Data. It has become the true currency that nations, businesses and now consumers depend on daily. After all, this is not new. Information is power and always has been. Timely and accurate information has been sought and attained by nations to become powerful both economically and militarily, and by businesses to profit and succeed. Historically, only those with the means could effectively collect, analyze and utilize data for their benefit due in large part to its scarcity.
Today, because the globalization of the Internet and the explosive digitization of personal, commercial and government data, the paradigm has shifted. The democratization of information has now elevated consumers to the level of businesses and nations as data owners, creators and true data consumers. We as consumers now have access to billions of records to help manage our personal, financial and leisure activities. According to IDC, 90 percent of the world’s data was created in the last two years and by 2020 the amount of digital information in existence will grow from 3.2 zettabytes to 40 zettabytes.
Businesses and organizations are only now beginning to understand how to collect, analyze and monetize their data. Unfortunately, the windfall realized by cyber threat actors will counter the potential benefits realized by all. The sad truth is that cybercriminals metastasizing in the Russian-speaking criminal underground have been monetizing stolen data for more than 15 years with lethal efficiency.
In this data deluge, confidentiality, integrity and availability of corporate data will continue to be the primary challenge that Chief Information Security Officers (CISOs) face. However, in the future the biggest hurdle will be the mapping and protection of “consumerized” data. Regulatory and litigation risks will also grow exponentially for multinationals, as highlighted by the stringent requirements set forth by European Union (EU) Data Protection Directive and exacerbated recently with the European Court of Justice (CJEU) invalidating the US-EU Safe Harbor framework.
In the growing face of these obstacles, we recently predicted that enterprises will be forced to adapt to create a Data Protection Officer or elevate CISOs to the appropriate level commiserate with the responsibility. The risks are too great to keep DPOs/CISOs handcuffed with limited budgets, resources and access. To be successful, they will need the ability and flexibility to create mature cybersecurity strategies and programs that can effectively mitigate threats and vulnerabilities posed by today’s advanced threat actors.
Please add your thoughts in the comments below or follow me on Twitter; @Ed_E_Cabrera.