What the Cybersecurity Leaders Are Saying About Data Privacy

“As we increasingly blur the line between our online and offline lives, Data Privacy Day is the little reminder we need at the start of each new year to ensure our personal information is protected.  Even though we live in a digital world, we are often not fully cognizant of data privacy until our data has been compromised.

In the age of the work-from-anywhere economy, business leaders should realign their security priorities to manage risks affecting sensitive information. To guarantee a seamless flow of data from endpoints to cloud-based services and data centers, it is becoming more important to protect the data in transit as well. India’s crucial business data can be protected through investment in the modernization of security infrastructure, using secured collaboration and information-sharing platforms, leveraging threat intelligence for proactive cyber defense, and using security orchestration and automation (SOAR) to streamline SecOps and performing periodic security and risk assessments.  Individuals must take control of their digital footprints and privacy as we continue to telecommute in 2022. Moving forward, cyber situational awareness and hygiene will continue to play a key role as one of the pillars of data privacy.”

 “The AppDynamics App Attention Index 2021 showed that security is the number one component of a high performing ‘total application experience’ for consumers. And 90% say that their expectation of brands to keep their data secure has increased since 2020. It shows that brands must go above and beyond to meet their users’ expectations towards security. In this post-pandemic era, a strong security posture means organizations have the necessary processes to protect their applications and business from vulnerabilities and threats. In a world where sensitive data is constantly at risk of being compromised by malicious actors, they must be prepared and strengthen their security posture, enabling them to predict, prevent and respond to threats.”

“The DevSecOps methodology, a modern approach to software development, takes things a step further and incorporates security enhancements at the beginning of the application development lifecycle for a more proactive approach to reduce risks of threats to sensitive customer data. But for a DevSecOps approach to be fully effective, teams need to implement a full-stack observability solution. This approach will give them in-depth visibility into the entire IT stack, including traditional legacy systems through to new, native cloud environments and hybrid deployments. It is a vital step in the right direction.”

 “In recent years, data privacy compliance has become a critical consideration driving critical business decisions as companies look to digitally transform. Cybersecurity vulnerabilities continue to increase as companies grow their digital footprints due to the generated massive amounts of data. Due to the increasing complexity of data flows, enterprises need to evolve past securing data at rest to a posture of continuous governance where all data is protected. The Data Privacy Day comes as a reminder for organizations to assess their cyber risks and ensure strong data privacy protections are in place but in such a way that will not impede innovation within the digital economy.

Increasingly, we see enterprises place, manage and analyze data at the edge, closer to their users, services, and clouds. Meanwhile, concerns over the security and privacy of data in motion and the cloud have also increased. This situation is more critical in Asia-Pacific and has driven the need for better technology and infrastructure solutions that improve data accessibility, security , and control while meeting increasing data privacy requirements. It is a balancing act.”

 “While it is great that we are all more connected than ever before, the shift to remote work in response to the pandemic has presented inherent security issues. Recent large-scale data breaches have made data privacy a hot topic in the last two years. As of 2021, CERT-In had documented and reported more than 11.5 lakh incidents of cyberattacks. Data Privacy Day is an excellent opportunity for companies to commit to cyber security and implement robust data management solutions.

Today, data privacy is a matter of paramount importance. Businesses of all sizes must take data privacy seriously and proactively protect personally identifiable information. Cybercriminals can target any organization, no matter its size, location, or industry. So, if you want to safeguard your organization’s data, you need to build a cyber-secure and human-centric corporate culture.

Establishing a security-aware culture begins with an open discussion of data privacy. Employers are the source of the greatest privacy risks, and as such, they can play a vital role in minimizing these risks. Changing behavior is how leading organizations educate their employees about their risks. Employees will be less likely to share sensitive information online if they understand how websites and companies use their data. Data Privacy Day is the perfect occasion to kickstart an ongoing focus on security and privacy.”

“Take the time to learn what privacy controls are available in all the apps and online services you use. Unfortunately, every app and social network seems to do things differently, with privacy and security options often scattered liberally across numerous “Settings” pages. But don’t be afraid to dig through all the options, and don’t just rely on the default settings.  Start by turning off as many data sharing options as you can, and only turn them back on if you decide you want and need them.

Suppose a service demands you to share more than you are willing to hand over. In that case, your address, phone number, or birthday, for example – or asks for data that you don’t think is relevant for what you are getting in return, ask yourself, “Do I need to sign up for this, or should I find somewhere else that isn’t so nosy?”

Don’t let your friends talk you into airing and sharing more than you’re comfortable with – after all, it’s your digital life and your data, not theirs. Remember: if in doubt, don’t give it out. and be aware before you share.”

“Data privacy reform has changed our global community forever. As we begin 2022, organizations face an emboldened world demanding greater accountability and trustworthiness. The recent steps taken by several countries to bolster their consumer privacy rights and processing activities (such as China’s Personal Information Protection Law) will have a far-reaching global impact on privacy rights and data protection practices.

People are more empowered than ever to exercise their rights, submit Subject Rights Requests (SRRs) and reclaim control of their information. They want to understand how their data is used and access, correct, delete and restrict use. To meet these data-intensive demands and overcome a scarcity of resources to support key business activities, organizations must embrace process automation for SRR response and apply case management tools that best track its performance and effectiveness. A well-executed program that delivers a strong experience will be critical to improving customer satisfaction and loyalty.”

 “It’s not just humans that are susceptible to clicking on the wrong link or are perhaps a little too cavalier about what they share about themselves. Software bots have sharing issues too, and this Data Privacy Day, we highlight how we can better protect the data they access from being exposed.

The privacy problem arises when you start to think about what these bots need to do what they do.  Much of the time, it’s access: If they gather together sensitive and personal medical data to help doctors make informed clinical predictions, they need access to it. If they need to process customer data stored on a public cloud server or a web portal, they need to get to it. If bots are configured and coded badly, they can access more data than needed. The output might leak that data to places where it shouldn’t be. We’ve seen the problems that can arise when humans get compromised, and the same can happen to bots – and at scale. Likewise, we hear about insider attacks and humans being compromised to get to sensitive data virtually every day.”

“In the U.S. alone, there are several disparate federal and state laws, some of which only regulate specific types of data – like credit or health data, or specific populations – like children. Combining these regulations with the many different international laws that aim to ensure data privacy, such as GDPR, and compliance for companies with global operations becomes an extremely complex undertaking.

Data Privacy Day serves as a reminder that cyber asset management should be a top priority for every organization. Enterprises cannot ensure compliance and data security unless all assets are properly known, tagged, and mapped in the cloud. To avoid jeopardizing sensitive company or customer data, organizations must take the first step of cyber asset management to secure visibility of all cyber assets in their IT environment and understand connections between business services. This includes identifying misconfigurations and automatically prioritizing risks to improve overall security posture, allowing for real-time visibility and management of all sensitive data.”

“Over the last 2 years, there has been a significant rise in cyberattacks all over the world. The pandemic has increased our dependency on mobile devices and remote access to core business functions. While remote working became the saviour, it also introduced a new set of security challenges by raising concerns regarding identity-based threats, privacy breaches and the loss of essential data from unprotected devices and systems. Despite the best efforts of security teams, attackers consistently took advantage of vulnerabilities, discovering new ways of infiltration and taking advantage of people’s curiosity as well as their fears around Covid-19, leveraging socially engineered lure files and tactics.

There is a huge digital shift that has been created by the pandemic where many industry sectors have witnessed an accelerated approach towards digital transformation and their erstwhile perimeter has moved beyond their enterprise firewalls to cloud; either a public cloud, hybrid cloud or a private cloud. This has added complexity to the IT architecture stack and also increased the potential attack surface for adversaries to exploit; and often under-resourced security teams to protect.

Today’s new perimeter needs to be buttoned up with operations and security collaborating to create a secure network. With more data moving to the cloud every day, it is imperative to have a re-architecture of the cyber strategy which should go around all three dimensions of security i.e. people, process and technology.”

“In a time when trust in organizations is easily lost and hard to gain, companies must do everything they can to ensure their customers’ data is secure and adhere to high privacy standards. Data security and privacy must work like hand in glove because data security is the technical implementation of what data privacy dictates. As the economic value of data increases, so do the risks involved. Organizations need to ensure that data security forms an integral part of their overall privacy strategy. By leveraging technical controls and making data privacy a business priority, organizations can outline policies for data usage and access while ensuring transparency and reducing their overall cyber exposure.”

About the Author

Rudra Srinivas is a Senior Feature Writer and part of the editorial team at CISO MAG. He writes news and feature stories on cybersecurity trends.       

More from the Rudra.