Resources | Blog

Personal Data Privacy and Corporate Cybersecurity – Two Sides of the Same Coin

BY Matthew Valleskey

We’ve just marked World Data Privacy Day – an internationally recognized event that takes place on January 28 each year, aimed at raising awareness of and promoting privacy and data protection best practices. This year, the day took place against a backdrop of increasing scrutiny of data privacy in both the US and Europe. In the U.S., the California Privacy Rights Act (CPRA), which adds privacy protections for consumers to existing laws, has just taken effect. Meanwhile, individual European countries such as Austria and Denmark are building on existing GDPR regulations and enacting new protections that limit the data that Google Analytics can collect on individuals. Regardless of how effective new privacy regulations may be, they are indicative of the broad increase in awareness of the need for data privacy. 

Data Privacy Day’s educational initiative originally focused on raising awareness among businesses, as well as users, about the importance of protecting the privacy of their personal information online – particularly in the context of social networking. Taking into consideration the frequency of personal data exposure, arguably, Data Privacy Day has never been more relevant. Illustrating the scale of the issue, in a recent interview with privacy expert professor Shoshana Zuboff, the Financial Times reported that in the US, people have their location exposed 747 times per day, while in the EU, the figure is 376 times per day. 

Hybrid working increases data privacy risks

Since the pandemic, most of us have become accustomed to home working and hybrid working. From data privacy and cyber security perspectives, this has complicated and increased the threat landscape – an issue that is not getting the attention it deserves. The reasons are twofold and straightforward. First, the worlds of personal data privacy and corporate cyber security have become inextricably intertwined. Consider for a moment how many places your personal data resides. Guaranteed, most of it will be sitting on the servers of companies or government bodies. Second, hybrid working has increased the risk to corporates of cyber attacks – particularly ransomware, as in many instances, remote workers do not have the same level of enterprise security at home as they would in an office. 

The ongoing threat of ransomware attacks

Citing various sources and reports, TechTarget recently published an article examining current ransomware trends. Some of the key points from the article included the fact that ransomware attacks surged dramatically in 2022, accounting for 25% of all data breaches and that ransomware affected 66% of organisations in 2021. The ransomware threat continues unabated, made evident through the FBI’s take-down of the Hive ransomware gang in January, as reported by ITPro, which prevented over $120 million worth of ransomware payments from being made. Unfortunately, despite the success of this raid, when it comes to ransomware gangs, it’s a constant game of whack-a-mole. Constant vigilance and preparedness for an attack is essential. 

Protecting enterprise data and customer privacy with immutable backups

When a ransomware attack takes place, the number one priority for the affected enterprise must be rapid data recovery and the restore. Many businesses are recognizing the need to have an outsourced partner who can provide a data recovery platform with a recovery environment comparable to the original. 

Having a usable copy of data to recover from in the event of an attack is absolutely crucial, which is why very often the attackers’ first port of call is to infect the backup systems. Organizations can defend themselves from this by using an immutable backup system, but if that repository is in the cloud or off site, they will need to make provisions for the speed of recovery. Having an outsourced data recovery partner allows affected enterprises to run parallel streams while simultaneously working with law enforcement to find the perpetrators. This allows businesses to continue to function and proactively manage threats, preventing further damage and the need to give in to extortion by paying huge ransoms.

Thwarting ransomware attacks through trusted partnerships

In-house IT teams can’t cope with the volume or sophistication of cyber attacks today. They both want and need to shift as much responsibility as possible to trusted partners. That outsourcing is creating a data insurance policy that allows the business to function as usual with little to no downtime, and also enables support for law enforcement to investigate the attack and help bring the perpetrators to justice. Data Privacy Day focuses minds on this important issue but it’s only through constant vigilance, well-considered data protection and recovery policies and procedures developed in consultation with trusted partners, that organizations stand a chance of protecting customers’ data in the event of a cyber attack.