Responsibility in an organization when data leakage happens: Who bears the accountability?
In today's digital age, the importance of data security cannot be overstated. An accidental email to the wrong person can have severe ramifications, as highlighted by recent incidents such as TalkTalk and Sony's data breaches. These incidents underscore the need for businesses to prioritise information responsibility and protect the value of the information they hold.
According to Charlotte Marshall, managing director of Iron Mountain UK, Ireland, and Norway, data breaches can have a negative impact on a business's reputation, trust, and financial performance. They put businesses' reputations, consumer trust, and bottom line at risk.
Employees handle valuable and confidential information daily, and a data breach could have significant repercussions for the business. Over half of IT and IT security professionals have experienced a security breach in the last 24 months, and most cyber attacks are predictable and not always caused by outside threats. Employees handling corporate information regularly may not always treat it with the required care and attention, leading to preventable data breaches.
Human error is a significant factor in over 95% of security incidents, according to the IBM security services 2014 cyber security intelligence index report. This emphasises the need for a change in business-wide behaviour to reduce the risk of error.
Iron Mountain UK, Ireland, and Norway suggest that rethinking cybersecurity and avoiding data breaches requires embracing secure-by-design architectures, selective modernization of IT infrastructure, and compliance simplification to reduce complexity and overhead. Specifically, they highlight leveraging tools like Assured Workloads for streamlined global regulatory compliance, which helps manage multinational data protection requirements and reduces risks associated with legacy systems.
In addition to Iron Mountain's guidance, other expert recommendations for building resilient, adaptable cybersecurity defenses include modernising infrastructure selectively, prioritising high-risk, high-value workloads to maintain business continuity while improving security. Adopting cloud-native, secure-by-design systems that enable compliance by default and support emerging needs like AI workloads is also crucial.
Implementing immutable, off-site backups and endpoint detection and response (EDR) solutions to counter advanced ransomware threats is another important strategy. Designing hybrid infrastructure setups to control where and how data is stored and processed, adapting to evolving privacy regulations, and continuously monitoring IT environments rather than relying on point-in-time security assessments using automation to reduce exploitable vulnerabilities are also key strategies.
The goal is to ensure the business isn't involved in a data breach that makes headlines. By following these strategies, businesses can take proactive steps towards securing their data and maintaining their reputation, trust, and financial performance.
- In the corporate world, where technology is abundant and data handling is routine, the majority of cybersecurity incidents are traced back to human error, a factor that contributes to over 95% of security incidents, as reported by the IBM security services 2014 cybersecurity intelligence index.
- To strengthen cybersecurity and prevent data breaches, businesses can implement strategic changes, such as embracing secure-by-design architectures, selectively modernizing IT infrastructure, and simplifying compliance to reduce complexity, as suggested by Iron Mountain UK, Ireland, and Norway.
