It’s Time to Fight Back and Protect our Critical Infrastructure

The year 2020 certainly has thrown some curve balls. To add to the list of challenges this year, according to data acquired by Atlas VPN, there have been more than 2,000 publicly reported breaches in the first half of 2020 alone. The data speaks for itself, but, it’s safe to say that 2020 has seen data breaches hit an all-time high.

We really need to ask ourselves, why are so many organizations ‘sitting ducks’ right now with hackers looking to target the most vulnerable critical infrastructure, government or large company?

During 2020, organizations have worked at a pace to make it possible for workforces to operate remotely. That trend is not going to be reversed any time soon with the most recent UK announcements urging office workers to continue in this fashion in the months ahead. This rapid move to a distributed workforce has not only meant IT departments have had to overcome technical issues, but, that workers themselves have used their own initiative to make sure they can work in the most effective way possible.

The relief and the risk

With the return to the office not on the cards for the foreseeable future, organizations are becoming increasingly aware of the risk this is putting their data under. For the organizations who’ve had to improvise and implement a temporary solution to manage their data remotely, it is critical they start to consider data risk. In fact, according to a survey from Centrify, 71% of business decision makers believe that remote working has actually increased the likelihood of a breach.

In many organizations, data will have become fragmented at a scale that is greater than ever before – and more complex. The problem is that data does not stay still. With every moment it is growing and moving around, both inside and outside the organization.

Everyone may have believed that they had to do ‘whatever needs to be done’ to remain operational earlier this year, but it is time to start looking seriously at how data is being managed and the impact of those decisions. Every organization should be asking itself whether it has let its guard down on the systems and processes needed to ensure they remain compliant with industry wide regulations such as the GDPR, as well as those required for your industry.

You only know what you know

We are still in the throes of a pandemic, but it should be an imperative to get your data back under control. The longer it is left, the harder it will be to manage, and, in turn, the data will sprawl further. The key is to quickly establish the extent of the problem, and there are three basic stages:

  1. Define a strategy: Not only to tackle the existing problem, but to build good data management controls for the future that are both effective at controlling risk and frictionless for users. Consider new Data Management Platforms that can help ensure the compliance of your data, and even use AI to identify and stop data sprawl. Simply pulling data back into the corporate network is not enough. It will sprawl again.

  1. Build a data catalog: A data catalog provides you with a searchable index of your data assets, where they reside, how they propagate, and where they are used. This gives you the knowledge to make informed decisions around risk exposure. Examples of this knowledge include whether or not risky data flows exist, whether legacy applications are vulnerable and need replacing, whether individuals have access to unrestricted or unprotected customer data and how sensitive data is propagating within and outside of the organization. Knowledge of your data is the first key step in making informed, prioritized choices.

  1. Look for ways to simplify: You probably have a mixture of applications, cloud services and tools from a host of vendors used across the business. Look at ways to standardize and simplify the applications the business relies upon. This means getting a better understanding of what your organization needs to reduce your risk and increase your agility. In getting this right, it will lead to better visibility, simplicity, agility and ultimately lower risk.

It’s not just about control

A good data management strategy and tool set can dramatically lower the risks to an organization’s data and critical infrastructure, and newer platforms can even use AI to identify risks as they develop.

Remember, it is not just about lowering risk and control – fragmented and sprawling data leads to pockets of hidden information, but connected and well managed data leads to knowledge and actionable insights. A well thought-out data management strategy lowers risk, gives control, and can enable a business to get the most out of its data.

What’s Hot on Infosecurity Magazine?