We’ve reached an interesting point in time in security, where the redundancy and frequency of data breaches is matched only by the redundancy and frequency of the acknowledgement and acceptance of said incidents. “It’s not about if, it’s about when” has become the industry’s go-to slug line. It begs the question - what else is there?
The breach du jour is currently Ticketmaster, which boasts a customer base of 550 million people, a portion of which have their data popping up for sale on the Dark Web thanks to an unsecure third-party cloud service. Along with AT&T, Change Healthcare, and the endless list of other blockbuster breaches, this Ticketmaster news is just another drop in the bucket. Simply put, we are desensitized. The vast majority of businesses are myopically playing defense by investing huge sums on perimeter-centric security controls to prevent bad guys on the outside from stealing our sensitive data on the inside. It’s not working.
Doing the same thing over and over again and expecting a different result is the definition of insanity. It’s time to think about things differently and shift security controls away from the perimeter, and closer to the data itself. It’s time to augment our defensive game plan with some offensive punch.
When I say offense, I’m not referring to ethical hacking or penetration testing. I’m talking about having agency over sensitive data shared with others — an everyday function that is fundamental to driving shareholder value and business success. I’m talking about activating the value of data by being intentional with granular policy controls so you and your employees can easily share information every single day via email, file and application workflows — without sacrificing security or privacy.
To be clear, I’m not suggesting that organizations shouldn’t invest in traditional, perimeter-centric tools. Indeed, defensive cyber controls are to home insurance, as offensive cyber controls are to car insurance. It is a no-brainer to protect your house and the valuables inside. But, it’s also wise to protect your assets whenever you venture away from home.
Protecting data stored inside your business from external threats cannot be the sole focus of a robust security strategy. You’ve got to blend some offense with defense — and protect the sensitive information that you intentionally share with others.
It's a delicate balance, but one that's absolutely essential in this era of zero trust security.
/headshot2.jpeg)
