In an era of digital disruptions in the form of digital transformation, generative AI, data breaches, ransomware and sustainability, what should organizations be looking out for?
With digitalization central to most organizations’ business transformation journey today, the risks of ransomware and data breaches are high too.
How we manage, process, store, use and share data becomes critical in today’s business environment. Add sustainability and ESG goals to the equation, and the challenges escalate…
Digital transformation is a never-ending journey, as technology and innovations never stop; in the midst of this journey, how should we strategize to effectively include data protection and privacy?
CybersecAsia sought out some insights from Chua Chee Pin, Area Vice President, Greater China, Korea, Japan and ASEAN, Commvault:
What should be some key considerations for C-level and board executives when looking for a security strategy to safeguard their data?
Chua: Data is an organization’s crown jewel, which makes it a chief target for cyber attackers. This is especially evident as we digitalize, and as a result, more opportunities are created for bad actors to exploit, contributing to the increase in attacks and breaches in recent years. For example, in 2022, Malaysia experienced a staggering 57% increase in cyberattacks from 2021, while Singapore was ranked 6th in the world for having the most number of databases exposed.
To counter this, C-level and board executives need to set a solid security strategy framework to safeguard the organization’s data, with the first key consideration being to conduct a complete risk assessment. They need to identify potential vulnerabilities and threats, evaluate the potential impact of data breaches, and assess the likelihood of risk across different infrastructures.
Secondly, a multi-layered security approach including preventive, detective, and corrective measures should be added. Enterprises can incorporate early warning technologies, in-depth monitoring as well as cyber deception into their data protection strategy — enabling them to protect themselves against incoming cyber threats, safeguard their data in the event of a breach, and ensure efficient recoverability.
The third key consideration will be regulatory compliance. Both Singapore and Malaysia have introduced stringent regulations in the form of the Personal Data Protection Act (PDPA). HKMA has invited the Hong Kong Association of Banks (HKAB) to develop guidelines on secure tertiary data backup (STDB). To be compliant, leaders need to understand the requirements and ensure that their current security strategy aligns.
With the huge amount of data available, leaders need to sieve through, filter and prioritize them. Security controls such as data encryption, access controls, and data loss prevention mechanism may need to be implemented whereas technologies such as data masking or tokenization can be used to protect sensitive information.
Despite the technologies in place, why are so many data breaches still occurring? Who has a greater responsibility to protect data – organizations or consumers?
Chua: Data breaches primarily occur due to insider threats, human error, or evolved cyberattacks. Insider threats refer to employees — whether intentionally or unintentionally — disclosing sensitive information or misusing access privileges.
Weak passwords, phishing emails and social engineering are the most common contributors to breaches caused by human errors. The constant evolution of threat actors to find new vulnerabilities means that more Advanced Persistent Threats (APTs), zero-day exploits, and other attacks can bypass security measures.
More has to be done to improve threat intelligence and behavior analytics to detect and respond to these advanced attacks, while safeguarding sensitive information — thereby bridging the gap between data security and data protection. With that, companies must be on the offense, taking it to the attackers by consolidating threat defense, backup, and recovery.
When it comes to protecting data, both organizations and consumers have a part to play. Organizations have a role as custodians of sensitive information.
The first step is to implement robust security measures that include encryption, access controls, monitoring systems, and incident response plans. These security measures help to deploy strict lifecycle credential policies and comply with the most stringent regulations, which reduces the risk of credential theft significantly and ensures that they are segmented and stored away from the backup environments.
In addition, organizations have the responsibility to offer employee training on best security practices and to conduct security assessments to discover vulnerabilities before they are exploited.
Lastly, enterprises should also consider implementing an incident response and business continuity plan. While we hope for the best, we must also be prepared for the worst. This plan acts as a guide for employees in the event of a data breach or security incident. It usually includes processes for containment, investigation, communication, and recovery.
As for consumers, they need to exercise good password hygiene and be more cautious when sharing personal information online. They can also put in the extra effort and enable security features such as two-factor authentication to add a second layer of defense. Staying informed about the latest data breaches and any appropriate actions to take will help to increase the security awareness, as well.
Organizations have had to consider simplification and security when it came to their data. However, sustainability has increasingly been added to the mix. In light of this, what can organizations do to ensure that their business continues to grow without straying from their goals, while playing their part for the environment?
Chua: In recent years, with Environment, Social and Governance (ESG) added into the mix, organizations must pay more attention to sustainability and how they can ensure business continuity while playing their part for the environment. This can start with organizations conducting sustainability assessments where comprehensive checks are performed to understand the organization’s environmental impact across its operations, supply chain and products.
Dark data, one of the key attributors towards increased carbon footprint, is often used once and then forgotten, like the duplicate images you have saved in your drive, outdated spreadsheets from years ago, geolocation data, and old financial statements, among others. This unwanted information is tethered to reality by the energy used to store it.
Therefore, unless organizations train their employees on good data habits, there will be 91ZB of dark data in five years – over four times the volume we have today, leading to unsustainable data processing practices. Needless to say, this calls for an acute need for organizations to eliminate this dark data pollution and adopt a greener approach to data management to save energy and ultimately our planet.
While companies are making the shift to cloud to mitigate the environmental impact, it is still going to be a long time before any organization becomes a 100% cloud company. Therefore, data centers cannot just yet be completely disregarded. One of the key steps businesses can integrate in their approach towards creating a green technological landscape is to reduce the amount of Redundant, Obsolete, or Trivial (ROT) data that they store. AI algorithms can be leveraged here to analyze data types to ascertain usability and put it to work to benefit the company while removing the irrelevant data.
To ensure that their business continues to grow while playing their part for the environment, organizations can also collaborate with stakeholders — customers, partners and industry associations to join forces on sustainability initiatives. It will be more effective when everyone is working towards a common goal. They will be able to share best practices, collaborate on research and resolve sustainability challenges together. At the end, embracing sustainability not only helps reduce environmental impact but also enhances reputation, attracts customers who value sustainability, fosters innovation, and creates long-term value for the organization and planet.