The compliance landscape has been undergoing rapid changes throughout 2015, particularly in the US at the State level. While Federal legislation is still pending (and controversial), and International legislation such as the EU General Data Protection Regulation will impose drastic changes on many global organizations, the continued rapid pace of change in the US means that organizations must constantly stay on top of an ever-changing set of requirements.
Absolute Software recently attended the Gartner Security Risk Management Summit held in Washington, DC. As you can expect, risk management & compliance and security in the digital age were hot topics of discussion this year. While there, Absolute Software’s Ali Solehdin, a senior product manager here, talked with the Information Security Media Group for Data Breach Today about our role in helping organizations secure data and prove compliance.
When it comes to data, IT is tasked with the ever-increasing demands of users to do more, wherever and whenever they want, on any device. The demand to meet the needs of end-users has to be balanced with the need to protect data, and in this IT is often left with a difficult balancing act. Restrict data too much and employees will find a way to circumvent the rules. Give too much freedom and data remains unprotected.
A common nightmare scenario for security leaders today is having a laptop, tablet, or smartphone – loaded with sensitive information – go missing. When devices are lost or stolen and personal data is breached, organizations face increasing obligations to disclose incidents to the affected individuals and/or government agencies. The increased number of data breaches have driven many updates to data legislation this year alone, with more on the horizon. These rules, while also protecting the consumer, place strict requirements on organizations to to be prepared for and to respond to any type of incident. Given the changing legislative environment globally, this can be confusing for organizations.
2015 has oft been cited as the “Year of the Healthcare Data Breach,” and sure enough the data for the year has been supporting this. The average cost of a data breach is highest in healthcare than in any other industry, up now to $5.9 million per breach. With healthcare data breaches on the rise, being more targeted now than at any other time, and with the cost per breach rising, healthcare is being set a stiff challenge to protect sensitive data. Compounding this challenge is the fact that healthcare organizations face more “risky” scenarios than ever before.
Information security, data security, device security – related terms that describe securing critical components of enterprise IT, all required to protect the financial viability and reputation of your organization. If a device or data falls into the wrong hands, the consequences can be catastrophic – lost sales revenue, executive job losses, and in some cases, financial bankruptcy.
There was a 49% increase in data breaches in 2014, with more than a billion records stolen or compromised. In the financial sector, data breaches increased substantially, affecting 1.1 million records in 2014. These incidents have brought the spotlight to data regulations, with many regulatory bodies stepping up with new enforcements, and new laws such as the EU General Data Protection Regulation (GDPR) on the horizon. These regulations require a major upheaval for organizations, which is challenging given the increased public scrutiny the financial sector is currently facing.
In 2014, more than 1,500 data breaches led to over one billion data records compromised worldwide, a 49% increase in data breaches and a 78% increase in data records breached. There is no question that cybercrime is at the root of this increase, with cybercriminals now highly motivated by this very lucrative business of stealing and selling data. The problem is that focusing on the driver, “cybercrime,” gives an incorrect assumption of the root cause of data breaches. Employee mistakes and negligence are still often the root cause of data breaches.