According to an IBM report, the average financial hit of data breaches globally has touched an all-time high of $4.35 million in 2022, and India stands only second with over 5 million instances of personal data being copied, transmitted, viewed, or stolen from data owners, or being illegitimately used. The future of IT, its applicability across industries, and its acceptance primarily depend on the safety the frameworks afford to the end users. The challenges are authentic, and we, as a community, are heavily intertwined with technology to be oblivious to them.

The Status Quo

The pandemic has only increased pressure on the digital transformation accelerator. The average consumer's purchase preferences, communications, and consumption patterns are all heavily digitally aligned. An increasing volume of the global workforce has taken the workplace home, which introduces complexity to the corporate security protocol. Additionally, the BYOD (Bring your own devices) ecosystem and personal wifi connections make fertile ground for intrusions. Heavily ridden, the effects of loopholes in data security leave not even the giants. Marriott International recently reported a massive 20GB theft that contained high-value employee and customer information, including personal and credit card details. Another critical hurdle in the decision-making process is the source of the data. Whether on-premise or already on some hybrid cloud plays a vital role in the migration process, and the timing of cloud adoption can be tricky for organizational leadership to make confidently.

The Threats

Awareness of the technology landscape is critical to tackling threats. Here's an inexhaustive list of the predominant ones that continue to rattle chairs of data custodians.

● Ransomware threats and attacks – A shrewd cordon on one's data to be redeemed on ransom.

● Phishing Attacks – An imposter lures a user to click on a malicious link, download corrupted files, or share sensitive data.

● Malware Attacks – These device-crippling attacks rig software codes to gain access, steal or destroy data.

● Insider Threats – Research says that over 60% of employee strength has access to more information than required for their business KRAs making the resultant threat apparent.

● Feeble Passwords – Small businesses use multiple cloud services requiring numerous accounts. Convenience directs to simple/repetitive passwords that inevitably lower guard.

Implications of a data breach

An oblivious step in this minefield holds serious ramifications. A breach in data security could upfront mean destruction or corruption of databases, leakage of confidential information, thefts of high-value intellectual property, and time-intensive direct or vicarious regulatory requirements to comply with and possibly compensate those affected. The loss of goodwill, sales, and perhaps rolling off heads at the C-suite levels will invariably accompany an expensive recuperation effort.

Possible Solutions

While not easy, the solution is simple and would be three-pronged.

A Holistic Approach

Today, data is a valuable corporate asset with a tangible value contrary to the liability tag assigned not so long ago. Perhaps it is time for an Alexandrian solution to the data Gordian Knot.

Employ global best practices.

Simply put, a stitch in time saves nine.

Ethical hacking

Akin to regular health checkups, this pre-emptive approach encourages trusted members to attempt data breaches in organizational databases to plug them into prevention.

Backup and recovery optimization

The pinch of a likely data loss stemming from malicious drive corruption or destruction can be mitigated by creating a regular data backup process that cushions organizations against hard impact.

Raise cyber security awareness

When employees have a regularly updated understanding of the why-what-how of data security, they're better equipped to identify, flag off, or even prevent an infiltration.

Tackle/Prevent leakages with technology

Data encryption

All software and hardware handling sensitive data are also best encrypted in transit. One could go for an Encrypting File System (EFS) technology that blocks viewing access to unauthorized users with or without its enhancer Microsoft's BitLocker, which protects lost or stolen devices.

Data masking

Quite literally, it masks data to alter what the intruder sees in case of a breach. Consistency over multiple databases helps ease usability.

Web3

With time, the community heads to reclaiming ownership through decentralized data storage on web3, to overcome the security challenges of data monopoly.

Row-level security

A preventive bid to limit access to intended people, this measure allows the custodian to set restrictive filters on one's dashboards, reports, and data sets.

Tokenization

A step ahead of encryption, tokenization changes the location of data storage into what could be a parallel of a safety vault. Should a token received for sensitive data be stolen, there is no imminent threat.

Hashing

Best suited for password protection, hashing is a one-way encryption mechanism that is used to validate the integrity of data.

Conclusion

Only when the approach changes will the perspective and, thereby, the action and outcomes change. Moreover, this action is rhythmic and dynamic. Intrusions are innovative and the measures must one up. No one likes a blitzkrieg. It is important to have a seasoned expert on board who understands the organization's pulse and specific data security concerns of the day and tomorrow, empathizes with them, and helps find and execute the relevant end-to-end solution. A strategic approach with a long-term vision will prove to be imperative for organizations in navigating through tricky routes to building data security resilience across all points of vulnerability. Demystifying complexity will be a welcome value add as data and employee behavior evolve.

Author: Sethupathi Asokan, Co-founder, and Director, of Josh Software