BACKGROUND IMAGE: Jirsak/iStock
New data security models fortified by emerging tech
A trusted employee clicks on a phishing link and unwittingly provides his company credentials to hackers. Someone in upper management emails files with sensitive company information to a customer. A contract worker installs a thumb drive she found who knows where, infecting the company network with malware. Vague horror stories CIOs use to scare employees into caring about data protection? Yes, but these nightmare scenarios are also, unfortunately, very real. Some of the biggest data breaches in the last five years -- including the attacks on Anthem, Sony and JP Morgan -- were set in motion by human error.
As attack vectors continue to grow in the wake of the expanding business use of the internet of things and other technology, CIOs have realized that relying on employees to protect data isn't working. The Verizon 2017 Data Breach Investigations Report found that 81% of hacking-related breaches used stolen, weak or easy-to-guess passwords. So how are companies mitigating the huge risks stemming from human error? By trying to take the "human" aspect out of the equation.
Technologies such as machine learning, automation and robotics process automation are moving beyond traditional business processes and becoming integral to new data security models. Next-generation data analytics techniques, behavior-based security strategies and continuous monitoring are also being integrated into companies' information protection processes. The human factor is still present, however, and companies must learn how to integrate these emerging data security models with traditional capabilities, such as intrusion detection monitored by security personnel.
In this month's SearchCIO handbook, we explore real-world examples of companies that are experimenting with these increasingly automated, tech-based data security models. Tech breakthroughs like machine learning and automation are proving to be a sound investment for CIOs trying to streamline business processes, and tech execs hope they'll prove as lucrative for data protection strategies.