A Different Take on 'Data is the New Oil': Preventing and Putting Out Data Breach Fires in the New World of Remote Working

It is often said that 'data is the new oil'. Whilst the phrase is commonly used to represent the value of data in a digital economy, it also reveals another analogous similarity – that like oil, unsafe handling of data can lead to a disaster.

The Situation

The COVID-19 pandemic brought quarantines, isolations and lockdowns that saw entire workforces suddenly shift to working from home. This forced organisations around the world to adapt their operating model to support a distributed workforce at a scale that had never been experienced before. Digital transformation is no longer just a competitive advantage but a necessity for survival, resulting in a surge in technology adoption across areas like video conferencing, electronic signatures, digital approval workflows and more.

Although there are obvious benefits that come with digitalisation, the speed and scale at which it has happened has also increased the surface area for cybersecurity attacks and data breaches to unprecedented proportions.

And whilst the vaccine for the coronavirus is being rolled out in many parts of the world, Cisco's "Future of Secure Remote Work Report" finds that widespread virtual working and its associated security risks are here to stay: “As organisations start preparing for a post-pandemic world, one thing is clear: employees now expect to have the flexibility and ability to work remotely regardless of what the future of work entails, given the fact that we are not going back to the way things were pre-COVID-19."

As a result, cybersecurity is more important than ever and is making its way inevitably onto the agendas of senior management and the board of enterprises. This was reflected in Deloitte's 2020 Cyber Survey, where 68% of organisations across all sectors they surveyed indicated that they have cybersecurity on the leadership agendas on a quarterly basis or more frequently. 

But cybersecurity is not just a real issue for large enterprises. Whilst most SMBs have the perception that their organisation is too small to fall victim to cybersecurity threats, it is exactly this 'head in the sand' attitude that leaves them most exposed, with 28% of data breaches in 2020 involving small and medium sized businesses according to the Verizon Business 2020 Data Breach Investigations Report.

So, what should organisations do in response to this?

Preventing Fires

As they say, prevention is better than cure. And in the context of data breaches, this saying certainly rings true when the consequence involves reputational, operational, legal and compliance implications that attract an average cost of $3.86 million per data breach according to the Ponemon Institute 2020 research.

 Examples of how organisations and teams can minimise the event of data breach:

• Awareness training – Especially in a working-from-anywhere environment where cyber environments are more diverse and less controlled than in the office environment, the democratisation of cybersecurity knowledge and culture across all employees and not just IT security teams is important. Employees should be empowered to protect themselves and the organisation through education on security-centric practices such as password best practices, identifying phishing attacks, and ensuring that software is up to date.
• Policy coverage – Policies should be revised or introduced to adjust to the new normal of working from anywhere which introduces new challenges such as an increase in bring your own device (BOYD) setups. Policies particularly relevant for a work from anywhere environment include safeguards for unattended devices such as lock screens, up to date antivirus software, zero trust models to access, device sharing for example with family members, and segregating the connection of work devices from smart home devices.
• Modernise hardware – Although cloud adoption is rising, the reality is that most enterprises utilise a hybrid on-premise and cloud IT strategy. This means that hardware vulnerabilities such as spectre and foreshadow are real risks, especially with the end-of-support for Windows Server 2008/2008 R2. Hewlett Packard Enterprise solves this with their HPE ProLiant servers which offer unmatched automation, security, optimisation, and built-in intelligence that include security features such as immutable authenticity assurance, native data-at-rest protection and cloud compatibility.

Putting Out Fires

Having robust cybersecurity also means having an effective breach response in the unfortunate event of a cybersecurity incident. Deloitte's "Taking a customer-centric approach to a data breach" Report distills the effectiveness of a breach response down to two factors: the speed of notification and the quality of the response.

Examples of how organisations and teams can improve the speed and quality of breach responses:

• System backups – In today's digital operating environment, uninterrupted access to systems and data is critical. Ensure that system backups are operational and adequately separated from production systems. This will enable data resilience and business continuity where important business data can be recovered efficiently in the case of a data loss event or ransomware attack. 
• Incident response plan and simulation – Having an incident response plan to ensure incident readiness is even more important with a distributed and remote workforce. Plans should address components such as communication plans with a remote incident response team and a focus on cybersecurity events. With more risk variables and fluidity in how we work, plans should be frequently reviewed and revised, and frequent cyber incident simulation exercises and scenario testing should be conducted to ensure that the plans are robust whilst preparing teams for incident handling.
• Automated breach notification and reporting – The average time to identify and contain a breach is 280 days according to the 2020 Ponemon study. This is because whilst processes are in place, the identification, control, escalation, response, and board reporting of data incidents are still largely manual. Organisations can dramatically reduce this risk and cost by using tools that automate incident assessment and reporting. These tools enable a streamlined method of identifying and logging incidents, triggering different responses, escalations and reporting based on the circumstances provided.

In the same way that oil should be stored away from external heat sources, transported in corrosion-treated pipes, and spill kits and fire extinguishers are readily available in the event of an emergency, organisations need to ensure that the storage, transportation and use of its data in an increasingly cyber workforce is adequately protected. With a highly distributed workforce, organisations cannot expect that the cybersecurity practices and controls that were in place pre-pandemic are still sufficient. IT security teams and the wider business need to work together and share the responsibility for security governance, technology and practices that cover the new increase in digital surface area that, whilst catalysed by the pandemic, is here to stay.

What are you currently doing to ensure cybersecurity in a distributed, digital business environment?