Data Privacy

by Black Hat Middle East and Africa
on
Data Privacy

YOUR BEST BET AT EFFECTIVE DATA PRIVACY

More data is being produced than ever before, and that amount will only skyrocket as time goes on. By 2025, the volume of data generated globally is projected to become ten times the amount of data generated in 2016. This immense growth poses a set of challenges to organisations:

  • Structured, semi-structured, and unstructured data will have more diverse forms.
  • A rapid spread of data as it circulates globally from data stores, including cloud instances, Hadoop nodes, relational databases, and file servers.
  • An increase in users from more locations, functions, and geographies.
  • Onsite, remote, and mobile access points will significantly grow.

So how can your organisation handle this copious amount of data safely and minimise the risk of data breaches? The key is to implement the best data privacy practices. For instance, you can create a detailed cyber incident playbook to help your organisation respond quickly, contain the fallout from a security breach, and regularly test that plan using tabletop exercises or breach scenarios in a simulated environment. Additionally, you can perform adversary simulation exercises, like red teaming, to enhance your IR team's ability to detect attack paths and correct gaps in their detection and response techniques. Having such data security practices in place helps mitigate risk factors like ransomware and brute force attacks.

DATA PRIVACY - HOW TO DO IT RIGHT

Whether you're a Chief Information Security Officer (CISO), enterprise architect, or privacy officer, you're aware of the need for continuous, contextual, and responsive enterprise data protection, as this allows for the detection of new threats as they emerge. However, doing so at an enterprise scale requires taking certain steps to deploy an effective data privacy solution.

STANDARDISE AND AUDIT YOUR DATA CONSISTENTLY

Your organisation has thousands of data stores to protect. This can be done effectively by standardising data definitions and related protection and governance policies. Having centralised policy management is key. Otherwise, security practitioners and architects would be unable to manage policy changes, audit, or track compliance.

BE ACCURATE AND EFFECTIVE

You need to maintain a high level of accuracy in a constantly changing environment. This means that your data privacy solution must include: data context, risk analysis, subject identity mapping, and user behaviour analytics. Otherwise, your program will generate many false positives, making it ineffective at continuously protecting private data.

PRIORITISE SCALABILITY AND TIME TO VALUE

Security and compliance officials have to respond immediately to potential data security risks, often under tight deadlines. According to Gartner, "The amount of time it takes for security teams to detect and respond to excessive risk (with a goal of preventing or minimising the financial impact) will be one of the most critical security metrics over the next decade." This means that you need an automated data privacy solution that can be scaled to protect multiple data stores in less time than it would take to protect each data store separately. Additionally, in order for a data privacy solution to scale and deliver fast time to value, it needs to combine intuitive usability, orchestration of actions, workflows, artificial intelligence (AI), and automation.

ENSURE OUT-OF-THE-BOX DEPLOYMENT READINESS

While CISOs and privacy officers need to have modern automation and AI capabilities at the heart of a data-centric approach to security, they also need to be able to get more value from current security controls. Thus, additions to security ecosystems must be API-driven so they can easily integrate with existing enterprise security controls, such as SSO, password management, shield, encryption, and tokenisation solutions.

SUPPORT ON-PREMISES AND MULTI-CLOUD ENVIRONMENTS

With most organisations undergoing digital transformation, they face more complexities in the digital world. The data protection solution they opt for has to serve all their data sources. This includes data managed in multi-cloud environments, big data, or on-premises systems comprised of either structured or unstructured data formats.

NIP SECURITY BREACHES IN THE BUD

Stay on top of the latest data protection and privacy techniques when you attend Black Hat MEA, the region's largest cybersecurity conference. It brings together ethical hackers, CISOs from leading companies, and over 30,000 visitors to learn and network at a wide array of cybersecurity trainings and speeches by the world's leading hackers. Black Hat MEA is in line with the Saudi Vision 2030, which aims to create a digitally-enabled nation. The shift towards a more digital future means increasing amounts of data, making sophisticated data protection and privacy techniques crucial. Black Hat MEA will bolster that vision by training people in the hands of the world's elite infosec professionals to ensure that the goals of Vision 2030 remain secure from cyber threats.

DATA BREACHES - WHAT'S THE COST?

The average total cost of a data breach is USD 4.35 million in 2022, according to a 2022 research conducted by IBM on 550 organisations in 17 countries and regions which faced data breaches between March 2021 and March 2022. Meanwhile, the average cost of a critical infrastructure data breach was USD 4.82 million across various industries, including financial services, industrial, technology, energy, transportation, communication, healthcare, education and public sector industries. With this in mind, it's crucial for security professionals to take measures to reduce the financial impact of a data breach.

HOW CAN YOU MINIMISE THE FINANCIAL IMPACT OF A DATA BREACH?

There are many steps organisations can take to mitigate the financial and reputational cost of data and security breaches.

PREVENT UNAUTHORISED ACCESS TO SENSITIVE DATA WITH A ZERO TRUST MODEL

41% of the organisations in the IBM study implemented a zero trust approach, which had the potential to save USD 1.5 million in security breach costs using mature deployment. With the increase in remote work and hybrid multi-cloud environments, organisations can implement a zero trust security strategy to protect data and resources by limiting accessibility.

USE POLICY AND ENCRYPTION TO PROTECT SENSITIVE DATA IN THE CLOUD

As the amount and value of data hosted in cloud environments increases, it's paramount that organisations actively protect cloud-hosted databases. Mature cloud security practices contributed to breach cost savings of USD 720,000 as opposed to having no cloud security practices. You can reduce the volume of sensitive information that's vulnerable to a security breach by using a data classification schema and retention programs. Additionally, using data encryption and fully homomorphic encryption are ideal methods to protect sensitive information.

Improve detection and response times by investing in security orchestration, automation and response (SOAR), and XDR

When paired with security AI and automation, XDR capabilities can significantly cut the average data breach costs and life cycles. According to the IBM study, organisations that deployed XDR shortened the breach lifecycle by 29 days on average while saving USD 400,000 in costs. Along with XDR, you can accelerate your organisation's incident response with solutions such as SOAR, security information and event management (SIEM) software, and managed detection and response services to leverage automation, process standardisation and integration with your existing security tools.

Protect and monitor endpoints and remote employees

In the IBM study, security breaches associated with remote work caused approximately USD 1 million more than breaches where remote work wasn't a factor. Security teams can gain deeper visibility into suspicious activity using unified endpoint management (UEM), endpoint detection and response (EDR) and identity and access management (IAM) products and services.

Create incident response (IR) playbooks

Forming an incident response (IR) team and extensively testing your IR plan are two of the most effective ways to minimise data breach costs. Organisations with IR teams that frequently test their plan saved USD 2.66 million in data breach costs compared to organisations that had no IR team or did not test their IR plan.

THE TAKEAWAY

The growing amounts of data all over the world pose a heavy challenge to organisations of all sizes. The more time passes, the more data they will have to manage. Therefore it's paramount to ensure that comprehensive data privacy solutions are in place. Organisations have to go beyond mere regulatory compliance and protect sensitive data using encryption and zero-trust methods. This guards employees' and customers' data and saves you a lot of costs.

Share on

Join newsletter

Join the newsletter to receive the latest updates in your inbox.


Follow us


Topics

Sign up for more like this.

Join the newsletter to receive the latest updates in your inbox.

Related articles

The rise of Ransomware as a Service

The rise of Ransomware as a Service

The rise of Ransomware as a Service (RaaS) means that inexperienced cyber criminals can launch effective attacks with minimal technical skill, exploiting and extorting more victims.

Read More