All data should be treated as sensitive by organisations, security expert warns
Image credit: Foto 118502277 © Awargula | Dreamstime.com
Threat-targeted organisations need to reappraise the overall value of their total data assets, as well as shift the responsibility for keeping out cyber threats from being an employee burden, an IT security expert has said.
As dedicated industry expo Infosecurity Europe 2022 gets under way this week, Nigel Thorpe, technical director at SecureAge, has said that the traditional approach to giving the greatest cyber protection to ‘sensitive data’, while leaving other data types less well secured, has increasingly become a false ideal in a post-pandemic world.
“The time has come to rethink what is meant by ‘sensitive’ data,” Thorpe said. “The reality is that an organisation should regard all of its data as potentially ‘sensitive’ information and protect it accordingly – ideally with file-level encryption.
“We now see many instances of data that had been regarded as ‘non-sensitive’ being compromised and creating security alerts and reputational harm when it’s released out into the public domain.”
Organisations should also move on from the widely held notion that cyber-savvy workforces should constitute a primary line of defence for enterprises when they come under attack by cyber threats, according to Thorpe.
“The decision of whether or not to click on a link or attachment is no longer one that in the first instance should rest with end users,” he said. “At SecureAge, our solutions have AI-driven, cloud-based anti-viral engines that apply a ’block first’ approach based on application control that can make those decisions, rather than ultimately relying on employees to decide.
“I’m not suggesting that end users should be absolved from all responsibility for cyber-security policy, but I would suggest that it’s no longer really fair for an organisation to expect its employees to hold the defensive frontline, when in most instances those end users are being pitted against highly technical, well resourced threat actors.
“The ‘workforce is the first line of cyber-defence’ proposition is becoming a rather outmoded mantra.”
Infosecurity Europe 2022 continues this week at ExCel, Docklands, London.
The ongoing rail strikes are affecting movement around the capital, and the country at large, so you are advised to check with your travel provider before making any journey, should you be considering attending an event in person.
Sign up to the E&T News e-mail to get great stories like this delivered to your inbox every day.