According to a February report by IBM, the Internet-connected world is experiencing some 70 billion security breaches a day across over 130 countries. Locally, it’s costing the Australian economy up to AUD 1 billion annually in direct costs alone and in the last year Australia has risen from seventh to sixth place in the list of affected nations.
Worryingly, the use of previously stolen credentials is gaining ground as a preferred point-of-entry for hackers. In 2019, over 8.5 billion records were compromised — resulting in a 200% increase in exposed data. Despite introducing regulations like GDPR, only 28% of companies are ready to comply.
To face the growing set of regulations, CDOs need to ensure their businesses are compliant. Although this can be a costly process, it’s far more costly being caught out. As the workforce shifts to a work-from-home model because of the COVID-19 pandemic, many businesses are adjusting operations to support remote employees.
There has never been a more important time to implement a robust identity governance program to ensure we protect privacy rights.
A near-zero privacy world has brought greater risks to businesses. CISOs must now balance securing the business, without locking it down entirely and impacting the CDOs ability to collaborate, innovate and scale effectively.
In addition, the high demand for remote working has placed a strain on the existing office and telecoms infrastructure. Having an entire workforce working remotely is not only a test of a company’s server capability and its VPN bandwidth, but also drives time away from mitigating potential cyber security threats.
Organizations now demand expertise and oversight from every business unit to make sure that when a security incident strikes, an incident response plan is quickly actioned. Business leaders must be well-versed in security and compliance from the top-down — it’s not an either-or situation.
Compliance is now a top priority. Customers aware of their legal rights and breaches are front of mind with the Notifiable Data Breaches Report from the OAIC released quarterly. As a result, businesses need to prioritize protecting consumers’ and their employee’s personal data, or risk steep penalties. At the heart of these issues is identity and access – being able to understand and verify who has access to what data, applications and systems, and when and why the user gained access.
An intelligent approach to identity ensures businesses can continue to be secure, while still being flexible and agile to meet any business eventuality. Cyber-criminals never sleep, nor should your identity security management. CDOs must champion identity governance as a path to meeting security and compliance successfully.
Taking the next step
Where does this leave CDOs? The terms “security-centric” or “risk-centric” may sound stale, but organizations should ensure the security of their business is top priority. All business units must work together to ensure this remains a key focus.
Without security, your business is at risk — your people and the access they have to sensitive data is the number one target for hackers today. It only takes one breach of business or customer data to put the value of your company at risk.
CDOs should work to educate team members on how to protect their own digital identity and also on how to safeguard the proprietary information that makes up the business. We all need to be stewards of our own data, and more broadly, the company’s data (including customer data).
While a near zero-privacy world brings with it many challenges, one thing is for sure: It is absolutely clear that security, risk and compliance are no longer reserved for the IT department, but a key priority for every business leader today.
Terry Burgess, vice president for APAC at SailPoint wrote this article. The views and opinions expressed in this article are those of the author and do not necessarily reflect those of CDOTrends. Photo credit: iStockphoto/COMiCZ