The global economy is utterly reliant on data.
According to the International Monetary Fund (IMF), data is as much of a critical input to modern economic production as land, capital, labor, and oil. Contemporary organizations use data to improve customer experience, streamline business processes, and even create innovative new technologies - but these benefits come with a heavy price.
The extraordinary – and largely unquantifiable – value of data today has made it irresistible prey for insatiable cybercriminals. Poor data protection is the blood in the water, and as such, cybercriminals have had a feeding frenzy in recent years.
And things are only likely to get worse. The economy will become increasingly reliant on data as cybercriminals grow more sophisticated, developing (as much as we might hate to admit it) increasingly intelligent and creative methods to bypass cybersecurity defenses. With this in mind, we spoke to six data protection experts to get their thoughts on how modern organizations can protect their data now and in the future.
This blog post will outline the three pillars of data protection – Classification, Data Loss Prevention, and Secure Collaboration – and explore some of our experts' opinions in our new eBook.
Data Classification
The first step in an effective data protection program is data classification. Data classification involves categorizing and organizing data based on predefined criteria such as sensitivity, importance, or confidentiality. It helps organizations manage and secure their data by applying distinct levels of protection, access controls, and handling processes to relevant data sets.
According to Ambler T. Jackson, Cybersecurity Engineer at Noblis, poor data classification is one of the most significant data protection challenges today:
"One of the most significant data protection challenges facing private and public organizations is implementing a data governance strategy that helps stakeholders fully understand the organization's data, e.g., the type of data, how it is used, where it is located within the enterprise, and how it is accessed."
Piers Chivers, Product Manager at Fortra, echoed this sentiment, arguing that "customers don't necessarily know what they want to protect, which is ironic when you think about it, and the people running the data protection projects have not had good direction from their leadership on what are the threats or risks that need to be addressed."
Data Loss Prevention
Once an organization has classified its data, it can look to data loss prevention (DLP) solutions. DLP is a set of strategies, processes, and technologies that prevents sensitive data from being unintentionally or maliciously leaked, lost, or accessed by unauthorized individuals. It monitors, detects, and prevents unauthorized data transfers across various channels, including email, web applications, physical storage devices, cloud services, and more. Organizations can implement DLP at different layers of their IT infrastructures, including endpoints, networks, and cloud environments.
However, it is often challenging for security teams to convince senior leadership to purchase and retain DLP and similar tools. For Jarell Oshodi, Deputy Chief Privacy Officer at the Centers for Disease Control and Prevention, it's essential to highlight return on investment (ROI) statistics, arguing that CISOs must "develop metrics and key performance indicators (KPIs) that demonstrate the ROI of data protection investments. Measure and report on the effectiveness of data protection tools and programs, such as reduction in data breaches, improved incident response times, increased customer trust, and regulatory compliance."
Secure Collaboration
The final crucial tenet of an effective data protection strategy is secure collaboration. Secure collaboration is a set of technologies, strategies, and policies that control digital content and data access, distribution, and usage. It aims to protect the rights of content creators, owners, and distributors while ensuring that organizations enforce all rules and restrictions associated with those digital assets.
Secure collaboration is essential as organizations incorporate artificial intelligence (AI) and machine learning (ML) technologies into their infrastructure. Generative AI tools such as ChatGPT raise troubling questions about digital rights and data privacy; Camilla Winlo, Head of Data Privacy at Gemserv, is determined to ensure data protection and digital rights remain a priority as technology advances:
"The most critical challenge for data protection is ensuring it continues to be seen as relevant and valuable. When potentially transformative new technologies like generative AI are launched, it can be easy for organizational leaders to get excited by the opportunities and struggle to engage with the data protection risks. The conversations around new technologies can be quite esoteric, and when the conversation is about the risk of AI robots destroying humanity or the lawful basis for collecting the underlying data set, it can be hard for people to relate that to their business and everyday lives. There needs to be more conversation about what the potential impact of personal decisions can be and what kinds of risks people can face through their personal data protection choices."
Proper data protection relies on the principles outlined above and a varied, flexible, and, most importantly, informed approach. Check out our latest eBook here to find out what six leading cybersecurity experts suggest you can do to secure your data.
