Gartner defines digital risk management as “the integrated management of risks associated with digital business components, such as cloud, mobile, social, big data, third-party technology providers, OT and the IoT.” And, as we’ve all seen, the failure to manage digital risks can have a negative impact on the reputation, operations and market value of affected enterprises. Some smaller companies have even gone out of business as the result of a data breach.1
The Threat Level Is Rising
According to the 2018 Thales Data Threat Report:
… Rates of successful breaches have reached an all-time high for both mid-sized and enterprise class organizations, with more than two-thirds (67%) of global organizations and nearly three fourths (71%) in the U.S. having been breached at some point in the past. Further, nearly half (46%) of U.S. respondents reported a breach just in the previous 12 months, nearly double the 24% response from last year, while over one-third (36%) of global respondents suffered a similar fate.
The report goes on to note:
In addition to the massive Equifax breach that exposed personal information of 143 million individuals, other noted breaches last year included the education platform Edmodo (77 million records hacked); Verizon (14 million subscribers possibly hacked); and America’s JobLink (nearly 5 million records compromised).
Since the report was released, “A security breach in India has left a billion people at risk of identity theft,”2 Under Armour was breached affecting 150 million user accounts, Orbitz discovered a data breach potentially affecting 880,000 customers3, and “the U.S. Justice Department indicted 9 Iranian hackers in a massive, state-sponsored cyberattack targeting universities, private companies, and government agencies. This hacking ring stole $3.4 billion worth of academic research by performing a phishing scam on university professors.”4
These are only the most notable breaches. We hear about those in which personally identifiable information (PII) is stolen, because of reporting regulations, and we hear of disruption of service attacks, because they affect so many of us, but we may not hear about:
- Financial transaction attacks
- Ransomware
- Theft of information on markets and mergers and acquisitions
- Theft of intellectual property and research and development
- National intelligence gathering
All of these attacks can have serious consequences for your organization, and the trend is clear: Cybersecurity threats will continue to increase, and CIOs should expect these threats to affect their organizations.
As Technology Evolves New Vulnerabilities Arise
While the threat level has risen, IT, operational technology (OT) and Internet of Things (IoT) have continued to converge. According to TechTarget:
The integration of automation, communications and networking in industrial environments is an integral part of the growing Internet of Things (IoT). IT/OT convergence enables more direct control and more complete monitoring, with easier analysis of data from these complex systems from anywhere in the world.5
Unfortunately, many OT systems were never designed for remote accessibility, so this convergence leaves enterprises open to industrial espionage and sabotage.6 Now, more than ever in the past, we need to authenticate devices that communicate with devices and ensure their communications channels are secure.
Regulations
Meanwhile, regulations proliferate and have become increasingly rigorous. The EU’s General Data Protection Regulation (GDPR) is the most recent example. Having gone into effect May 25th, GDPR is the most progressive regulation we have yet seen with regards to protecting PII. And, while it pertains only to the data of those living in the EU, it pertains no matter where that data is held. So, while not a worldwide regulation, it comes close. In addition, it threatens organizations that do not comply with fines of up to four percent of annual turnover, or revenue. Consider the impact that fine would have on your organization.
Best Practices for Digital Risk Management
Every data privacy regulation we’ve seen calls for a similar set of best practices. These include:
- User access control
- Encryption of data at rest and in motion
- Secure cryptographic key management, including the use of hardware security modules (HSMs)
- Security event logging to identify breaches in progress
Entrust has products and services that can help you with all of these tasks critical to reducing your digital risk.
Securing Your Digital Transformation
Entrust solutions can help organization manage this digital risk by making data safe in any environment while maintaining business agility. Our data security platform provides encryption, advanced key management, tokenization, digital signing and HSM solutions that protect data in any environment and scale easily to new requirements while reducing complexity.
Enterprises in finance, government, manufacturing and technology use the data security foundation Entrust provides for digital transformation security of their organizations.
Interested in learning more? Please visit any of the links above, leave a comment below, or tweet me @vikramesh
1https://prooncall.com/3-companies-went-business-due-security-breach/
3https://www.identityforce.com/blog/recent-data-breaches-march-2018
4Ibid
5https://searchitoperations.techtarget.com/definition/IT-OT-convergence
6Ibid