by Darrell Jones, Head of Global Information Security, Herbalife
In recent years, we’ve seen more and more large corporations and entities become targets for cybersecurity attacks: Fedex, Amazon, Target, Netflix, and even several countries among countless others have been affected. Threat of cyberattack has led companies to make major changes in the way they store and protect their secure information and data.
Keeping migrated data safe with new platforms
Many companies are mainly focused on migrating sensitive data from existing security controls on their corporate networks over to newer solutions like Software as a Service (SaaS) and cloud-based services. With the new systems in place, security controls will live on both the new and old platforms seemingly creating redundancies, but really this process is essential to keeping sensitive data secure. The new technologies being deployed are only applicable to the new platforms, and while the old platforms will become obsolete one day, they are still integral to keeping networks secure.
The Domino Effect: changing data migration means changing everything else
Along with data migration tools, focus on tools for data management and data discovery has become paramount to the cybersecurity world. The more control and tools that are set in place, the more beneficial it is for companies looking to protect against any attacks or threats. Tools like network entrapment, a system that detects unusual activity by creating false targets, are available to large companies with the budget necessary to incorporate into their existing cybersecurity packages. Smaller companies will gain access as these new tools become more readily available, but that may be a few years away.
These changes to the way secure data is stored and moved don’t just affect the systems in place, they also affect the way data is manipulated. In the past, data was monitored differently: the data was monitored based on the system it came from. Now, data is monitored in terms of the individual who last affected the data. This new format allows those to see how data has been corrupted, pinpointing exactly who was at fault, saving time and energy. More efficiency processes and tools like this one need to be introduced across all aspects of cybersecurity.
Third parties can hurt more than help
Just as companies are stacking these tools, they have been stacking vendors by outsourcing much of their cybersecurity needs. These companies looking to outsource data management and security are running into a transparency problem. Third parties are utilizing other sources they didn’t know about. When a third party vendor seeks out a fourth party manager, the transparency of data flow and analytics becomes opaque. Since companies cannot afford to take risks when it comes to security, they need to find a way to give other parties access to their data without opening an opportunity for corruption.
What does this all come down to? Budget
As the need to protect data only becomes more vital, companies are being forced to rethink how to best secure customer information—usually this means increasing budgets to follow the latest cybersecurity measures. Historic tools like anti-virus will still play a role in securing data, but they may run into a situation where they become commoditized. Even with these cheaper tools as options, the newer, more necessary technologies are continually adding to companies’ overall budgets, making the once small security expense into a very significant cost.
Companies have no choice but to accept the higher cost of cybersecurity measures and endure the implementations of new technologies and platforms—they cannot risk having less security. It’s expected larger corporations will lead in making these changes and acquiring new services, but as networks and systems are threatened worldwide, hopefully these new security measures become widely available sooner rather than later.
Please note: This article contains the sole views and opinions of Darrell Jones and does not reflect the views or opinions of Guidepoint Global, LLC (“Guidepoint”). Guidepoint is not a registered investment adviser and cannot transact business as an investment adviser or give investment advice. The information provided in this article is not intended to constitute investment advice, nor is it intended as an offer or solicitation of an offer or a recommendation to buy, hold or sell any security.