A study conducted by Kaspersky in early January 2020 revealed that the majority of IT decision-makers and data security leaders across UK organizations believed that their companies were complacent about document protection. The study concluded that although most participants were aware of the hazards existing in data, and the massive implications of a data breach, they continue to remain in a state of denial or panic on how to equip themselves sufficiently against data violations.
Security researchers at Kaspersky further revealed that when it comes to data security in the UK, organizations are complacent about the thought of taking the initiative. But given the seriousness and the immense demands surrounding the protection of valuable information, they are either opting for a hair-trigger solution rather than a comprehensive approach to document security.
The high-profile examples, in recent months, of substantial data breaches at Tesco, The NHS, Cathay Pacific and Maersk are what triggered the study at Kaspersky to understand the general opinion in UK companies about the clear and present danger of data security. The study sampled various sized organizations across industries, and it was soon observed that complacency was, in fact, a complicated, multi-hued feeling with multi-layers among the organizations.
Participants in small and medium-size companies revealed that they were considered too small to be attacked and that data breaches only take place in large organizations that house big data. So, a small producer of widgets thought itself a seemingly insignificant link in a larger value chain, while the others revealed complacency about their weaknesses. The study also observed that some organizations did not even have the bare minimum of password-protected documents and files. Given the threat of data breaches on an almost daily level, this level of complacency must be viewed as unpardonable.
In addition, more than three-quarters of organizations agreed that data complacency was damaging to their operations. At the same time, another two-thirds accepted that they would lose consumers if a data breach were to take place in their organization. What was even more concerning, was that over 61% of those surveyed in the study revealed they were likely to be faced with a data breach in the next two years.
So, if there is an ostensibly general assertion that data threats are out there and that the implications of breached consumer data are colossal, why are organizations still complacent about the concept of data security?
Although the awareness around data security is slowly increasing, decision-makers, especially at the board level are aware of the dangers surrounding data. Still, they typically lack the information or the know-how on what to do or how to go about it. According to the DCMS Cyber Breaches Survey, more than two-thirds of organizations are likely to suffer a data breach. However, the survey also reveals that very few have incident response plans or the proper training modules in place to deal with a data breach.
Security experts believe that for data security communication lines to change and for department heads in organizations to become more effective in safeguarding confidential data, companies must begin to comprehend the actual implications of data security. Further, they must also realize why they are not immune and the crucial steps they need to take to address their specific data requirements. More importantly, organizations also need to comprehend that actions do not just appear in the form of a digital tool, but as a holistic shift and change in the mindset of the organization and its culture.
Given that the regulatory landscape has changed with the advent of GDPR, regulatory fatigue can also compel organizations into making rash decisions into document security investments without clearly understanding why they would need it. Organizations need to realise that it is not just their information that could be in peril, but data information of their customers, stakeholders, public, staff members, business partners, and vendors and every chink in the supply chain. This is why, from the view of the government, some decisions are now being taken away from organizations. Specific instructions conveyed by the updated National Cybersecurity Strategy and the National Cybersecurity Center are excellent additions to the data security landscape in the UK.
Today, complacency can no longer be held as an excuse. It is imperative to introduce an effective response and make organizational attitudes acceptable within the subject of data security. With digital buzzwords such as big data, artificial intelligence, cloud platforms, and so on, that are driving businesses these days, organizations thrust themselves into the unexplored and unmanaged territory for fear of missing out or falling behind. And even though these companies understand that data security is a concern, they fail to realize that injecting an enhanced digital culture across their company could actually solve all data-related issues in one breath.
To ensure that your company can stave off 70% of all targeted cyberattacks, here are the top four approaches you may want to consider:
- Patch and update your computing systems.
- Reinforce your organizational applications.
- Implement a robust document security solution such as digital rights management (DRM) that offers a ‘default-deny’ approach and only provides access to authorized parties with controls, while blocking everything else.
- Do not offer administrative rights on machines automatically nor to people arbitrarily.
For most companies, these four steps alone could help raise the bar in safeguarding their data. Still, everyone in the company must follow them jointly and regularly. Thereon, organizations must also conduct the following:
- Study their data security assessments
- Understand their protocols and policies
- Organize training for staff in ensuring ongoing communication between executives and decision-makers
- Invest in informed and tailored investments such as PDF DRM document solutions that can offer real-time protection to the latest data threats.
Doing so might just help thwart a cyberattack and prevent loss of valuable intellectual property.