Data Privacy Day – expert comment from F5 and CyberArk

Tristan Liverpool, Systems Engineering Director, F5 Networks:

“Our growing digital footprints are spawning new data every day. Yet, lurking in the darkest corners of the web are cybercriminals aggressively attempting to steal data from applications, drain bank accounts of funds, or use ransomware to extort a payment from a business or individual. We urge businesses this Data Privacy Day to recognise the growing threat of mobile malware to their customers and IT infrastructure by taking strict measures to safeguard and protect data. The growing popularity of application-focused services – such as mobile banking, wearables and virtual assistants – demonstrates society’s dependence on mobile. The bigger the footprint, the harder it is for consumers to manage and secure their digital worlds by themselves. Every day the public puts their trust in businesses collecting their personal data with the expectation that they are fully protected from online threats and thieves.

“Cybercriminals attempt to compromise apps with schemes like malware writing, botnet herding, credit card fraud, credential laundering, trading in stolen digital goods, and selling corporate intellectual property – all with the intention to generate profit. In response to cyber-attacks, organisations must adopt strong authentication to help keep the identities of users secure and data safe. In addition, a robust web application firewall makes it easier to defend against malware, combined with a comprehensive fraud monitoring service to prevent catastrophic losses of vital data. With best practice in mind, we are now less than four months away from the GDPR deadline and data protection should be part of every company’s culture and long-term strategy to guarantee customer privacy.”

David Higgins, Director of Customer Development, EMEA, CyberArk:

“This Data Privacy Day feels markedly different to previous years. With GDPR coming into force in May, there has never been more urgency to improve transparency over how personal data is used and accessed.

“There’s still a mountain to climb – as we found out when a recent CyberArk survey revealed that half of businesses (50%) did not fully inform customers when their personal data was compromised in a cyber attack. As people become increasingly aware of their rights, and expect full visibility over where their data lives, burying bad news will ruin customer relationships. This could have a huge impact on profits even before the new legislatory penalties have been accounted for.

“Protecting customers’ personal information, and keeping sensitive company data locked down, should be a top priority. But unfortunately gaps in security best practices persist. More than half (53%) of business leaders lack knowledge about their organisation’s security policies, and 42% say they store passwords in a document on a company PC or laptop.

“Organisations should use this year’s Data Privacy Day as an opportunity to reinforce security as a board level topic, remind their employees of their security policies, and take steps to protect their high value assets as well as the accounts that access them. If these fall into the hands of an attacker – as they did with the likes of Uber and Yahoo – sensitive company and customer information can be accessed without alarms being raised. Companies which do everything in their power to detect and block threats early in the attack cycle will build confidence with their customers, and be in the strongest position to manage transparent communications around data breaches post-GDPR.”