Data Privacy, Information Management, and Security - The New Normal

Data privacy is taking the world by storm

Data privacy is taking the world by storm. Starting with the EU’s formalization of the General Data Protection Regulation (GDPR) in 2016, its enactment in 2018, and a flurry of enforcement activity that started in early 2019, the issue of consumer data privacy is ushering in a new normal for how organisations store and handle sensitive information.

While information security proves to be increasingly challenging for a variety of reasons. A considerable skills gap in IT security teams, lagging resources to support the chief information security officer (CISO) in keeping pace with increasingly sophisticated threat actors, and growing difficulties in containing insider threats are common issues.

Regulators are laying the groundwork to conduct aggressive enforcement of data protection laws and the new requirements under them. The GDPR compliance enforcement actions to date indicate that regulators are proactively monitoring organisations’ security and privacy posture and may take enforcement action even in the absence of a security breach or incident.

Security professionals should expect regulators to have decreasing sympathy for organizations that fail to put the right processes in place.

Some of the biggest data breaches in recent years were caused by either negligent or malicious behaviour of company insiders. The insider threat is a person with access to internal systems or information who intentionally or unintentionally uses that access to cause harm.

Cybersecurity Insiders found that 90% of organisations surveyed said they feel vulnerable to insider attacks, and 53% confirmed their organisation had fallen victim to an insider attack against their organization in the last 12 months. A survey of cybersecurity professionals found that 42% said insider attacks or breaches are the most damaging type of threat to the organisation.

Some businesses simply have higher risk due to the nature of their work. Examples include construction businesses, entertainment venues, industries that deal with vulnerable persons (such as aged care), and any other business that may attract adverse behaviour from those with opposing ideologies - such as RSL clubs, places of worship and sporting organisations.

Barringtons security risk management and assessment team has decades of experience working with clients of all shapes and sizes across a broad range of industries. Their arsenal of Risk Assessment Management Services includes Cyber Security Risk Assessments and Cyber Penetration Testing and they are able to provide a quick turnaround on any enquires and develop valuable solutions in addition to reporting on any weaknesses in an organisation.

For more information on how Barringtons can help you please click here.

Source: https://www.asisonline.org/security-management-magazine/latest-news/online-exclusives/2019/data-privacy-information-management-and-security-adjusting-to-a-new-normal/