The war for data has begun, are businesses protected?

Millions of people are unaware of how their digital activity and personal data are being collected and shared with large corporations. As companies with as little as five users to tens of thousands of users seek digital adoption, information becomes the currency.

The past two years have been a rocky road for cybersecurity. Organisations have faced unprecedented threats at extraordinary volumes, especially with cloud adoption.

According to the Global Threat Intelligence report by NTT, 99 percent of cloud security failures will be the clients’ fault three years from now. Cloud security posture management is increasingly becoming important.

Understanding how to use data to drive the business forward

The more information you have at hand, the better your capabilities are at forecasting, planning, and making business decisions, hence gaining competitive advantage in uncertain times.

This is, however dependent on how much sense you make out of the data through processing and analysing the information such as competitors’ strategy, customers, intellectual property, trade secrets and strategies among others is highly sought after by different persons of interest.

This kind of intelligence is what creates demand around data, raw or processed.

It’s imperative to shed some more light on the sensitivity of data, the risks around it and ways of mitigating them.

Data is created, exchanged, and stored within computer networks and devices. This may be a personal computer, mobile phone, servers in private datacenters or data stored in the cloud. With this, comes many attack vectors that adversaries can take advantage of.

It is the role of organisations, users, and policy influencers to be aware of what can happen when privacy is violated online.

Regulation of data is critical for protection

Kenya adopted a Data Protection Act in 2019 that is aimed at regulating the handling of data. There has been continuous awareness on the subject. However, the journey has just begun. We have a long way to go to maturity.

The mere fact that organisations are yet to create cybersecurity frameworks and policies that would help reduce the various risks around data is a risk in itself. Risks come in many forms as mentioned earlier. Are organisations aware of the risks, their forms and how to mitigate them?

Regulators have a mandate to supervise and manage business activity within various industries. For example, the Insurance Regulatory Authority, has a mandate of controlling insurance business activities, protecting both the insurer and insured.

The Central Bank of Kenya has a mandate to regulate all financial service providers on the practice. These are two areas that have seen a steep rise in digital technology adoption as well as heightened increase in cybersecurity risks. Are organisations able to secure the data subjects effectively?

While the answer to this might be subjective and relative, the concern is still looming that adversaries are becoming smarter and more agile by the day and attackers are finding new ways of taking control and mining data in networks to their benefit.

Case in point, a breach revealing sensitive information like patient data in a hospital would lead to reduced confidence in privacy in the healthcare sector, leaks on customer credit/debit numbers would lead to decreased deposits from customers in banks, stock price reduction for the public trading banks.

Identifying theft when personal information is accessed is also an ever-increasing concern from the public.

Another risk is when the quality of data is compromised, data quality could be compromised if accessed by the wrong users. This could be deliberate or not.

When this happens the insights from faulty data could mislead decision-makers, for instance, to invest in non-performing portfolios, negative public opinions etc. I would leave you to think what else could go wrong.

How organisations equip themselves today for tomorrow

To address cybersecurity risks, one of the ways by which network providers are participating in the reduction of cyberattacks is to continuously design devices that are more intelligent and that are secure by design.

This means that apart from the core functionality of a device such as a router, it can also check, analyse, qualify its health, identify vulnerabilities and sync with its Original Equipment Manufacturer signature database to pick recommended patches.

For example, a network that can leverage a Software-Defined Wide Area Network to manage geographically distributed locations and users with the level of intelligence described above.

It provides agility, transformation and automation delivered through an intelligent secure cloud-network fabric that delivers information from anywhere, and on any device.

Now, we realise that innate capability is one thing, but utilising the capability is another. This is the most challenging aspect in the whole security cycle – bridging and matching technology capability with the expertise to operate and adopt.

This is why there is a shortage of cyber skills globally. That is why companies like Dimension Data have invested in the necessary skills and effective technology tools to assist clients reduce cyber risks end to end both offensive and defensive.

Reputation is a key driver of business continuity. Companies continuously strive to build lasting reputations in markets they operate in.

This demands resources and thus high-cost implications, for instance, marketing, sales, and public relations. However, it would take one cybersecurity incident to dilute all these efforts.

For companies to achieve the required levels of data security, many moving parts have to be synergised. All stakeholders from executive boards, senior management, to users must be involved in the journey. The security agenda is not only a business issue but a cultural issue for all organisations.

For it to be ingrained in business, policies should be implemented by operations, adopted, and embraced by all employees and third parties.

What lies ahead in the murky realm of the future has yet to be decided, but the invisible threats, attack vectors and global cyber threats are in play. The lines are being drawn, the attacks planned, and the data identified.

What happens next is uncertain, but what happens now is not. It’s up to each of us to understand the risks and protect our data and information assets the same as we would anything of substantial value – with trusted, robust, and intelligent security that is designed deliberately to adapt and evolve in order to meet the threat.