Data security is considered as one of the most essential aspects of any organization. In this present IT age, everyone is and should be concerned about the security of their data. The cost of a breach could be deadly to an organization. “The average cost of a data breach in 2019 is $3.92 million using the IBM security databreachcalculator. The health care industry is the most costly industry with an estimated $150 per record.”

We discussed data privacy a while back…it is somewhat intertwined with data security. While data privacy protects your data from unauthorized access, data security handles the rules set by data privacy; an example is the GDPR. Most companies have implemented GDPR from development teams to support.

FaceApp is one of the most recent security concerns raised. People are concerned that you sign away the rights of your picture, even after deleting it. This is more of a privacy concern than security in my opinion. The latest this past week was that Facebook had reached a deal with the FTC to pay a penalty fee of $5 billion over data privacy breach which is said to be the largest fine in FTC history. A popular example of a data security breach is that of Equifax and it appears the penalty is almost 700 million dollars in settlement. The cost of not implementing a privacy policy correctly. Yes, this was as a result of a flaw in a web application tool but the fact they were aware of it two months before the hack occurred resulted in the data breach 🙂

People might say they had enough time to fix the issue but we must understand that SDLC planning is sometimes not that straight forward even in an agile setting with never-ending tech debts, one can see reason on how this slipped through the crack. So what should organizations do going forward? Or have people in the case of FaceApp willingly given out their data? One might argue that our data is been collected every second, yes! The concerns now are how is it been used? Who is really collecting it?.

This brings us to one of the major problems of big data… security! It is difficult for organizations to ensure secure access, authentication or catch-all systems flaws. How then can your company handle this? CI Security is one of the top security solutions, according to Gartner’s 2019 Market Guide for managed detection and response services and based on the yahoo news report “CI Security’s managed detection and response solution catches intrusions in minutes“. There is also IBM QRadar Security Intelligence Platform and last but not least is Splunk Enterprise Security. All of these solutions are top-notch, it all depends on what your organization is looking to address.

The shortage of cybersecurity skills has not helped matters. Not to mention cybersecurity is a hot skill to have. Looking to change job role, security is an interesting one. It cuts across different areas, there is this assumption people have that security == network that will not always evaluate as true. There are different security certification(s) available for a network engineer to an IT architect even to a software developer. Take a look to find a good fit.

PS: What is your take on calls for tech companies to give access to encrypted messages…privacy or security concerns? Or both?