The Dream Team: why data security, compliance and privacy come hand in hand

This is a guest blogpost by Anthony Di Bello, VP Strategic Development, OpenText

Today’s business landscape is littered with valuable data. The rapid adoption of digital technologies, means that every action, reaction and interaction is now producing a never-ending stream of information. Through careful analysis of this information, businesses are able to maximise customer service, improve internal processes, and stay a step ahead of their competitors. Every corner of a business is now a potential gold mine of information.

However, gold inevitably attracts thieves. And the mountain of data being produced by businesses has brought with it a fresh onslaught of cybercrime. Modern digital adversaries have more advanced tools and tactics than ever before, increasing their ability to access and compromise sensitive business data. All it takes today is one innocent click on a malicious link and an entire organisation could be brought down.

When it comes to cybersecurity and information governance, the biggest advantage an organisation can give itself is to better understand its sensitive data. After all, how can you effectively protect something if you don’t understand what it is or where it is located?

With more than half of British firms falling victim last year and new attack surfaces being found and tested each and every day, the odds are stacked against businesses. Breaches are inevitable; it’s just a matter of when.

Add to this the increasingly strict regulatory requirements businesses currently face, such as the EU General Data Protection Regulation (GDPR) and Payment Card Industry Data Security Standard (PCI DSS), it’s easy to see why managing the digital landscape has become a huge challenge for organisations, regardless of size or sector.

Protecting your most valuable asset

Security, compliance and privacy teams work with and, therefore, understand different pieces of the data puzzle and it is only when they collaborate and foster a more interconnected way of working that a complete picture is formed, enabling organisations to unlock their information advantage.

Although sometimes an arduous task, compliance has never been more important. Under modern regulations, such the GDPR, those who fail to comply face not only major fines but long term, potentially devastating reputational damage. Since enforcement began, GDPR has led to $126 million in fines as well as an uptick in breaches reported, according to the DLP Piper GDPR Data Breach Survey 2020. This is particularly pertinent for organisations operating in industries with the most stringent regulations, such as the healthcare sector. For GP surgeries or hospitals, sensitive data and the ability to access it could be the difference between life and death, quite literally.

By sharing information with security and privacy departments, compliance teams can ensure that the appropriate policy-setting and monitoring has taken place throughout an organisation. This is important in terms of shedding some light on the areas of importance that should be regulated by internal teams. It can help security teams to better focus their efforts and start purposefully and aggressively controlling their data landscape. However, when it comes to complete security, adhering to regulation frameworks is only a first step.

Over recent years, the majority of organisations have adopted a “defence-in-depth” strategy, incorporating layers of defensive technologies that analyse the perimeter, network streams and take all endpoints and devices into account. Given the recent incidences of ineffective perimeter defence technologies against targeted attacks, endpoint detection and response solutions, which provide better visibility and control, are increasing in popularity. Thanks to their capability to continuously collect and analyse endpoint data for threats, these solutions can spot incidents as they occur and before damage can be done, enabling organisations to meet the breach discovery and investigation mandates common in most regulation frameworks.

A new era in cybercrime and regulatory standards calls for a new era in cyber defense. In order to take back control, security, privacy and compliance must come together as one, breaking down any siloes and establishing clear lines of communication. It is only through these three teams joining forces – with extra support from the c-suite – that the business as a whole will be able to plan, manage and monitor efforts in the cybersecurity arms race.