Another day, another breach – when will we learn?
Learn why a truly comprehensive data protection strategy focused on your organization’s most valuable and sensitive data is the only answer.
Last week, Marriott, one of the world’s largest hotel chains, disclosed a data breach that impacted more than 500 million users worldwide.
To put this in perspective, chances are you or someone you know had their information impacted. Though this is certainly one of the largest breaches of its kind, the message we can take from this remains the same as it is for any size of breach – organizations simply aren’t doing enough to protect their sensitive data.
It’s about the data, stupid
As James Carville coined about the budget during Bill Clinton’s presidential campaign, the point that is being overlooked with this latest breach (that has been going on for four years) is that enterprises continue to think about data protection incorrectly. A lot of attention continues to be paid to access, but the fundamental questions that must be asked are around data. For example – how was the data protected?
Actually, we should maybe take a step back further and ask, was the data even protected?
The analysis of this breach will likely continue for weeks, striking fear into the hearts of executives worldwide. At Titus, we hear these fears every day from potential customers. From our deep experience working with enterprises worldwide, we know that these fears really boil down to one thing – how can enterprises find and protect their most sensitive data?
While rules like the Global Data Protection Regulations (GDPR) are helpful to force organizations to look at how they’re protecting their data, clearly, they aren’t enough. A truly comprehensive data protection strategy focused on your organization’s most valuable and sensitive data is the only answer.
This latest breach validates a core principle for Titus, which is that data detection is essential for organizations of all sizes to properly valuate and protect their most critical information. Without that, it is simply not possible to have an adequate data protection strategy, making any organization vulnerable to a significant data breach.