Data breaches have become an all too common threat, as hackers look to inflict maximum damage on organizations and make money in the process. Indeed, according to the 2021 Thales Data Threat Report, half (49%) of European organizations reported an increase in the volume, severity and/or scope of cyberattacks over the last year.
To get in front of these issues, organizations must take a proactive approach to cybersecurity, not only making it a business priority, with the appropriate resources, but also embedding a security culture across people, process and technology.
Some are already leading the way in this regard. Just look at retail giant Walmart, which enhanced its security stance by using secure directory services in the cloud to protect its cloud assets as well as gaining visibility and control over admins. Or look at how construction contractor The Walsh Group improved identity management and access by taking a zero-trust approach to cybersecurity.
However, companies can still find themselves in a catch-22; they need to be open and transparent with their customers while also making their customer-interaction as frictionless, safe and secure as possible.
How then can customers get the experience they want, while also being assured that their information is held private and secure? And how do companies build a strong, secure cybersecurity posture?
Manage the supply chain
As new products and services are developed, organizations need to ensure from the start that a solid and secure supply chain is in place.
Recent research — showing a 42% increase in supply chain cyberattacks in the US in Q1 of 2021 — has brought to the forefront the importance of not only ensuring one’s own organizational security, but that of its supply chain. Ensuring that business partners, suppliers and third-party vendors implement and follow security best practices, with vulnerability management and regular threat assessments, is paramount.
Research from the European Union Agenda for Cybersecurity (ENISA) has found that supply chain cyberattacks are expected to quadruple year-on-year in 2021, and this is perhaps unsurprising in the months after the high-profile attacks on software suppliers SolarWinds, Kaseya, and T-Mobile.
To make the supply chain more secure, there are some best practices organizations can follow, such as conducting asset inventories to ensure hardware and software don’t present weakness to be exploited by hackers.
Organizations must extend risk management strategies by validating vendor security policies through regular assessments, as well as collaborating with third-party vendors to share threat intelligence and help security teams “connect the dots” when unusual behavior is observed.
Protect customer data
Customer trust is earned by providing full transparency on how and why the organization collects customer data, and how that data is shared within the organization and third-parties.
Data breaches corrode customer trust – and with that, company bottom-lines and brand reputation – so C-suite executives must proactively manage cyber risk to mitigate this threat. This includes creating a business culture that promotes a secure environment, protecting processes and information, as well as an underlying technology infrastructure that is compliant with GDPR, and industry and regional data protection regulations. Customer data should be properly encrypted to prevent hackers gaining access. This data must be regularly backed-up offsite or securely in the cloud to protect against ransomware attacks.
To be compliant with GDPR regulations, only data needed by an organization to carry out its functions should be collected and nothing more. In addition, data no longer needed by the organization should be retired and deleted securely.
Most importantly, protecting customer data requires a change in business culture to ensure all employees treat data securely. This can be done by requiring security awareness training to become better informed of potential threats to data and the business as a whole, and instilling security parameters within internal tools and processes that handle customer data.
Using the right software to prioritize security
In order to successfully evaluate and protect vulnerabilities, companies need to utilize software that prioritizes security. Adobe is at the forefront of protecting its customer’s intellectual property, with technologies such as Adobe Document Cloud. This enables the protection and integrity of PDF content by preventing files from being altered or printed, adding encryption capabilities, and sharing certificates for secure workflows. In addition, a Send and Track features controls access, allowing customers to see who has previewed or downloaded a file, and even unshare a file if needed.
With security controls integrated into the hardware and firmware components of its Azure cloud platform, Microsoft is helping its customers protect data. There are built-in controls and services in Azure across identity, data, networking, and apps to ensure customers can maintain trust in the cybersecurity posture of organizations storing and processing data on behalf of their customers.
To find out more about data management, read this whitepaper on how CIOs tackle data governance.