How Organisations Should Guard Against Potential Cyber Security Threats
So, how do individuals end up compromising data for organisations? Zaki Qureshey, director general, Hyderabad Security Cluster, says, “Mobile devices, both corporate-owned and bring your own device (BYOD) [personal], are now the dominant productivity platform in any enterprise organization: 60 per cent of enterprise endpoints are mobile, according to Microsoft.” However, mobile devices are under-protected and disproportionately targeted, he adds. “These devices operate extensively outside of corporate firewalls, in the hands of users who may not prioritise precautions like vetting Wi-Fi networks or keeping their devices patched and updated. Mobiles often represent a wandering corporate data repository. That’s why Zimperium (one of the leading mobile security solutions, which offers only real-time, on-device, machine learning-based protection against Android, iOS, and Chromebook threats) detects an average of 600 million threat events involving enterprise mobile devices daily.”
Implication of A Data Breach For Organisations
- It can have damaging effects on business operations that cause a financial loss of around $5,600 per minute towards network downtime, according to industry surveys cited by a Gartner blog. This calls for an elaborate investigation that looks at aspects like how the breach happened and which systems were intruded, followed by a complete shutdown of the operations.
- Individuals can pursue legal action against an organisation and seek compensation, in case their data is compromised. Under the data protection Act, organisations are legally obliged to undertake certain measures for data protection.
What Can Organisations Do?
Some of the data protection technologies that organisations can consider are:
- Implementing the use of a set of tools and ideas that can protect sensitive data.
- Building and implementing a firewall to prevent any unauthorised access to data.
- Establishing solid authentication and approval measures that facilitate verification of user credentials, while ensuring that the user privileges are implemented in the correct manner using the IAM (Identity and Access Management) and RBAC (Role Based Access Controls) solutions.
- Enforcement of encryption that keeps your data protected from any unauthorised access, for example, by making the data indecipherable, even if it gets leaked.
- Use of Endpoint protection tools that helps organizations to keep a check on their network boundaries and refine the traffic as and when required.
- Automation of removal of redundant data, which is already processed or evaluated, and is no more required.
- “Reporting unfamiliar email sources by employees, creating a responsible Phishing plan, hiring cyber experts with regulations around data privacy, protection, and penalty, running an internal compliance course, or conducting regular cyber risk reports, are some of the ways an organisation can keep itself protected from cyber attacks,” says Sigler.
According to Qureshey, modern enterprises should especially take note of mobile security solutions. “There is a need for an advanced technology solution that leverages machine learning to protect against a device, network, application and phishing attacks,” he says, adding that the solution should fit into the existing security ecosystem.
Whether it’s the increased online activities by individuals or increased dependency on mobile devices for productivity by an organisation, cyber security measures can’t be ignored.
Source: Publication: OutlookIndia ,7th Dec,2021