Focus on Data Protection, Not Specific Threats
Businesses are more focused on point products than data protection strategies, explains David Gibson, VP of strategy and market development at Varonis. Many of these products are designed to mitigate specific threats and leave organizations open to vulnerabilities.
"We've seen a reactive approach to security has led to a lot of expense, but not a lot of success, in terms of improving the overall security posture of the organization," he says. These products can cost a lot of money while giving a false sense of security.
At a time when we need to protect data and treat it as an asset, businesses aren't asking questions like "What data do I really need to protect the most?" and "How can I spot threats to sensitive data?" Potential threats include insiders who have privileged access but can abuse their power, or employees who have their accounts compromised by external attackers.
Businesses are paying more attention to data security, Gibson says, but more can be done. "Boards are getting questions from auditors about their data security strategies," he explains. "The people you do business with are asking to approve whether the data you store about them is being protected."
Heidi Shey, senior analyst for security and risk at Forrester, echoes the importance of developing a data security strategy.
"Without that in place, it's hard to know here you really need to most help; where you should be putting time and effort," she says. "If you can articulate what the strategy is and why this is the approach you're taking, it's easier to highlight what needs to be done next and justify the investments you're looking to make."
(Image: wk1003mike via Shutterstock)