The complex and distributed IT ecosystem that empowers this data-driven landscape opens up data visibility gaps that can lead to serious data breaches of your most sensitive data.
This article overviews some of the main data visibility gaps businesses face, the escalating risks of data breaches that arise from these gaps, and how to plug data visibility gaps for improved governance, reduced security risks, and better compliance with relevant regulations.
The Evolving Threat Landscape and Data Breaches
Threat actors also understand the value of business data, and data exfiltration is a significant risk faced by organizations of all sizes. Using increasingly sophisticated attack methods, intruders can stealthily infiltrate a network and often go undetected for months at a time while they breach sensitive data. Malicious parties who get their hands on your data can sell it for a profit or threaten to post it online unless you pay a hefty ransom.
Gartner predicted cybersecurity spending to top $150 billion in 2021, which represents a 12.4 percent growth rate. Despite all this spending, data breaches continue to plague organizations. The first half of 2021 saw over 18.8 billion records exposed at businesses of all sizes.
The Complexity of the Expanding IT Environment
You need to be able to know where all your important data is, who can access it, and why users need that access in order to best protect your data. However, the complexity of the modern IT environment reduces data visibility, which in turn, increases data breach risks. Digital transformation strategies transform IT environments into a distributed ecosystem with hybrid on-premise and cloud resources, leading to the following causes of data visibility gaps:
Data Proliferation
Data sources and users continue to expand at a pace that organizations struggle to keep up with. Businesses collect data from an increasing number of customer-facing, internal, and third-party touchpoints. Roles and responsibilities change dynamically as employees work on different projects and third-party contractors and business partners request access, which makes it difficult to track which users can access particular data.
Data Fragmentation
Data is fragmented across different applications, systems, and multiple cloud environments, which creates information silos and makes it difficult to get an accurate inventory of your data. This mass data fragmentation creates headaches for effective policy enforcement and risk management.
Remote Work Trends
Users are increasingly accessing data from devices outside of the network perimeter, which can make it harder to track visibility into who is using data and what those users are doing. The remote work trend instigated by the pandemic looks set to continue—over 80% of company leaders plan to permit remote work after the pandemic ends.
The Escalating Risks of Data Breaches
Without full visibility into data sources and users in a dynamic and expanding IT environment, it’s difficult to consistently enforce data governance policies or comply with regulations. Moreover, the risk of data breaches significantly rises without comprehensive data visibility. Data breaches are so serious because they have a wide range of consequences that directly impact the bottom line of affected companies.
Financial
- IBM’s most recent Cost of a Data Breach Report estimated the average data breach cost stands at $4.24 million, which is the highest figure in the 17-year history of this specific report.
- Data breaches can be so severe that they result in bankruptcy due to a combination of litigation fees, compensation payments, breach notification costs, and legislative penalties.
Compliance
- Fines under HIPAA, which protects the privacy of sensitive patient health information, range from $100 to $50,000 per violation.
- Many local, state, regional, and industry level regulations mandate a formal breach notification procedure that must be conducted within a narrow window of time in response to a breach.
Reputation Loss
- Almost one in four Americans stop doing business with companies that have been hacked, and more than two in three people trust a company less after a data breach.
- Share prices fall 7.27% on average in the wake of a publicly disclosed data breach, which indicates that investor confidence in companies weakens when they hear about a data breach.
Real-World Data Breach Examples
AMCA 2018-2019
American Medical Collection Agency (AMCA) specialized in small balance medical debt collection for healthcare companies. The company suffered a data breach in 2018 that exposed sensitive healthcare records belonging to over 21 million patients. The impacts of this breach were as follows:
- Direct mail costs for notifying impacted parties reached $3.8 million.
- In June 2019, AMCA filed for bankruptcy due to data breach remediation and notification costs.
- In 2021, AMCA’s parent company reached a multistate settlement with over 40 attorneys general over the incident.
EasyJet 2020
British budget airliner EasyJet suffered a serious data breach after a 2020 cyber attack that resulted in the compromise of over 9 million customers’ personal data. The breached data included credit and debit card information. The consequences of this breach included:
- An £18 billion class-action lawsuit on behalf of affected customers with proposed compensation of up to £2,000 per person.
- An investigation by the UK’s Information Commissioners Office (ICO) to determine whether EasyJet had “appropriate technical and organizational measures to ensure a level of security appropriate to the risks.”
- An investigation under GDPR to see whether the company had appropriate controls in place that demonstrated compliance with the data protection regulation.
Solving the Visibility Gaps
If you can’t answer the following questions, you need to gain more visibility over your organization’s data:
- What are all your data sources and in which type of environment does the data reside?
- What systems and applications access, process, transform, and cleanse your data (e.g. ETL), and are they compliant with regulations?
- Who has access to different data sources and what can they do with access?
- What are the patterns of data accesses?
- What is your most sensitive data for which a data breach poses a significant threat to your bottom line and where is that data?
- Are the tools and controls in place working as configured and/or expected?
To solve the data visibility gaps in today’s distributed IT environment, your organization needs a holistic, comprehensive view into not only who is accessing data but how and why. The characteristics of a 360-degree view into your data must entail:
- The ability to track data access and detect anomalies for all data sources and users in your environment.
- Comprehensive data security mapping that tracks the flow of data to, through, and from your IT environment and classifies data based on security risks.
- Consistent policy-based data protection and monitoring.
Conclusion
Effective data governance, compliance, and security for your business starts with closing the visibility gaps that exist in modern IT environments. Current processes and solutions don’t provide enough visibility to reduce the risks of data breaches, which can lead to devastating business outcomes.
DruvStar DataVisionTM provides a 360-degree, comprehensive data security map that closes your visibility gaps into data sources and data access — enabling you to implement data governance and providing you the context you need for protecting your data. Get the data visibility you need today.