Big data supports the moves towards improved processes, but there is a need to be careful about protecting data. The USA has more work to do on cybersecurity; in 2017, US cyber crime incurred costs of USD 400 billion, and there are many recent examples of big data losses or breaches that have affected major organisations and economies.
It is necessary to work together because the actions of just one employee may lead to a large exposure. Data attacks are continuous and come from all angles; enemies are invisible and have a range of motivations, from money to intellectual property to terrorism.
Regardless of how much is invested in technical security, humans are the weakest link. Security needs to be part of the corporate culture, with every employee taking ownership for data security. This takes time to establish.
Three stages are required. Firstly, minimise the risk of exposure: identify and assess threats, probabilities and outcomes. Design systems appropriately and educate employees. Implement robust systems and enforce strong authentication practices. Segment data and control what devices can be used. Listen to what experts say.
Secondly, monitor the attackable surface: a hacker needs only one entry point. It is important to ensure security remains robust and current. Test, and do not allow new holes to form when upgrading or updating systems.
Thirdly, manage the damage: have a plan to rapidly detect any breach. Repair the problem, restore IT services, and communicate with regulators. It is important to inform and compensate all relevant stakeholders, in particular, customers. Time-sensitive reporting is required by regulation (i.e. GDPR) or law and non-observance could lead to class action. Failure to respond early will also erode consumer trust.