Cybersecurity has quickly emerged from a technical task to a problem that keeps executives up at night.
Why is that? Consumers expect to interact with businesses through a multitude of channels. Organizations do not only need to offer more and more online services, but also want to collect behavioral data about how users navigate, what are their shopping preferences etc. To do so comprehensively, organizations depend on vendors to provide the necessary technology.
Given the usual push for functionality while security is an afterthought, it is only a matter of time until vulnerabilities of such an ecosystem are exposed and exploited. May this be inadvertently caused by employees or vendors, may this be intentionally pursued by bad guys outside.
Remote working has only exacerbated the risk as employees now work in environments that – from a security perspective – are even less under control of the organization. Employees working from home may copy data about consumers or fellow employees to their computer or to their personal cloud (which may not be secured at all) or fall prey to a phishing email that they deem to be authentic and inadvertently disclose their credentials.
This been said, I want to emphasize that Cybersecurity is not a mere technical issue, but requires a culture where the organization, its employees as well as its suppliers collaborate in lock-step and follow the same charter of data protection.
Furthermore, I’d like to point out that whenever we talk security, we need to accept that higher security comes with a price, and perfect security is not possible. So it becomes critical for any organization to define its risk appetite and its level of risk tolerance. Therefore, data protection issues in general and cybersecurity issues in particular can only be tackled in a risk-based approach.
If you like to hear more about this approach, please join the upcoming non-technical webinar “Quantifying And Managing Cloud Risk For Consumer & Employee Data” on December 9, 2020 at 11 am EST. Being one of the panelists, I will take on a compliance perspective for protecting personal information in the Cloud. You are welcome to register here.
No comments:
Post a Comment