Companies often separate cybersecurity and data protection by forming two independent teams and buying different software to address each of these issues apart. Maintaining and managing two teams, together with two software sets, involves high IT costs and administrative expenses.
Why do companies separate cybersecurity and data protection? To answer this question, let’s take a look at these two incidents.
Recently, a ransomware attack hit UHS, a healthcare provider operating 400 facilities. Ryuk, a ransomware strain known for targeting big organizations, is suspected to have been used during the attack. Luckily, no personal records were compromised during this security incident.
Let’s take a look at another case. Town Sports International, a fitness chain, exposed the personal information of more than 600,000 customers and staff members. The reason behind the breach was insufficient server protection, which allowed unauthorized access.
Indeed, these two stories may be considered to belong to independent fields — cybersecurity and data protection. Since data threats belong to different areas, the methods to prevent such threats should be different as well. That’s the logic that often determines corporate IT strategies and their elements, such as team recruiting and choosing software.
However, is separating cybersecurity and data protection the right approach? It seems right if you read the definitions of cybersecurity and data protection.
A Bit Of Terminology
As the name suggests, cybersecurity is a set of actions to make your digital ecosystem secure against cyberattacks. Cybersecurity focuses on specific technical implementations needed to protect your systems and networks. Compared to data protection that centers on information stored within a system, cybersecurity has a stronger focus on protecting a system itself.
Data protection is a set of procedures aimed at safeguarding personal data stored within a system. Data protection addresses data management, availability, unauthorized access prevention and application regulations like Health Insurance Portability and Accountability Act (HIPAA) or General Data Protection Regulation (GDPR). Unlike cybersecurity, which is a job for IT professionals, data protection requires effort from all employees dealing with sensitive data.
Summing it all up, cybersecurity covers safety against cyberattacks, while data protection covers a set of issues related to data storage, management and access. These two disciplines are indeed different. So why do you need to combine them?
Why Combine Cybersecurity And Data Protection?
Experiencing a data breach affects a whole organization and its stakeholders, not just a security department.
A recent hack affected the U.S. Department of Veterans Affairs and put the personal information of approximately 46,000 veterans at risk. Cybercriminals tried to divert payments from the department by using social engineering techniques and exploiting authentication protocols. Unfortunately, personal data, including Social Security numbers, may have been compromised, according to the recent news.
As this case shows, personal data and system protocols can be damaged in the same event. Incidents like this one are worthy of being analyzed not from two different views, but from a combined perspective that includes data protection and cybersecurity.
Because data breaches affect various aspects of an organization’s life cycle, the response should be multilateral. In other words, both cybersecurity and data protection specialists should combine their skills to prevent data breaches.
What can you achieve if you combine cybersecurity and data protection? There are several benefits:
• Prevent data breaches. Overseeing both data and systems at the same time leaves less space for vulnerabilities and exploits.
• Address emerging digital threats. There are digital threats that pose a risk for both data and systems.
• Enhance your information security management system. Having a single pane of glass ISMS allows you to control your data better than with separate infrastructure for data protection and cybersecurity.
• Improve compliance. Reducing the probability of a data breach helps you to stay compliant and avoid compliance violation penalties.
Both data protection and cybersecurity deal with protecting sensitive data from various digital threats. That’s why they have become interconnected. Rather than having them respond to a breach separately, it makes sense to have one integrated approach.
How To Combine Them
To face data breaches efficiently, organizations should adapt their daily workflow by combining cybersecurity and data protection. Here are some of the best ways to do it:
• Unite data protection and cybersecurity skills. Skills are the foundation your specialists will require to ensure critical data safety from various threats. Your professionals should have sufficient skills to oversee each business process from both security and data protection perspectives.
• Create a clear set of rules and procedures. You need to ensure that your company’s daily workflow is carefully planned according to industry regulations and security best practices. Ideally, you need an all-reaching plan that includes the design of your systems, maintenance, data management and access, and incident response. For each part of the plan, there should be a responsible person.
• Implement an integrated risk assessment. Using separate tools and methods for every type of risk may not give you full visibility into the security of your data. That’s why it’s a good idea to use end-to-end solutions that address all types of business, security and compliance risks.
• Develop a shared attitude toward data safety. Every employee must understand that a data breach can start from a routine action like installing a software as a service (SaaS) app that may be fake.
Because anyone in an organization can cause a data breach, responsible user behavior should be an essential part of the corporate culture. Of course, even if each employee is cautious, you can’t just disband your team of IT security specialists. Instead, it’s a way to complement their work by reducing the probability of user error.
Photo: Getty Images