Jason Hart, CTO, Data Protection, Gemalto, discusses why security and confidence must go hand in hand.
In any industry, confidence is a key trait for a business to be successful.The company itself must understand its operations and ability to deliver what customers want, who in turn must trust the company they’re buying from. If either of these traits are broken, it can spell serious trouble. This is why recent results from Gemalto’s Data Security Confidence Index are troubling and a cause for concern. Let me explain.
As the business world becomes increasingly more competitive, data is emerging as the new differentiator that can set a company apart from its rivals. Having that insight into customer buying habits, product usage and general behaviour can be vital to shaping future business strategies. So, it’s worrying to find out two in three (65%) companies don’t have the resources to analyse the data they have.
This brings up two issues, firstly how can a business be confident they are understanding their customers if they don’t understand their habits? Secondly, how can they begin to protect their most valuable information if they don’t know what it is?
It’s this second point that should ring alarm bells in boardrooms across the globe. It may still be up for debate whether businesses realise the value of the data they hold, but there’s no doubt that hackers do. For them, unsecured data is like a goldmine.
They can sell it on the Dark Web or use ransomware, causing financial and reputational damage. Some of this may not be known for years either. Data manipulation, where hackers can alter the information within a system such as sales figures, could go undetected for a long time – by which time the criminals have profited and gone, and companies are left with strategies based on incorrect data.
Security in the wrong places
So, with companies lacking confidence in understanding their data, are they confident in the security methods they’re using to protect these threats? The simple answer is no. Businesses continue to approach data security with a one-size fits all approach, with nearly half (48%) describing perimeter security as very effective. However, this effectiveness is put to the test when two-thirds (68%) believe unauthorised users can access their corporate networks and less than half (43%) are extremely confident their data is secure when hackers do get through.
The perimeter security approach is outdated and simply needs to change. But what should it be replaced with? For any businesses reading this, the focus needs to be on protecting the data at its core. If the data is protected, then it doesn’t matter if hackers get into the network, the damage they can do is limited.
In order to protect the data though, encryption must be at heart of the security strategy. Encryption renders data unusable to anyone that’s not authorised to access it – this is done through encryption keys which unlock the data, but only to those with the right credentials. Two-factor authentication adds an extra layer of protection on top of this too.
A GDPR game changer
The issue of security is always important, but no more so than now. It’s several months into the General Data Protection Regulation (GDPR) era and the effect is being felt as more companies are being forced to reveal breaches almost every day. The times of sticking heads in the sand when it comes to data protection are simply not an option any more. Not only are there financial implications through fines but the increased media attention is making consumers more aware of where their data is and who should be protecting it.
Businesses need to start taking this seriously and the only way that can happen is if a change in mindset happens from the top down. Furthermore, part of the requirements of GDPR is to appoint a Data Protection Officer to oversee the compliance process and ensure security is implemented correctly. In order to do their job effectively, this person has to be appointed to the board or they won’t be able to ensure security remains at the heart of any decision-making process.
Confidence is hard to build, but easy to lose. Moving forward, businesses have a lot to do to ensure they are not only confident they understand their customers, but can also retain their trust too.