Many businesses cannot keep up with the plethora of sensitive data that’s being created and shared by their organization, and as a result they may face increasingly stiffer fines as new regulations and laws are passed to protect that data.
That’s according to John Wethington, VP of Americas for Ground Labs, a security company focused on helping organizations monitor their data.
“Simply put, there’s so much data being generated every single day that these organizations — they literally lose track of it,” said Wethington on SurfWatch Labs latest Cyber Chat podcast.
“The data is constantly being moved and shifted around. It’s being put in a variety of different formats, stored in a variety of different locations,” he said. “I think the average individual doesn’t see behind the scenes and understand all the hands that touch their data for a variety of different reasons.”
Do You Know Where Your Data Is?
That lack of insight is leading to data breaches caused by both mistakes within the organization as well as external actors such as cybercriminals and hacktivists.
Although data storage and data use has shifted over the past few years — more cloud services, more sharing, more tools to extract and analyze information — cybersecurity has often lagged behind that shifting approach.
If an organization isn’t closely monitoring that sensitive information, they may be in for a rude awakening, Wethington said.
“Much like a child, you have to constantly keep an eye on them otherwise they’re going to wander off somewhere you’re not going to expect, and the same thing with the data. It’s going to wander off somewhere, you’re not going to expect it to be there, and then you’re going to find yourself in trouble.”
Evolving Regulatory Landscape
That lost data may lead to larger fines and penalties as new regulations such as the EU’s General Data Protection Regulation (GDPR) come into effect and organizations have to deal with issues such as the right to be forgotten.
The GDPR, which goes into full effect in May 2018, comes with a considerable increase in potential monetary fines for those that don’t keep personal information protected: up to 4% of firms’ total worldwide annual turnover.
The global regulatory environment is “rapidly changing” as governments try to create different ways to compel organizations to maintain data security, Wethington said. As a result, organizations are trying to understand what new regulations such as GDPR will mean for them.
He added, “It’s going to be an interesting couple of years ahead of us.”
Listen to the full conversation with Ground Labs John Wethington below:
About the Podcast
Throughout 2016 we’ve seen numerous data breaches related to businesses being unable to properly monitor and protect their data. As Ground Labs VP of Americas John Wethington put it, organizations simply cannot keep track of the growing amount of data they have. However, new regulations such as the EU’s General Data Protection Regulation come with stiff penalties for those organizations that do not protect the sensitive data they collect.
On today’s Cyber Chat we talk with Wethington about why businesses are having trouble monitoring that data, how they can improve, and what the future holds for data security.