Due to exponential data growth and organizational expansion, regardless of industry sector, the challenge of identifying, protecting and managing information assets has multiplied for IT security, legal, privacy and records management professionals. As many of the largest global networks have been penetrated, new regulations have been developed across the U.S. and internationally. However, continued high-profile attacks, such as SolarWinds and Accellion, prove all networks are vulnerable and underscore that organizations must have “reasonable security” protecting personal data (PII/PCI/PHI).
COVID-induced remote work continues to disrupt normal IT security operations, exposing unknown vulnerabilities that malicious actors prey upon and profit from. When facing a high-profile cyber incident of compromised PII impacting consumers around the world, organizations must act with expediency and precision to understand what personal information from customers, business partners and employees may have been exposed. Expediency is a significant challenge given widely-dispersed data sources lacking centralized controls and limited internal resources.