GDPR May Not Apply to You. Follow it Anyway

I recently spoke at a small business event, and I asked for a show of hands for those governed by various common data privacy regulations (PCI, HIPAA, etc.). I saw giant smiles on the faces of those not raising their hands—a sense of relief for having avoided the extra discipline and effort that compliance requires. My advice to that relieved group: pick a data security regulation anyway—any one of them—and follow it.

With the GDPR deadline just days away, a lot of organizations in the U.S. are feeling like those lucky few small business owners, thrilled that they don’t fall under the new GDPR regulations. My advice: follow it anyway. Here’s why:

The U.S. will copy elements of GDPR—sooner than you think

The U.S. tends to follow rather than lead when it comes to data privacy regulations. If history repeats itself, U.S. regulators will follow the tenets of GDPR—and likely enhance it (read: make requirements more specific and stricter) based on how GDPR enforcements shake out in the coming months and years. By starting the process of achieving compliance today—before deadlines rush timelines—U.S. companies can take the time to make smart decisions, build future-proof strategies and spread the costs out over time.

U.S. consumers want GDPR-level privacy

We’re seeing a big change in public awareness of data privacy. Everyday people—not just data security pros and regulators—are tuning into the details of what data companies collect about them, and how that personal data is used. As consumers, we’re becoming aware of all the new and terrifying ways our privacy is up for sale. The headline example of this is the Facebook/Cambridge Analytica case. There’s huge value in showing your customers that you go above and beyond, and GDPR is centered on concepts that customers understand and love: consent and the “right to be forgotten.” Moreover, you definitely don’t want to look like you’re taking the easy way out at the expense of your customers’ privacy.

GDPR is good business practice

In board rooms around the country, CEOs are getting grilled on data privacy and data security. No company wants the same embarrassment, fines and costly brand damage that Facebook is enduring. The basic tenets of GDPR—privacy by design, privacy by default, etc.—aren’t really revolutionary. They’re now just best practice for any digital business.

Proactively adopting the tenets of GDPR forces a solution to the fact that most companies don’t have the data visibility needed to understand and implement next-generation data privacy. You need to consider all the vectors within your digital ecosystem—look at all the endpoints floating around your world, instead of just your networks and servers. And you can’t treat all data the same way. You have to be able to recognize your most valuable and sensitive data—and see where it lives and how it moves.

Of course, proactively going above and beyond to secure customer data is a big challenge, to say the least. But, I recently saw something on TV that looked like a much bigger hassle: Testifying in front of Congress. 

Cyber Threat Prevention at the Cost of Data Visibility Falls Short

As an industry, we’ve built some amazing technologies that provide defense in depth across our perimeters, networks and endpoints. We’ve created some pretty amazing tools that are able to analyze, correlate and process massive amounts of data that could indicate malicious activity. But it occurred to me that even with the most robust defenses in the world, our hyper focus on prevention and threat detection have caused us to lose sight of what it is we are defending. Our data–our intellectual property–is what drives our companies forward and provides valuable products or services to our customers.

Those of us that have been in the security space for any length of time have seen the threat landscape change rapidly. Security practitioners and the vendors that build tools to support them also have evolved dramatically. Security teams are building impressive layered defenses, as evidenced by the dramatic growth in the number security solution providers. I recently returned from the RSA Conference and, even though I’ve been going for over a decade, I’m still amazed every year by the number of new vendors that continue to pop up. There are now more than 1,600 security companies in the market, according to Zulfikar Ramzan, CTO of RSA Security. Ramzan also stated that one of RSA’s customers is using 84 different security vendors–yes, 84! He goes on to say that number really isn’t uncommon.

Don’t focus on threats at the expense of what’s being threatened: your data

All of these solutions do a pretty good job of understanding the particular threats they are focused on. They effectively work to detect, deny or disrupt those threats across your perimeter, inside your network or on your endpoints. But ironically enough, the tools themselves don’t have the needed visibility into what they are protecting.

And what they are protecting is the whole point: it’s the data–your company’s intellectual property, the very ideas that make your company valuable. Deloitte found that 80 percent of a company’s value is in its intellectual assets.

When it comes to protecting your data, knowledge is power

We need to do more than just stop as many threats as we can. We need to understand our data and recognize that it is the lifeblood of our companies. It is critical to know where our data is, who has it, where it is moving to and from and exactly what information is moving. No matter how complex our security posture is (and possibly because of that complexity) threats will always get through. So, we need to include data-level visibility in our security planning and tool portfolio. Data-level visibility gives us proper insight into exactly what is happening with our data, so we can be smarter about protecting it. This visibility will be a powerful complement to the rest of our security toolsets, helping to more easily detect, investigate and rapidly recover from malicious incidents.

Knowledge is power. Knowing exactly where the most important information lives and moves is a critical step in fully protecting the most valuable assets we have: our ideas.

Forrester’s Mitigating Insider Threats: The Security Playbook

By submitting this form, you agree to Code42’s Privacy Policy.

Every Idea Matters: Secure Them with Code42

At the most basic level, every business sprang from an idea. Every advancement, every cure, every game changer–they all started as a concept in someone’s mind. No matter the industry, ideas are the fuel that helps every one of our customers grow.

Every idea matters. It’s a simple concept, but one that guides us at Code42 as we secure our customers’ data–their ideas–wherever they live or move.

Case in point: This week we announced the Code42 Forensic File Search product, which helps security, IT and compliance teams dramatically reduce the time it takes to investigate, respond to and recover from data security incidents that threaten their valuable IP. Because it collects file metadata and events across all endpoints in an organization and makes them searchable via the cloud, you can cut incident response investigations from weeks and months to mere seconds.

Expanding security capabilities

While this new product is exciting in itself, it also marks an important expansion of our security capabilities for global enterprises. With Code42 Backup + Restore, you have access to complete file contents on any endpoint. Code42’s File Exfiltration Detection gives you visibility into departing employees moving files to external drives or cloud services. Code42 Forensic File Search provides you metadata from file activity. Together, these features offer you the greatest visibility yet into what’s happening to the valuable ideas on your organization’s endpoints.

Later this year, we’ll extend the same visibility to the data that lives on corporate cloud applications, including Microsoft OneDrive, Google Drive, Box and Slack. While the endpoint will continue to be relevant, and a key source of data exfiltration and infiltration, we know that in the next five years that much of the data on endpoints will move to the cloud. We intend to be at the forefront of this transition.

Every feature of the Code42 platform was designed with the same end goal in mind: to protect the valuable ideas fueling our customers’ growth. Our customers are changing the world with their ideas. It’s our job to keep those ideas safe. Because every idea matters.

Code42 Forensic File Search: Bringing “Night Vision” to Data Visibility

Code42 Forensic File Search: Bringing “Night Vision” to Data Visibility

The other day, while watching a show about modern warfare on The History Channel, I was struck by how technical advancements in modern warfare mirror the innovative leaps we have made in the battle of cybersecurity. In particular, the invention of night-vision goggles brought continuous visibility to the battlefield, changing warfare in two key ways:

  • It illuminated the dark corners: suddenly silent still actors would be seen as if they were fully illuminated; and
  • It enhanced the temporal dimension: what was traditionally a daytime activity became an around-the-clock battle.

Today, with the announcement of Code42 Forensic File Search, we’re happy to say that Code42 brings night vision to data security. We are enabling a new dimension of visibility—illuminating dark corners and creating a fully visible arena that you can examine, mine and use to take action in defense of your data.

We illuminate the dark corners

Imagine that you could search and investigate file activity across every endpoint on your network. You could instantly query your data to find where files are located. In the event of a malicious file finding its way onto your network, within seconds you could know where that file had landed and who was impacted by it—regardless of where the file resided on that machine. Suddenly the ransomware files that hide silently in users’ Recycle Bins and Downloads directories are visible. The least managed–but most exposed–entry points for malware and ransomware are suddenly visible to you.

We change the temporal dimension

Being able to see into the dark corners of the “battlefield” is only the first step. Imagine being able to take immediate action against those endpoints regardless of whether they are on your network, or even powered off in someone’s home. This is the power of Code42 Forensic File Search. We’re constantly logging changes happening on your endpoints and sending them to our cloud where you can interactively query them to find files regardless of the state of the endpoint. Our optics give you the enhanced vision to illuminate file activity on your endpoints, in near real-time, without waiting for users to connect or manually going out and searching the endpoints that were unavailable to you.

Our element of surprise

For years, as security experts we’ve been forced to fight a blind battle—one where the night sky is devoid of stars; one where our enemies could exploit any weakness in our data visibility. Tomorrow’s data security battle is defined by night vision, enabling you to know where your data lives and moves across all endpoints – at a moment’s notice. It’s defined by the ability to get real-time results from dynamic queries. These new capabilities enable the level of digital trust that you need to drive your organization’s digital transformation journey.

Code42 “night vision” is just one of the transformative changes we’re bringing to the battlefield for data visibility and security. What’s next? Well, those in attendance at our Evolution18 customer conference have seen a few glimpses today. We’ll share more here soon.

Is GDPR-Regulated Data Hiding in Pockets of Your Organization?

Data breaches that compromise critical customer information are the worry that keeps IT people up at night. Unfortunately, what’s considered critical customer information and what you must do to safeguard it has changed dramatically, thanks to GDPR. IT stakeholders at American companies who’ve assumed GDPR does not apply to them may want to take a closer look at what the implications are for U.S.-based companies. GDPR-regulated data can be found in places you might not expect, and the tools you’ve been using to keep track of that data may not provide the visibility you need in case of a breach.

Where does GDPR apply?

First off, don’t think because you’re an American company only doing business in the U.S. that you’re exempt. If you capture any data about an E.U. citizen, like one who stumbles across your website and sends a question through a contact form, you’re on the hook for GDPR.

So where does the data regulated by GDPR live in your organization? The short answer: everywhere your customer data lives and travels within your organization. That doesn’t just mean your CRM system. Employees routinely download and use personal customer information on their endpoint devices, even when company regulations forbid it. You may or may not be surprised to learn that the C-suite is the worst offender at this.

The scope of what is considered “personal information” under GDPR is much broader than you might expect. While most companies already take steps to protect sensitive information like credit card information or social security numbers, GDPR takes it much further and could signal a sea change in data collection. Specifically, any information that can be used to identify a person, like IP addresses and names, is covered under the regulation; however, GDPR is expanding the definition of sensitive data to include any data that could potentially identify a person. So, if you’re capturing it, it’s worth protecting.

What does data encryption protect against?

Many IT directors hit the pillow every night with the misguided confidence that their data encryption will prevent any GDPR-related problems. Unfortunately, that’s not always the case.

Data encryption is a useful tool if your data compromise doesn’t include credentials that unlock the encryption. But if your data is compromised because of stolen credentials, then encryption doesn’t matter. This can happen with stolen laptops, a common occurrence with company-issued employee laptops. It can also happen with malicious employee activity – if employees with valid credentials decide to exfiltrate data, encryption won’t do a thing to stop them.

What happens after a data breach?

Talk about sleepless nights for an IT director. For companies that experience a data breach, the hours and days after discovery are usually a mad scramble to assess what’s been compromised and by whom. The time and money spent to unravel the tangles of compromised data in an organization can add up fast. And GDPR doesn’t give you much time. You have 72 hours after discovery of a breach to notify GDPR authorities if personal information has been affected.

The problem for most companies is that they don’t really know where all their customer data is stored. A lot of it can end up on employee laptops and mobile devices. To truly protect their data assets, companies must have a firm understanding of where all their data travels and lives.

Data visibility

Being able to immediately and clearly locate customer data is critical to surviving a breach of GDPR-regulated data. A strong endpoint visibility tool can provide a quick understanding of all the data that has traversed through an environment—and importantly for GDPR, whether that data contains personal information.

An endpoint visibility tool can also tell you with confidence if compromised data does not include personal information that would fall under GDPR. That would prevent you from unnecessarily alerting the authorities.

Unfortunately, data breaches continue to happen, and there’s no sign of that abating any time soon. When the collection of consumer data is necessary, companies should consider it sensitive and use endpoint visibility tools to protect it.

Digital Transformation Requires a New Kind of Castle

Digital Transformation Requires a New Kind of Castle

Why don’t we build castles anymore? The answer, of course, is that we do—they just look a lot different. In fact, thinking about how and why castles have evolved can tell us a lot about how we can improve our approach to securing the enterprise “kingdom.”

The first medieval castles were a lot like first-generation enterprise networks: giant walls surrounding centralized assets. Nearly all the value of the kingdom could be held within the walls (data, productivity, etc.). A single drawbridge (the firewall) was connected to the outside world. Turrets gave better visibility to threats coming from the outside. It was a simpler time: With most value contained within the walls and little need to connect outside, it was much easier to build up a hardy perimeter. But these castles were also big targets, with a huge attack surface and lot of value to be taken. Moreover, there was little in the way of internal security. If attackers breached the perimeter, they had their run of the kingdom.

Gunpowder changed everything

Then someone came along and invented gunpowder. Firepower is a lot like malware, ransomware and social engineering tactics. Suddenly you can shoot over castle walls or even through walls. The response in medieval times was to build more walls—to create castles within castles. We did the same in the digital enterprise world, adding VLANs, secondary firewalls, app-specific encryption and other “walls” around specific internal assets.

That’s where most organizations are today – still structured around the idea of the secure perimeter. We secure the thing that holds the value—the network, the server, the app, the endpoint device—but not the value itself (the data). We hone our sights on external threats, missing the threats that are already inside the castle walls.

The digital castles of tomorrow

It’s increasingly clear that a perimeter-based approach doesn’t suit the modern kingdom. You’re never going to completely stop all breaches, and tougher walls will end up locking your own people out and stifling value creation. So, what does a forward-thinking data security strategy look like? Here are four key features we’ll see in the digital enterprise “castles” of tomorrow:

  • There will be perimeter—but it will be porous. There will always be boundaries, but we’ll only rely on the perimeter to stop the most obvious and basic attacks—and we’ll ensure it doesn’t thwart our users’ productivity.
  • Smaller targets—less attack surface. Data security strategies will start at the most granular level which is at the user’s endpoint device. By making the targets small and many, it makes it more expensive (and less fruitful) to attack them.
  • Turrets that look inward. As threats increasingly come from within, we’ll turn our lookout towers around. We’ll use data visibility tools to see where our data lives and when it moves, and get better at recognizing when something doesn’t look right.
  • Securing the value itself. Instead of securing the thing that holds the value, we’ll secure the value (the data) itself. That means finding ways to ensure that attackers can’t actually remove data, and/or that the enterprise never truly loses that data (and all its value).

To close out our medieval castle analogy, the next-generation digital “kingdom” won’t have giant walls to protect our gold. We’ll use data visibility tools to know the second a gold coin moves somewhere it shouldn’t, and we’ll use data recovery tools to ensure we can always yank that gold coin back, no matter where someone tries to take it.

Forrester’s Mitigating Insider Threats: The Security Playbook

By submitting this form, you agree to Code42’s Privacy Policy.

451 Research: Code42 Is Well-Positioned for the Data Security Space

Code42’s proven endpoint backup platform puts us in an ideal place to solve some of today’s most complex data problems, especially those related to security. Customers are starting to realize the true potential of endpoint data, and demanding more visibility to understand data movements in and out of the organization. With the launch of 6.0, Code42 took a major leap into the data security space, and the update is the subject of a new Market Insight report from 451 Research.

The 451 Research highlights that vendors in the backup market have been gravitating towards additional security features to address the latest strains of cyberthreats, such as ransomware. Code42 receives praise for taking on ransomware, but also a more common and potentially more damaging danger – insider threat. “Addressing the threat of ransomware in particular has been a recurring theme among many vendors in this space, but the company is tackling internal threats with equal zeal as external ones,” states the report.

The Market Insight report also covers additional 6.0 features such as Access Lock and Okta integration. Looking at the totality of the new version, 451 Research states that “vendors such as Code42 are in a good position to deliver advanced data management and data loss-prevention capabilities since they see every file and the changes made to them during the backup process.”

To learn more about 451 Research’s take on Code42’s 6.0 launch, read the report today.

Data Loss Threatens Mergers and Acquisitions

One of the most popular breakout sessions at Evolution17 featured a great merger and acquisition (M&A) scenario: Midway through the deal, critical information leaks, devastating the value of the deal. How can you figure out how much info leaked—by whom and to whom?

Here’s why that storyline was so riveting: 2016 saw more than $3.5 trillion in M&A deals. And the vast majority of those deals revolved around valuations of intellectual property (IP), which today makes up about 80 percent of a typical company’s value. If you’re a buyer organization, consider these questions:

  • Are you aware of all the IP within the target company?
  • Can you be sure all this IP will come with the deal?
  • Can you be certain it won’t leak to a competitor?

Data loss is a growing M&A problem

For most buyers, the answers to the questions above are no, no and no. This lack of visibility and security for the very assets a company is buying is startling, and it’s increasingly impeding the success of M&A deals. A 2016 survey of dealmakers found that about three in four M&A deals end up getting delayed—sometimes indefinitely—by data loss. Those that eventually get back on track often end up hobbled by missing data. Experts say this is a big part of the reason that 80 percent of M&As fail to achieve their potential or expected value.

M&A amps up the insider threat

Data loss is increasingly common in M&A for the same reason it’s increasingly common throughout the business world: More than half of all enterprise data now lives on endpoints, beyond traditional visibility and security tools centered on a network drive or central server. If the target company can’t see what its employees are doing with data on their laptops and desktops, then a potential buyer has near zero visibility. Couple that with the unique circumstances of an M&A deal and you’ve got a much higher risk of insider data theft. Laid-off employees freely take their endpoint data—sometimes for personal gain, other times just to sabotage their former employer. Those that do stick around tend to feel little loyalty toward their new company, lowering their inhibitions toward selling or taking data for personal gain.

There’s a better way to protect IP during M&A deals

IP is what an acquiring company is buying—the info that is critical to the value and competitive advantage gained through a deal. To make the most of an M&A opportunity, buyers need a better way to collect, protect and secure all data living on a target company’s endpoints—before, during and after a deal. Fortunately, with the right tools, a buyer can gain complete visibility of all endpoint data, take control of valuable IP and drive a deal to its most successful outcome.

Verizon DBIR Says You Can’t Stop the Storm—But You Can See It Coming

The 2016 Verizon Data Breach Investigations Report (DBIR) paints a grim picture of the unavoidable enterprise data breach. But accepting the inevitability of breaches doesn’t mean accepting defeat. It’s like severe weather: you can’t prevent a tornado or hurricane. But with the right visibility tools, you can recognize patterns and mitigate your risk.

Likewise with data security, visibility is critical. “You cannot effectively protect your data if you do not know where it resides,” says Verizon.

Most enterprises plagued by poor data visibility

The report shows that most organizations lack the data visibility tools for effective breach remediation. Hackers gain access more easily than ever, with 93 percent of attacks taking just minutes to compromise the enterprise ecosystem. Yet without the ability to see what’s happening on endpoint devices, 4 in 5 victimized organizations don’t catch a breach for weeks—or longer.

Here’s a look at how data visibility solves many of the major threats highlighted in the 2016 DBIR:

Phishing: See when users take the bait

The report showed users are more likely than ever to fall for phishing. One in ten users click the link; only three percent end up reporting the attack. Instead of waiting for the signs of an attack to emerge, IT needs the endpoint visibility to know what users are doing—what they’re clicking, what they’re installing, if sensitive data is suspiciously flowing outside the enterprise network. The “human element” is impossible to fix, but visibility lets you “keep your eye on the ball,” as Verizon put it, catching phishing attacks before they penetrate the enterprise.

Malware and ransomware: Encryption + endpoint backup

With laptops the most common vector for the growing threats of malware and ransomware, Verizon stresses that “protecting the endpoint is critical.” The report urges making full-disk encryption (FDE) “part of the standard build” to gain assurance that your data is protected if a laptop falls into the wrong hands. Continuous endpoint backup is the natural complement to FDE. If a device is lost or stolen, IT immediately has visibility into what sensitive data lived on that device, and can quickly restore files and enable the user to resume productivity. Plus, in the case of ransomware, guaranteed backup ensures that you never truly lose your files—and you never pay the ransom.

Privilege abuse: “Monitor the heck” out of users

Authorized users using their credentials for illegitimate purposes “are among the most difficult to detect.” There’s no suspicious phishing email. No failed login attempts. No signs of a hack. And for most organizations, no way of knowing a breach has occurred until the nefarious user and your sensitive data is long gone. Unless, of course, you have complete visibility into the endpoint activities of your users. Verizon urges enterprises to “monitor the heck out of authorized daily activity,” so you can see when a legitimate user is breaking from their use pattern and extricating sensitive data.

Forensics: Skip the hard part for big cost savings

The most costly part of most enterprise data breaches—accounting for half of the average total cost—involves figuring out what data was compromised, tracking down copies of files for examination, and other forensic tasks required for breach reporting and remediation. Most often, an organization must bring in legal and forensic consultants—at a steep price. If you have complete visibility of all enterprise data to begin with, including endpoint data, you can skip much of the hard work in the forensics phase. If you already have continuous and guaranteed backup of all files, all your files are securely stored and easily searchable. Modern endpoint backup solutions go a step further, offering robust forensic tools that make it easy and cost-effective to conduct breach remediation, forensics and reporting tasks without eating up all of IT’s time, or requiring expensive ongoing consultant engagement.

See your data, understand your patterns, mitigate your risk

The whole point of the DBIR is to shed light on data to see the patterns and trends in enterprise data security incidents—to mitigate risk through greater visibility. So read the report. Understand the common threats. But make sure you apply this same methodology to your own organization. With the right data visibility tools in place, you can see your own patterns and trends, learn your own lessons, and fight back against the inevitable data breach.

Leaky End Users Star in DBIR 2016

Insider threat once again tops the list of enterprise cyber security threats in the 2016 Verizon Data Breach Investigations Report (DBIR). For the second straight year, Verizon research showed that the average enterprise is less likely to have its data stolen than to have an end user give away sensitive credentials and data—whether unintentionally or maliciously.

From insecure storage, transfer or disposal of sensitive information, to lost or stolen endpoint devices, to intentional data theft and privilege abuse, to simply entering the wrong recipient name in the email address field, the vast majority of breaches can be traced back to end users. “Our findings boil down to one common theme,” said Verizon Enterprise Solutions Executive Director of Global Services Bryan Sartin, “the human element.”

Overall, 2015 trends persist in 2016

The 2016 DBIR pulls trends and insights from more than 100,000 incidents—and 3,141 confirmed data breaches—across 82 countries. Is there anything groundbreaking in this year’s DBIR? Nope. Verizon reports “no drastic shifts” and no “show-stopping talking point.” For the most part, last year’s trends and patterns continued. But to “strike a deceased equine” (as Verizon put it), these persistent trends bear reviewing.

Phishing still works—end users are more likely than ever to click the link

The 2016 DBIR found hackers increasingly targeting devices and people instead of servers and networks, with phishing attacks growing from less than 10 percent of all attacks in 2009 to more than 20 percent in 2015. Why? Because people are more likely than ever to “click the link.” Verizon says 12 percent of people tested will click on a phishing attachment—up from 11 percent in 2014. Also of note: the same study found only three percent of users that receive a phishing email report the attack attempt. The IT department is stuck between a rock and a hard place. More people fall for the scam, and no one gives IT a heads-up.

Privilege abuse is still a top insider threat—with an emerging twist

Traditional privilege abuse involves an internal user stealing or corrupting sensitive data—whether for personal gain or in collusion with an external actor. Verizon noted an emerging twist: external parties with legitimate access credentials (a customer or vendor, for example) colluding with another external actor. Verizon also showed that insider threat detection is extremely difficult in cases of privilege abuse, with most incidents taking months for the enterprise to discover. This year, privilege abuse was the top defined category of cyber security threats, second only to the catchall category of “Miscellaneous Errors.”

Something new: the three-pronged attack

Cybercriminals aren’t just getting smarter—they’re growing more patient. Verizon highlighted what it called the “new three-pronged attack”:

  1. Phishing email lures user to malicious link or attachment.
  2. Clicking the link installs malware that targets a user’s various digital access credentials. Sophisticated malware can even compromise other users’ credentials through this one entry point.
  3. Those credentials are later used in other attacks.

The first challenge here is tracing the subsequent attack back to the initially-targeted user and the original phishing email. The second is figuring out just how deep the attack went—which credentials were compromised and which data may have been exposed or stolen. Playing the “long con” gives cybercriminals a chance to slowly, silently extend the reach of the breach, with users and IT unaware.

Biggest cost: tracking down data during breach recovery

With sophisticated attacks leveraging insider credentials to go deeper and broader, it’s no surprise that the biggest cost of an enterprise data breach comes from the daunting task of forensic analysis. Figuring out what data was compromised, and tracking down copies of the files, puts an enormous strain on IT resources, and accounts for nearly 50 percent of the average total cost of an enterprise data breach.

TL;DR—Breaches are inevitable; data visibility is key

The DBIR is great reading (really—you’re guaranteed a laugh or two), but it’s 85 pages long. Here’s the quick-and-dirty:

  • “No locale, industry or organization is bulletproof.” In other words, breaches are inevitable.
  • Know your biggest threats. Take five minutes to check out the tables on pages 24 and 25, showing incident patterns by industry.
  • “You cannot effectively protect your data if you do not know where it resides.” Breach remediation is crucial. Data visibility is key.

Next, we’ll tackle this last point—why data visibility is essential to effective breach remediation, and how an enterprise can enhance data visibility.

Facebook Twitter Google LinkedIn YouTube