Kathy Gibson reports from Gitex Africa Morocco 2024 – Digital transformation is about ensuring an organisation’s processes are effective in making the business better – and it relies totally on data.
Neil Cosser, regional director: Africa at Thales, points out that this data sits everywhere – on-premises, in the cloud, and on individual devices.
“And everyone is generating this data,” he says.
Businesses face a further challenge in that this data can be accessed by people both inside and outside of the organisation. “As a customer, when I draw a statement, I am accessing the bank’s internal systems.”
This means organisations have two significant challenges to data security: the volume of data; and where it is.
“Your data is exposed to three types of threat,” Cosser says. “The first is that someone will come into the organisation and take your data away.” This could be via a ransomware attack, for instance.
The second threat is people who may make the data unavailable to the company, This could also be via ransomware or distributed denial of service (DDoS) attacks.
The third attack is where hackers get into the system and change the data – which could have a massive material impact on the organisation.
“So you need to protect your data,” Cosser says.
He also believes it’s important to differentiate between a breach and a compromise.
“A breach means someone got into the environment; a compromise means they were able to do something bad.
“The way you address these is different.”
Too many cybersecurity solutions address the breach, but not the compromise.
There are many good reasons to mitigate these risks, Cosser adds, including compliance with industry and government regulations.
The security of data is vital, he points out. Companies should know what the value of their data is, and the cost of it being compromised.
“You need to create a framework that you can adhere to in order to secure your data,” Cosser says.
“The first priority is that you need to protect your data everywhere. And it needs to be protected across the entire lifecycle – which means you have to discover it.
“Then you need to secure that data. Methods of doing this could include encryption, data loss protection, and more.
“You need to then centralise the management of that protection,” Cosser says. “The final step is to ensure that secure access control is in place.
“And you need to deploy technology that addresses all the places where data resides.”