Protegrity Blog

End-of-Year Budget Season Puts Focus on 2018 Data Security Plans

Author : Michael Maloney

Data Security DigestIt’s the end-of-year budgeting season, and organizations are confronting the same data security questions that vex them every year: how to fight an enemy that constantly changes its tactics. In the CSO article, “Fine-Tune Your Cybersecurity Budget for the Changing Threat Landscape,” journalist Paul Gillin explains how doubling down on training, threat detection analytics, response and perimeter defenses may be the wisest options.

While the tried and true may receive the most budget allocations, it’s also a good idea explore the latest innovations to stay ahead of the changing threat landscape. For example, Forrester analysts believe that automated security intelligence and contextual privacy are two of the top 10 technology trends to watch in 2018, according to this article by David Weldon in Health Data Management. “The era of manual risk and security management is ending,” according to the Forrester analysts. “Security and risk pros are starting to embrace [automated security intelligence] to speed detection and response.”

Growing customer concerns about privacy are making them think twice about using digital tools from risky companies. According to the Forrester analysts, organizations are driving competitive differentiation and business growth by “proactively addressing customer data management and security technologies that enable contextual privacy, a business practice in which the collection and use of personal data is consensual, within a mutually agreed-upon context, for a mutually agreed-upon purpose. Understanding that no firm owns consumer data and that we merely have the right to use it fuels data-centric security approaches.”

While every organization needs to implement a unique combination of data security technologies and strategies specific to their needs, there’s one challenge that no firm can avoid in 2018, especially if they do business in Europe. By May 25, 2018, all companies must be able to show compliance with GDPR, a regulation that requires businesses to protect the personal data and privacy of EU citizens for transactions that occur within EU member states.

In “General Data Protection Regulation (GDPR) requirements, deadlines and facts” CSO’s Michael Nadeau has compiled a great resource of information every business needs to know about the GDPR, along with advice for meeting its requirements. Many of the requirements do not relate directly to data security, but the processes and system changes needed to be in compliance could affect existing security systems and protocols, as well as 2018 budgets.

How do you plan to step up your data security game in 2018? We would love to hear from you. In the meantime, here’s a roundup of other top data security stories making headlines or providing insights for the week ending November 10, 2017:

  • “Cyber Threat, Not Credit, is What Keeps Today’s Bank CEOs Up at Night,” by Kristin Broughton in American Banker. For years, bank executives presumed that the biggest risk facing the industry was bad credit. But that axiom is changing, as cybercriminals become more sophisticated and data security becomes more essential. Now, cybersecurity “is closely approaching” the credit cycle as bank leaders’ top worry, U.S. Bancorp CEO Andy Cecere says.
  • “Will GDPR Usher in Big Changes for Healthcare Security?” by Joan Goodchild in GovInfoSecurity. Healthcare organizations have focused on HIPAA compliance when crafting security and privacy policies. But now those that handle the data of European citizens will also have to comply with the European Union’s General Data Protection Regulation, which will be enforced beginning next May. And that could be a game changer for healthcare, says Mitchell Parker, executive director of information security and compliance at Indiana University Health.
  • “AWS Launches New S3 Encryption and Security Features,” by Stephanie Condon of ZDNet. Amazon Web Services on Tuesday rolled out a series of new security and encryption features to its S3 cloud storage service. The features are available now for no additional charge and include encryption by default, permission checks, cross-region replication ACL overwrite, cross-region replication with key management service (KMS), and detailed inventory report. They follow the rollout of Macie, a data security service that uses machine learning to protect S3 content.
  • “Dealing with a Shortage of Information Security and IT Skill Sets,” by John Petrie in CSO. Some experts predict there will be a global shortage of two million cybersecurity professionals by 2019. Planning, collaboration, and a proactive approach that involves all enterprise entities should be involved in your strategy to secure your enterprise and mitigate the cybersecurity shortage issue.
  • “Data Breach Record Exposure Up 305% from 2016,” by Kelly Sheridan in DARK Reading. There have been 3,833 publicly disclosed data breaches in the first nine months of 2017, exposing more than seven billion records. Compared to the first nine months of 2016, the number of reported breaches in 2017 is up 18.2%; the number of exposed records up 305%.
  • “CISOs Urged to Hack Their Own Networks to Find Security Weaknesses,” by Pedro Hernandez in eWeek. Security researcher Brian Krebs suggested that enterprises assume they have already been compromised and let that mindset guide their IT strategies. As it turns out, companies with a good track record of keeping a tight lid on sensitive information explore a world beyond periodic penetration testing and routinely hack themselves.
  • “Consumer Attitudes on Data Security,” by Brad Russell in Dealerscope. While consumer concerns are sometimes overridden by an even stronger penchant for technology or convenience, the level of a consumer’s security concern has a strong logical connection to purchasing behavior. Addressing security concerns becomes as important as addressing ease-of-use, finding the right value proposition, and identifying the best price point.
  • “Knowledge of cyber should be requirement to join board of directors,” by Bradley Barth in SC Magazine. A CISO carries many weighty responsibilities, but teaching cybersecurity to a company’s board of directors to secure their buy-in should not be one of them. In fact, the former AT&T CISO and CSO Edward Amoroso believes that a basic understanding of cybersecurity should be a mandatory prerequisite to being named to a board of directors.

What was your favorite data security story this week?

Michael Maloney is the Director of Analyst & Public Relations at Protegrity, a provider of enterprise data-centric security solutions.

Download our Latest GDPR Whitepapers


Subscribe Now