Freely subscribe to our NEWSLETTER

Many people talked about how the 2011 breaches could be the catalyst for change for the good in data protection. But, a year later it seems that organisations are still struggling to ensure that their IT security strategies are up to scratch. With LinkedIn, Last.fm and eHarmony being some of the latest victims of hacking attacks, it becomes increasingly important to revisit the events from last year and reassess what organisations have learned from the security breaches.

As businesses strongly depend on users’ trust, data security should be on the top of their agenda forcing them to adopt strict security standards. However, the recent security incidents beg the question: is this really happening?

While no business is safeguarded against hacking attacks and breaches are always going to happen, it is important that organisations understand the need to deploy effective security measures to ensure user privacy and company data are adequately protected. The reputational and financial consequences of a security breach are far too damaging for any brand to ignore.

However, it seems like organisations are not going the extra mile to ensure their data protection strategies are effective enough in preventing security threats.

With cloud and work mobility forcing businesses to ward off hacking attacks on multiple fronts, it becomes increasingly difficult to establish consistent security strategies across all access points. We recently did some polling on the security strategies adopted by enterprises and found that the majority of IT manager respondents were not utilising encryption beyond IT systems’ endpoints to encrypt the actual data and information held inside the perimeter walls. These findings suggest that IT managers are not adopting comprehensive encryption technology to secure core data and systems. This is surprising, especially in the light of recent data security breaches highlighting the poor deployment of basic encryption standards within large organisations.

In fact, a recent report by the Verizon Risk team revealed that 97% of the breaches in the past few years were avoidable and the majority of them were not even highly sophisticated attacks. What’s even more alarming is that 68% of these incidents involved attacks on core data servers which provide access to the most sensitive information within organisations.

So why are businesses still struggling to meet basic security standards? Quite often it is the wrong understanding that encryption needs to be applied only to highly sensitive information such as financial data and intellectual property assets. What’s been overlooked in the past few years is the increased role of soft user data such as personal details and social information as one of the most common targets for cybercriminals. With more and more data being shared online, organisations need to wake up to the need of encrypting all data, not only financial details.

The lack of understanding of security risk is another issue that needs to be addressed by organisations looking to improve their security strategies. Encrypting only the end points of the perimeter is no longer effective in providing reliable security. What’s needed is a more robust approach involving end-to-end encryption across all access points, and securing and protecting the data itself. There is no excuse for businesses not to deploy comprehensive encryption as effective cryptography solutions are available and proven to work.

By encrypting all data at the time of generation and throughout its full lifecycle, businesses will be able to ensure user privacy and safeguard valuable data regardless of where it resides – on a data server or in the cloud.

Another important step in ensuring strong data protection is the management of the security keys. By storing the encryption keys in hardware, outside the virtual environment, organisations will be able to ensure sensitive data cannot be compromised even if it falls in the hands of cybercriminals. What’s even better about this approach is that it provides an additional layer of security that can be extended to all data and applications available on-premise and in the cloud.

This, coupled, with strong two-factor authentication, will enable organisations to stay ahead of the cybercriminals in the security game.