Last updated: 16 May 2016
A data breach has just occurred, but no one knows it yet. Where it’s taking place and to whom is presently unclear. What I can tell you is that it’s happening.
In our six-part series, ‘Securing the Breach’, we will take you on a journey – starting with the current state of data security, how we got here, and what you can do to avoid falling victim to a breach. It’s a logical 3-step process. The hardest part will be trying to alter your organization’s perception that what has worked in the past no longer addresses the current problem. Getting you to accept the breach and realize it’s just around the corner may take some convincing, but we’ll try.
Less than five years ago, IT professionals could click a compliance check box and be done. They could confidently implement a multi-million dollar IT infrastructure and call it a day—securing the perimeter with a firewall was adequate. Everything resided within the organization. Weren’t those the days?
Enter Big Data, Software-as-a-Service (SaaS), and virtualization, and this party just got interesting. The data sprawl epidemic is here and it is sloppy; it’s falling over everything and the guest list on who can access it is spreading like wildfire. Customer data, confidential files, and proprietary secrets have now made their way across the perimeter of organizations everywhere.
A pivotal moment; the dynamics of what we were protecting changed, yet how we were protecting them didn’t. We chose the path of least resistance and simply built fiercer firewalls. According to IDC, of the $32 billion enterprises spent on security technology in 2013, more than 26% ($8.4 billion) was invested in network perimeter security. Additionally, they project a 7.1% growth rate through 2017 of organizations investing in methods to prevent the breach.
The 2013 Verizon Data Breach Investigations Report further substantiates this prediction. In just the past two years, it uncovered 1476 global data breaches and 218 million compromised records. Clearly all of that money invested in 2013 toward breach prevention was in vain.
These statistics confirm that you cannot prevent the breach. You must accept that the breach is coming, and then put a strategy in place. Protect the data that resides within the infrastructure, secure the network traffic flowing from branch offices to headquarters to disaster recovery sites, and control access to it. We call this Securing the Breach, and it is the only way to truly protect your company from detrimental loss.
Don’t be naïve- even the largest organizations have fallen victim to breaches and data loss. I strongly urge you to perform your own risk assessment and stay up-to-date on data breaches, especially within your industry. Visit www.breachlevelindex.com and learn how to reduce your risk score.
By properly securing the data, you can mitigate the overall cost and adverse consequences that result from a breach. Still not convinced? In the next blog post in this series, we will reveal Gemalto’s Secure the Breach Three Step Program, a strategy that will protect your data even after a breach has occurred.