Data Security – What You Don’t Know Can Hurt You

Avoid Being Lulled into a False Sense of Security

Stephen Nardone

In today’s ever expanding IT ecosystem, how do you know whether your data is really secure? It’s a critical question. The numbers tell us so:

  • Over 169 million personal records were exposed in 2015, stemming from 781 publicized breaches across the financial, business, education, government and healthcare sectors.1
  • In 2015, there were 38 percent more security incidents detected than in 2014.2
  • The average global cost per each lost or stolen record containing confidential and sensitive data was $154. The industry with the highest cost per stolen record was healthcare, at $363 per record.3

One way of getting a better handle on your data and security is through a managed security service. But therein lies the problem: Eighty-one percent of data breach victims surveyed in the 2015 Trustwave Global Security Report said they had neither a system nor a managed security service in place to ensure they could self-detect data breaches, relying instead on notification from an external party. This was the case despite the fact that self-detected breaches take just 14.5 days to contain from their intrusion date, whereas breaches detected by an external party take an average of 154 days to contain.

Buying a range of security products in hopes that they will be able to detect emerging threats is no longer the way to keep your data secure. Security practitioners are overwhelmed with threat intelligence alerts, and by the time they are able to decipher the real from the false alarms, your data could already be compromised.

The ever-evolving IT ecosystem complicates the need to secure data both at rest and in transit. Without a fundamental understanding of persistent and emerging threats across the expanded network, your data could be at risk, which means that traditional prevention approaches to security are ineffective. The practice of setting controls and relying upon the tools to prevent an attack provides little more than a false sense of security.

In order to bring risks to a more acceptable level, data security demands more. Keeping your data secure in today’s unbounded IT ecosystem demands more time and manpower of the digital enterprise because what you don’t know can hurt you. Alerts might be able to detect known threats, but new, unknown threats are always just around the corner.

One of the most common ways that IT can be lulled into a false sense of security is that they rely on their tools to protect the data. Depending on tools to send alerts that then demand a response doesn’t provide the visibility needed to protect your data. In today’s world of persistent and emerging threats, the best security strategy ensures constant monitoring in order to remain ahead of the cyber criminals who are relentlessly developing new threats.

Working in partnership with managed security services will minimize the risks to your data. By enhancing your monitoring capabilities and ensuring that you have the proper controls in your environment, you will be better positioned to detect and respond to threats across your environment. As regulations evolve across industry sectors, your managed security service will also make sure that you adhere to compliance requirements now and in the future.


1. “ITRC Data Breach Reports – 2015 Year-End Totals,” ITRC

2. “The Global State of Information Security Survey 2016,” CSO and PWC

3. “Cost of Data Breach Study: Global Analysis,” IBM/Ponemon