There is a lot of discussion in the industry about President Obama starting to leak out cybersecurity legislation leading up to next week’s State of the Union address. A focus from the President and cyber being a top priority is an encouraging step in the right direction. Without a doubt, security is hard — any IT security pro will tell you that. But, the industry as a whole (end-users, researchers and vendors alike) has to invest properly and innovate properly to get this done. There just aren’t any shortcuts in getting to an improved state of cybersecurity — not just in the private sector, but for government and law enforcement agencies alike.

One of the items President Obama has focused on to date is the need for a robust data breach notification law. Having a data breach notification law would accelerate the need for companies to invest in better data security technology. It would ensure that companies have the correct policies and processes in place in order to identify and report if a breach has been attempted or successful.

It’s very difficult to predict malicious behavior, whether it’s from an insider or an outsider. This is why companies shouldn’t just focus on the network or user level, but on the data level. With the correct protection applied to the data itself, it doesn’t matter whether a disgruntled employee or a skilled hacker is trying to attack a business' data, as neither will be able to access it. Today, attacks against company data are inevitable, but losing sensitive data as a result is not.