By Rodman Ramezanian
Global Cloud Threat Lead, Skyhigh Security


Data Protection must be an investment, not an expense.

"Data is the new oil" is an increasingly popular refrain and there’s no doubting data’s importance in keeping the world’s wheels in motion.

Organizations hold a wealth of personal data that spans the critical –health and welfare records, financial data, national security secrets - to the trivial -online shopping habits, ride-sharing trends, and holiday photos posted on social media. And this data is highly prized. In fact, over 80% of data breaches are instigated by financial motives, according to Verizon's "2022 Data Breach Investigations Report.”

In Australia, we’ve had two high-profile data breach “case studies” in the last 3 months that reinforced the importance of Data Protection. Most recently, one of our largest health insurance providers, Medibank Private, lost names, addresses, dates of birth, Medicare (Welfare ID) numbers, phone numbers and medical claims data – including diagnoses and procedures.

But arguably the most damaging example has been the Optus data breach. For the unaware, Optus is Australia’s second largest Telco provider, which has been dealing with a breach of ~10 million Australian citizens’ Personally Identifiable Information (PII).

In case we needed reminding, these incidents underscored that organizations cannot retrospectively “threat hunt” for data that’s already been leaked. There is no product or tool that can find your already-leaked data, turn back the hands of time, and put Humpty Dumpty back together again! That’s why data protection depends upon a proactive regime of data discovery, identification, classification, and protection to prevent breaches occurring in the first place.

Data breaches are also expensive! The average cost of a data breach globally was $4.35m USD according to IBM’s Cost of a Data Breach 2022 report.

Organizations cannot afford to view Data Protection as a one-off expense or a deferrable expense, especially considering the ever-increasing opportunities for leakage associated with surging cloud adoption. That same IBM report also found 45% of breaches in the past year were cloud-based. The fact 59% of organizations still haven’t adopted a Zero Trust architecture didn’t help.

Also worth noting, where remote work was a factor in a breach, the incident cost nearly $1m USD more than incidents where remote work wasn’t a factor.

The next time you read about another data breach and breathe a sigh of relief, consider how your own organization would weather a similar incident. Do you have a vigorous Data Protection regime across your corporate devices, your web channels, and your cloud workloads, platforms, and services to see, classify, control, and protect your organization’s “crown jewels” data?

For more information on how Skyhigh Security can help protect your organization’s most important and sensitive data, visit https://www.skyhighsecurity.com/en-us/solutions/identify-protect-sensitive-data.html.