In 2022 alone, there were over 1,800 data compromises. According to the Identity Theft Resource Center’s 2022 Data Breach Report, the number of people affected by data breaches jumped 40% from 2021 to 2022 to affect 422.1 million people.
In order to comply with data privacy regulations, it’s become critical for organizations to prioritize data protection.
Here are a few comments from data privacy and protection experts in the field:
Amit Shaked, CEO and co-founder, Laminar
“As the world celebrates Data Privacy Day, it’s important to remember that there is no data privacy without data protection.
This problem is becoming more acute as organizations adopt hybrid cloud infrastructures without ensuring effective security, privacy and governance for the data stored across vendors and clouds. Two statistics paint the story. Two-thirds (66%) of organizations store between 21%-60% of their sensitive data in the cloud and nearly half (45%) experienced a cloud-based data breach or failed audit in the last 12 months.
IT and security teams risk exposing customers and losing intellectual property, strategic advantage, and revenues if they don’t shore up data protection as well as data privacy. Fortunately, by adopting cloud-native data security platforms, these teams can regain visibility into – and control over – their valuable data and keep it private and protected. Using a cloud data security platform provides autonomous and continuous discovery, classification, monitoring and protection of all data stored and used across platforms like AWS, Microsoft Azure, Google Cloud, and Snowflake.”
Justin McCarthy, co-founder and CTO, StrongDM
“Data Privacy Day is the perfect opportunity to take a step back and consider your data privacy initiatives holistically. That means asking yourself questions like, ‘are we maintaining the highest standards of data privacy?’ ‘are we taking the right steps to protect data against data leaks?’ ‘have we done our due diligence to ensure that unauthorized access–whether from internal or external individuals–is prevented?’
For example, you’ve set up data classifications. You’ve determined who needs access.
But are you validating that credentials have not been put into code? Do you have credentials sitting in your repos that might not have the same level of access scrutiny as admins or privileged users? Is production data going into dev or staging environments that have loose access oversight? How long would it take for you to determine all the people who have had the ability to access a database, who accessed it, and what they did? Can you even do that?
Data privacy also means protecting how data is accessed, and data privacy initiatives must also account for that. That means ensuring that only authorized users have secure access to sensitive data and systems, and that you’re moving towards just-in-time access or Zero Standing Privileges–across network resources, provisioning and deprovisioning, and especially for temporary users that have access to sensitive information. All of this requires fine-grained observability and auditability across all your systems.”
Matt Rider, VP of Security Engineering EMEA at Exabeam:
“Today, data protection is inextricably entwined with cybersecurity. With the average number of attacks per organisation worldwide reaching over 1,130 weekly in Q3 2022, sensitive personal data has never been more at risk. And, while cybersecurity typically focuses on keeping systems secure against attacks, data protection has a vital part to play. It brings together efforts from across an organisation to ensure that data is kept safe as well as compliant with the latest regulations – regulations which take centre stage in the event of a successful cyber attack, bringing us back to cybersecurity.
Part of having strong data protection measures in place involves knowing where your data is stored and who is accessing it at any given time. IT teams can use tools such as User and Entity Behaviour Analytics (UEBA) to monitor these patterns and learn what a normal day looks like for their organization when it comes to the data flowing within it. If access is attempted by a malicious actor – whether internal or external – the IT team can be alerted to this anomaly and work quickly to shut down systems and prevent the attacker from digging any deeper. This can be further supported by employees being aware of and following the latest data protection best practices, which makes it easier for the IT team to spot any unexpected behavior.
“Data protection and cybersecurity – you can’t have one without the other. So, when considering how to bolster your cybersecurity defenses, make sure that data protection is top of mind, otherwise, you’re leaving an open goal for any skilled attackers taking advantage of a blindspot.”