It’s estimated that 90% of the entire world’s data was created in just the last two years – and that in the next two years, this amount will double, and double again every two years after that. The amount of data created in 2023 currently stands at somewhere in the region of 120 zettabytes; for scale, a zettabyte is made up of a trillion gigabytes.
But is it possible to put a value on the data your company has in its possession? Just take the Antiques Roadshow for example. Imagine if, instead of paintings or ornate pieces of pottery, people took their data to the podium for valuation.
If United Airlines brought its data to be valued, the crowd would likely gasp when the expert reveals it’s worth a whopping $20 billion. Yet, if the airline’s boardroom had a painting worth that amount hanging on its wall, it would surely be subject to huge levels of security and surveillance. So, why is it that, for so many organizations today, data doesn’t receive this same care and attention (when it is arguably one of their most valuable assets?)
Keeping data safe
Simply put, protecting data is imperative. Figures from September 2022 to September 2023 reveal that there were 2,390,000 cyberattacks in the UK, with the average cost of a data breach being £4.56 million.
There’s a reason why data is so sought-after. The kind of sensitive company data that appeals to hackers could be anything from statistical data and intellectual property to the private personal information (PPI) of customers and employees. Even health data can be stolen and used on the black market to extort or blackmail the person to whom it belongs.
Today, companies will store this data using either a cloud solution, on-premises (‘on-prem’), or a combination of both. This creates a variety of potential ‘access points’, or weak spots, that bad actors can exploit in order to gain access to company files.
It doesn’t stop there. One of the most favored methods used by hackers today is still email. Links and attachments containing malware infect a computer with a virus which either goes looking for your sensitive data, or spies on you while you use your computer, noting exactly what you do when you go about your daily duties.
Pair this with the onslaught of even more sophisticated, ‘fileless’ attacks, and we can really see how urgent data protection has become. In fact, a lot of the cyber-attacks we’re seeing today are automated, fileless attacks. Malicious software is used to hi-jack a device’s pre-existing applications, without having to plant files on the device that leave a footprint.
This lack of footprint (or ‘signature’) makes it hard for most antivirus software to detect a threat, and hackers have become well aware of this. So, it’s therefore vital to understand not just the importance of data in the daily running of your business, but how you can best keep it safe.
Be prepared
There are a number of practical first steps to take to keep your data safe, such as regularly backing it up, implementing strong passwords and multi-factor authentication to restrict access, and, of course, using robust antivirus and malware software.
Having these basic security ‘hygiene measures’ in place can act as a first line of defense against the ever-growing risk of a cyber attack. Otherwise, leaving your systems totally unprotected, without even the most basic aspects of security, is the technological equivalent of leaving the physical door to a house full of precious antiques.
Additionally, for the more sophisticated hackers, the advent of Endpoint Threat Detection and Response (EDR) has been able to provide solid protection to businesses. Simply put, EDR uses behavioral analysis to monitor your data and what you normally carry out on your device, and can therefore detect when there are abnormalities in your daily activities. If an EDR system detects a fileless attack on your business, it can give your IT team the heads up in order for them to form a response and resolve the issue.
A trusted cyber security partner can provide essential support, too, encrypting confidential data and ensuring it is only viewable by authorized people. They can also work closely alongside your staff to educate them on suspicious activity, and ensure your tools and software are updated and that any patches to mitigate recently discovered vulnerabilities are applied.
Financial repercussions aside, your reputation as a company is important to protect. Customers will want to feel that their data is safe and if your business cuts corners on cyber security, they won’t hesitate to switch to a competitor at the first stumble.
I would advise all businesses today, in possession of invaluable data, to treat it just as they would a precious antique. Put the basic security measures in place, adopt advanced EDR protection as part of your cyber-safety ecosystem, and always be on the lookout for new ways to safeguard your systems.