Organizations everywhere, across all industries, already know how important data security is from a defensive, risk mitigation point of view. The average cost of a data breach can run into the millions – and even worse, a majority of consumers have said that they would stop engaging with a brand after a breach. Clearly, defending against these kinds of potentially catastrophic risks is vital.
But there are also sometimes-overlooked ways to turn this defensive strategy into a proactive business growth opportunity. Your data protection programs, and the budget you’re putting toward them, can play a role in your organization’s growth efforts in a variety of ways, including…
When we think about organizations and the risks of mergers and acquisitions (M&A), there are various types of enterprise risk that have always been considered: strategic risks, credit risks, operational risks, risks to the market, etc.
Data risk mitigation is now an evolving and important part of that list, and it’s one that many organizations are just learning how to manage. Organizations that fail to adequately prepare for it are building an enormous blind spot into their business strategy. Keep in mind that some companies have literally tens of thousands of databases, and inherited data risks can be potentially disastrous.
When organizations are looking at these scenarios and searching for solutions, automated cybersecurity tools can help with assessments. Tools that the company that is being acquired already has in place also might help, since they can quickly help you understand the data that you’re inheriting and help you quantify, prioritize and learn how to mitigate your risks.
CISOs are a lot more focused now on aligning with their boards, especially when it comes to M&A and other growth opportunities. In the past, CISOs often found themselves playing the roles of a traffic cop – putting up the stop sign to potential avenues of growth due to cybersecurity risks.
Now, however, the right cybersecurity tools help CISOs find solutions for how things can be done, rather than just advising against them. They can proactively put protections in place and do so much quicker than ever before, thanks to technology like SOAR, database scanners, and proactive threat hunting.
Something for organizations to consider, especially during M&A activities, is that the sooner a CISO is involved, the better. There is an unfortunate tendency to bring CISOs in at the tail end of discovery processes, and that can sometimes lead to missed opportunities or delays that could otherwise be avoided.
We live in a world where cybersecurity is increasingly moving from a purely business consideration into a basic human concern… meaning it’s something that your customers, whether they are business customers or consumers, are aware of and worried about.
Some of the biggest consumer-facing brands, like Apple, are now actively advertising their data security practices as unique selling propositions. Enormous potential markets, like federal contracting, now require compliance with data and cybersecurity mandates just to participate in the bidding process. And new and emerging technologies, like deepfake videos, artificial intelligence (AI) and machine learning – combined with increasingly large data breaches that generate more and more media coverage – are only increasing public awareness and concern.
So, what are the steps that an organization can take to use their data security as a competitive advantage? It all starts with knowing where your data is, who has access to it, and what procedures need be put in place to protect your most valuable data. Some of your data should be treated like your “crown jewels” – and knowing how to mitigate the risks involved with is the first proactive measure an organization should take.
In particular, misconfiguration issues when moving data into the cloud should be of particular concern to many organizations. While cloud services do often provide good security features, knowing how to set them up correctly is a common pitfall – along with understanding that the liability for providing security still falls upon the owner of the data.
A Database Risk Assessment (DRA) discovers database platforms within your infrastructure and then assesses their risk exposure. During a Database Risk Assessment, a Trustwave consultant performs testing in three phases:
1. Identify discoverable database instances within a defined IP range or domain in your infrastructure.
2. A vulnerability assessment scan provides actionable information on vulnerabilities which may cause your databases to be vulnerable to attack, lead to compliance issues, or information security policy.
3. Conduct a User Entitlement Review to identify who has access to the data and how rights were obtained.