• Skip to main content
  • Skip to secondary menu
  • Skip to primary sidebar
  • Skip to footer
  • Articles
  • News
  • Events
  • Advertize
  • Jobs
  • Courses
  • Contact
  • (0)
  • LoginRegister
    • Facebook
    • LinkedIn
    • RSS
      Articles
      News
      Events
      Job Posts
    • Twitter
Datafloq

Datafloq

Data and Technology Insights

  • Categories
    • Big Data
    • Blockchain
    • Cloud
    • Internet Of Things
    • Metaverse
    • Robotics
    • Cybersecurity
    • Startups
    • Strategy
    • Technical
  • Big Data
  • Blockchain
  • Cloud
  • Metaverse
  • Internet Of Things
  • Robotics
  • Cybersecurity
  • Startups
  • Strategy
  • Technical

Common Data Protection Lapses Which Weaken Security Posture

Evan Morris / 5 min read.
April 2, 2021
Datafloq AI Score
×

Datafloq AI Score: 69

Datafloq enables anyone to contribute articles, but we value high-quality content. This means that we do not accept SEO link building content, spammy articles, clickbait, articles written by bots and especially not misinformation. Therefore, we have developed an AI, built using multiple built open-source and proprietary tools to instantly define whether an article is written by a human or a bot and determine the level of bias, objectivity, whether it is fact-based or not, sentiment and overall quality.

Articles published on Datafloq need to have a minimum AI score of 60% and we provide this graph to give more detailed information on how we rate this article. Please note that this is a work in progress and if you have any suggestions, feel free to contact us.

floq.to/tFgL3

Poor data management practices are among the most critical weaknesses of organizations. Most enterprises tend to be negligent or clueless when it comes to securing their data, according to one data security report.

Enterprises, as it turns out, are continuing the years of negative trends in their security posture. They often find it difficult to determine where their sensitive data is and who has access to it. They lack a systematic way of managing and protecting crucial enterprise information.

Things need to change for the better. Data protection is not only meant to secure business secrets and critical information related to finances and access to resources. Unauthorized access to enterprise data can lead to various serious consequences, including the possible halt of business operations and even bankruptcy.

Discussed below are some of the common but sometimes overlooked data protection lapses as shared by industry leaders, with notes on the corresponding solutions.

Lax security governance and policies

Sharing his insights on security with Digital Guardian, WalkMe CISO Shlomi Avivi said that three factors tend to be overlooked when companies evaluate their security posture. These are administrative access, third-party vendors, and organizational change.

Poorly managed administrative access can harbor an enemy within , says Avivi, as he points out how most organizations tend to focus more on customer-facing security concerns. Back office administrative access does not get the same cybersecurity attention. Even in the R&D departments, not many feel the urgency to meticulously secure administrative access.

On the other hand, third-party vendor software and service providers also pose cyber threats to organizations. Avivi aptly refers to them as the friendly enemy. Organizations trust these third-party entities and because of their reputation and experience in the field of cybersecurity, the common presumption is that they are trustworthy enough.

Moreover, organizational changes create opportunities for bad actors to penetrate an organization‘s cyber defenses. The replacement of the operating system, business software, apps, cloud services, and other digital tools used by a company can expose security gaps or vulnerabilities hackers will quickly find and exploit. Organizations that undergo a digital transformation or those that move to cloud-based systems may also unwittingly create these problems.

Keeping track of all the IT aspects of a business requires a lot of meticulous work and ample time. It would be close to impossible to deal with all of these the traditional way. Organizations, however, can use an automated, continuous security validation solution to gain enhanced security visibility. Doing this significantly boosts the chances of catching weaknesses before they are discovered and taken advantage of by hackers.

It is not unusual for organizations to have issues with their security policies and governance. As such, it is only logical to consider prudent security validation as a regular part of the process of establishing, testing, and strengthening security posture.

Mismanagement of notifications and alerts

WatchPoint Data CEO Greg Edwards believes that the most overlooked factor when it comes to examining a company’s overall information security posture is the way security alerts are managed. Too often cybersecurity solutions are purchased that existing staff can’t manage. Alerts end up being ignored, and breaches happen while the alerts are sounding, Edwards explains.


Interested in what the future will bring? Download our 2023 Technology Trends eBook for free.

Consent

Edwards adds that there are many excellent tools available to make the process of collecting and responding to alerts more efficient. There are tools that make use of artificial intelligence to cross-check false positives and ascertain that only legitimate threats are presented for the evaluation of a human security analyst.

AI-powered SOC centralization solutions, for example, can be effective in managing security alerts and notifications better. They provide a unified dashboard for monitoring all security events while automatically sorting and cross-checking alerts to make sure that the most critical incidents are displayed more conspicuously. Instead of presenting alerts chronologically, they can be ranked according to their threat level and urgency.

Poor data inventory

Data inventory refers to the proper organization of data assets. It does not necessarily mean that data are compiled in a single storage facility or a set of storage devices. What it entails is the proper recording of information about data assets including their names, descriptions of content, update schedules, licensing, ownership, privacy policies, and sources. Its goal is to make it easy to locate data whenever they are needed and to ensure the appropriate sorting and securing of delicate information.

Data Protection Group Leader Michael Zweiback lists weak data inventory as a primary concern for many businesses. To make sure that it does not become a weakness in an enterprise’s security posture, he emphasizes the importance of proper classification and safekeeping. Your company should highlight any collected data that is more sensitive and highly regulated. This type of information is the most high-risk form of data stored which can lead to liability to regulators and consumers, Zweiback advises.

Lack of disaster recovery measures

Jennifer Gill, Director of Global Product Marketing at enterprise disaster recovery solutions provider Zerto, highlights how the lack of attention on disaster recovery critically harms an organization’s security posture. When organizations are evaluating their cybersecurity strategies, they often focus on avoiding attacks, blocking hackers from gaining access, and working to minimize damage when a hacker does indeed get in, Gill explains.

It is a common misconception for many to equate cybersecurity with defense and remediation. Defeated security controls should not mean the end of an organization. As much as possible, a significant portion of regular operations should continue while remediation is taking place. There is a world of difference between a company that completely shuts down because of an attack and another that manages to proceed with many of its activities while it is recovering from an attack.

“Have a written disaster recovery plan. It sounds obvious, but with the complexity of the old way of doing replication and disaster recovery, it is very easy to forget the most important aspect of disaster recovery, actually writing down a plan,” Gill suggests.

This may not sound relevant to data protection, but it actually is. An effective disaster recovery plan means that viruses or spyware are unlikely to achieve their primary purpose of destroying digital assets and making it difficult for the victimized organization to recover. Spyware can encrypt everything in the local hard drives, but if regular backups are made, it’s as if the attack never happened.

There’s a reason why disaster recovery is included in the MITRE ATT&CK framework. For organizations to survive attacks, they cannot just rely on protective measures. No cybersecurity defense solution, after all, is foolproof or absolutely impenetrable. There will always be instances of breaches because of highly skilled and resourceful attackers.

Proper data protection is a must

Again, data protection is part of a solid cybersecurity system. It cannot be delegated as a minor concern for a few employees to worry about. The protection of enterprise data must be part of the overall security posture of an organization. Even for companies that do not handle large volumes of data, it is a must to adopt excellent data protection practices.

Categories: Cybersecurity
Tags: businesses, data protection, security

About Evan Morris

Known for his boundless energy and enthusiasm. Evan works as a Freelance Networking Analyst, an avid blog writer, particularly around technology, cybersecurity and forthcoming threats which can compromise sensitive data. With a vast experience of ethical hacking, Evan's been able to express his views articulately

Primary Sidebar

E-mail Newsletter

Sign up to receive email updates daily and to hear what's going on with us!

Publish
AN Article
Submit
a press release
List
AN Event
Create
A Job Post
Host your website with Managed WordPress for $1.00/mo with GoDaddy!

Related Articles

The Advantages of IT Staff Augmentation Over Traditional Hiring

May 4, 2023 By Mukesh Ram

The State of Digital Asset Management in 2023

May 3, 2023 By pimcoremkt

Test Data Management – Implementation Challenges and Tools Available

May 1, 2023 By yash.mehta262

Related Jobs

  • Software Engineer | South Yorkshire, GB - February 07, 2023
  • Software Engineer with C# .net Investment House | London, GB - February 07, 2023
  • Senior Java Developer | London, GB - February 07, 2023
  • Software Engineer – Growing Digital Media Company | London, GB - February 07, 2023
  • LBG Returners – Senior Data Analyst | Chester Moor, GB - February 07, 2023
More Jobs

Tags

AI Amazon analysis analytics app application Artificial Intelligence BI Big Data business China Cloud Companies company costs crypto customers Data design development digital environment experience future Google+ government industry information learning machine learning market mobile Musk news Other public research security services share social social media software strategy technology

Related Events

  • 6th Middle East Banking AI & Analytics Summit 2023 | Riyadh, Saudi Arabia - May 10, 2023
  • Data Science Salon NYC: AI & Machine Learning in Finance & Technology | The Theater Center - December 7, 2022
  • Big Data LDN 2023 | Olympia London - September 20, 2023
More events

Related Online Courses

  • Oracle Cloud Data Management Foundations Workshop
  • Data Science at Scale
  • Statistics with Python
More courses

Footer


Datafloq is the one-stop source for big data, blockchain and artificial intelligence. We offer information, insights and opportunities to drive innovation with emerging technologies.

  • Facebook
  • LinkedIn
  • RSS
  • Twitter

Recent

  • 5 Reasons Why Modern Data Integration Gives You a Competitive Advantage
  • 5 Most Common Database Structures for Small Businesses
  • 6 Ways to Reduce IT Costs Through Observability
  • How is Big Data Analytics Used in Business? These 5 Use Cases Share Valuable Insights
  • How Realistic Are Self-Driving Cars?

Search

Tags

AI Amazon analysis analytics app application Artificial Intelligence BI Big Data business China Cloud Companies company costs crypto customers Data design development digital environment experience future Google+ government industry information learning machine learning market mobile Musk news Other public research security services share social social media software strategy technology

Copyright © 2023 Datafloq
HTML Sitemap| Privacy| Terms| Cookies

  • Facebook
  • Twitter
  • LinkedIn
  • WhatsApp

In order to optimize the website and to continuously improve Datafloq, we use cookies. For more information click here.

Dear visitor,
Thank you for visiting Datafloq. If you find our content interesting, please subscribe to our weekly newsletter:

Did you know that you can publish job posts for free on Datafloq? You can start immediately and find the best candidates for free! Click here to get started.

Not Now Subscribe

Thanks for visiting Datafloq
If you enjoyed our content on emerging technologies, why not subscribe to our weekly newsletter to receive the latest news straight into your mailbox?

Subscribe

No thanks

Privacy Overview

This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.

Necessary Cookies

Strictly Necessary Cookie should be enabled at all times so that we can save your preferences for cookie settings.

If you disable this cookie, we will not be able to save your preferences. This means that every time you visit this website you will need to enable or disable cookies again.

Marketing cookies

This website uses Google Analytics to collect anonymous information such as the number of visitors to the site, and the most popular pages.

Keeping this cookie enabled helps us to improve our website.

Please enable Strictly Necessary Cookies first so that we can save your preferences!