection. Audun Fosselie Hansen, Co-founder and CEO at Celerway, observes how the explosion of work from anywhere (WFA) has added  significant challenges to securing data across the ‘expanded Edge’ of increasingly diverse corporate networks

“These remote environments are as variable as they are unpredictable. Configuring and deploying large numbers of routers remotely can present challenges and it’s not uncommon for staff to rely on their personal mobile phone connections and unsecure public Wi-Fi networks. Providing seamless, high-performance connectivity is often the focus in these remote scenarios, but this cannot be achieved by compromising security.” 

The importance of employee training

When protecting data from within an organisation, employees are often the first line of defence against attacks. As Andy Swift, Cyber Security Assurance Technical Director at Six Degrees, explains, “hackers may be becoming more sophisticated, but the fact remains that the majority of successful cyber-attacks include some form of human error – whether that’s clicking a dodgy link, opening a malicious email, entering a password where it shouldn’t be entered, or any of the myriad ways hackers attempt to confuse and exploit peoples’ lack of awareness complacency.” 

This is why you shouldn’t be cutting corners when it comes to training. Andy determines that: “Appropriate employee cyber security training remains essential for businesses looking to avoid accidental and malicious downtime and data breach. My recommendation to businesses this Data Protection Day is to think hard about where they find cost efficiencies; what may seem like an easy option to save some money may in fact be removing an essential pillar in their cyber security postures.”

As Skillsoft’s Obudulu reasserts, “effective training is a crucial tool to build a strong culture of security that puts data privacy top of mind.” 

Knowing your rights 

In the modern age, at any given time, our personal data is being processed or held by countless organisations. Data Protection Day serves to raise awareness of this fact, and reaffirm the rights we have to personal data protection and privacy. 

Donnie MacColl, Senior Director of Technical Support and DPO at Fortra, the new name for HelpSystems, emphasises this. He explains, “it’s important to remember that organisations using the data by law have to keep it safe, preventing anybody else using it or accessing it. That is a huge task that needs technological (software and hardware solutions) and organisational (processes and employee training) input to keep it private.” 

He concludes, “so, just remember to be aware of your personal data and any company data you may have access to on a daily basis and think about what you can do to help keep it as safe as possible at all times.”