MARKET REPORT Data Security
Data Security –
Prevention or Mitigation?
Data security has risen
up the list of concerns
businesses are now
facing - mostly driven
by compliance factors such as
the GDPR and as the security
market continues to flourish
resellers are faced with an
ever-expanding set of options
that could be slotted in to two
broad camps, prevention and
mitigation.
From a data security
perspective, the last 12 months
has been dominated by the
Cambridge Analytica-Facebook
incident and concerns around
the security and uses of
personal data heightened by the
introduction of the GDPR.
This has acted as a wakeup
call for businesses that security
should be the number one
priority for organisations.
Geoff Forsyth, the CTO of
PCI Pal, says that consumers
have always felt protective
of their data, but with new
legislation redefining the data
landscape, they have grown
more confident and firmer in
When it comes to data security the weakest links are often right under our noses as
a new report from The Bunker highlights. The issues are much wider and deeper than
that according to the channel players we spoke to
demanding their data be treated
with respect, that its uses are
kept visible and clear, and that it
is used only as they agreed.
Is it now a case of ‘when’ not
‘if’ when it comes to security
breaches?
Ian Kilpatrick, Strategic Advisor
for Cybersecurity at Nuvias, says
that today everyone has to plan
on that basis.
“A long time ago, people
thought I’m part of a big shoal of
fish, when it comes to suffering
a security breach, and it’s never
going to happen to me. Then
we moved to being breached
becoming much more likely. The
reality now is that it’s very likely.
Even if you’re a comparatively
small business, it’s just too easy
and cheap for criminals to dial
up attacks on the dark web.
You don’t even need any skills.
There’s a whole infrastructure for
attacking.
If you think you’re not being
attacked, the chances are that
you just haven’t noticed a breach
– even large companies are still
taking in the region of 150+ days
before they are finding attacks. So
for a small company, how many
days is it going to take to detect
a breach? They probably aren’t
going to know until they suffer
the consequences of the breach,
such as money being stolen.”
Duncan Brown, Chief
Security Strategist EMEA at
Forcepoint believes that breaches
are pretty much inevitable.
“In the last seven years one
trillion dollars has been spent
on cyber security (Source:
CyberArk Global Advanced
Threat Landscape Report 2018),
but every CISO we speak to feels
no safer for doing so. More aware
of risk perhaps, but no safer.
When we spend the next trillion,
do we expect a different result?
It’s the definition of madness to
keep doing the same thing, but
expect a different outcome. That’s
why a human-centric approach
is different. We make humans
– and not events – the units
of analysis, meaning security
professionals can use events as a
data input to understand what
each individual is trying to do by
their behaviour.
Based on that understanding
and intent, you can then apply
different policies depending on
the riskiness of that behaviour.
Additionally, you can get
aggressive with automation to
stop threats without breaking the
environment.” >
44 | Comms Business Magazine | March 2019 www.commsbusiness.co.uk
/www.commsbusiness.co.uk