Managing Data Risk
Malicious generative AI tools raising concerns around data risk
1. What is Data Risk?
2. Managing Data Risk to adopt an approach towards Data Governance
3. Managing Digital Data Risks
4. Replace aging and disparate infrastructure with Forcepoint ONE
5. Forcepoint as your Security Access Service Edge (SASE) or Security Service Edge (SSE) solution
6. Forcepoint ONE SSE
7.
Forcepoint Single-Vendor SASE
The Sydney Morning Herald reports an emergence of generative AI tools being sold on the dark web with no ethical boundaries are being used for cyberattacks on Australian businesses. Cybersecurity experts warn as innovative cyberattacks are generated by the AI technology including sophisticated phishing attacks and malware variants. As these malicious generative AI tools for example FraudGPT, EvilGPT, DarkBard, WolfGBT, XXXGBT and WormGBT exacerbate the cybersecurity threat, Generative AI tools can also be used for defensive purposes to defend against cyber threats.
What is Data Risk?
According to Australian Prudential Regulation Authority (APRA) in the Prudential Practice Guide (PPG)
CPG 235 Managing Data Risk; Data risk refers to potential data loss resulting from internal problems, external factors, or people-related issues. These risks can be broadly categorised into two categories: internal and external and applies to both physical and digital data. Examples of data risk include fraud caused by data theft, disruptions in business operations due to data corruption or unavailability, delivery failures due to inaccurate data, and legal or compliance violations resulting from the unauthorised disclosure of sensitive data.
Internal Data Risks
These risks stem from inadequate or failed internal processes, people-related issues, and system vulnerabilities. For example, data theft leading to fraudulent activities within the organisation, data corruption or unavailability causing business disruptions, or inaccurate data impacting the execution of critical processes.
External Data Risks
These risks result from external events that affect data security. One significant example is the breach of legal or compliance obligations due to the unauthorized disclosure of sensitive data.
Data risk is not limited to the format of data; whether it's physical or digital, organisations must take measures to safeguard their data assets. According to APRA, ‘data is the new gold’ because of the immense benefits organisations can derive out of it. However, for data to be of any value, it must be:
- Free of dataquality issues;
- Protected with adequate controls;
- Owned by real people;
- And most importantly, data must be nurtured and governed like an asset.
Managing Data Risk to adopt an approach towards Data Governance
To effectively mitigate data risk, businesses must adopt a comprehensive approach to data governance. The APRA has provided valuable guidelines in Prudential Practice Guide CPG 235 Managing Data Risk. This guide serves as a vital resource for regulated entities to navigate the complexities of data risk management.
Here are some key aspects of managing data risk, as outlined in CPG 235:
- Managing Data Risk: Recognising that data is a valuable asset, organizations must implement data risk management practices to ensure that adequate controls are applied throughout the data's lifecycle.
- Implementation of Data Management Framework: Integrating data management practices into daily operations and establishing clear roles and responsibilities regarding data management.
- Generating Staff Awareness & Support:
Promoting awareness among non-data professionals to ensure adherence to data management
policies and standards.
- Managing Risks throughout Data Lifecycle:
Identifying and mitigating data risks at each stage of the data lifecycle, aided by data lineage diagrams.
- Implementation of Controls & Validations:
Ensuring transparency and security by creating metadata repositories and implementing access controls, especially when data is shared with third parties.
- Managing Data Quality: Establishing a framework to identify, resolve, and report data quality issues, thereby improving overall data quality.
- Data Risk Assurance: Seeking regular assurance that data quality is appropriate and data risk management is effective through systematic assessments.
By following these guidelines, organisations can better protect their data assets and reduce the potential for data loss and misuse.
Managing Digital Data Risks
Data risk is a critical concern for organisations in the digital age. Recognising the importance of data and taking proactive measures to manage data risk is essential for business success. By adhering to guidelines such as CPG 235, businesses can safeguard their data assets and operate in a more secure and compliant manner. In an era where data is often referred to as "the new gold," prudent data risk management is a key component of modern business governance.
Replace aging and disparate infrastructure with Forcepoint ONE
Forcepoint ONE enable users to securely work anywhere. According to Gartner, Forcepoint ONE is an all-in-one Security Service Edge (SSE) platform that is seamless to adopt Zero Trust, protect against threats, and prevent the theft or loss of sensitive data and intellectual property on the web as a Secure Web Gateway (SWG), in the Cloud Access Service Broker (CASB), and in internal private applications Zero Trust Network Access (ZTNA).
Forcepoint as your Security Access Service Edge (SASE) or Security Service Edge (SSE) solution
SSE is a cybersecurity concept introduced by Gartner in 2021. SSE represents the security component within the broader framework of
secure access service edge (SASE). According to Gartner, SSE encompasses a set of integrated security capabilities centered around cloud technologies. These capabilities include
Zero Trust Network Access (ZTNA),
Cloud Access Security Broker (CASB),
Firewall as-a-service (FWaaS), and
Secure Web Gateway (SWG). The primary objective of SSE is to ensure the secure access to all web, cloud services, and locally hosted applications.
Forcepoint ONE SSE
In 2021, Forcepoint purchased Deep Secure, which has designed its platform to help enterprises defend cyberattacks delivered via malware in addition to preventing data loss. The purchase was made following Forcepoint's acquisition of Cyberinc to add more remote browser isolation control. Forcepoint's strategic and key acquisitions enabled their transition of new products and their legacy products into something called "Forcepoint ONE".
Forcepoint ONE provides an all in one SSE platform that empowers users to securely access an organisation's applications, data, and resources while also enabling the monitoring of user behavior to detect any unusual patterns that could be indicative of malicious activity or cyberattacks.
It comprises of CASB, ZTNA and SWG provide security in the cloud, on the web and safeguard access to private apps through both agent-based and agentless deployment to ensure productivity while data stays safe on any device.
Forcepoint ONE Data Loss Prevention (DLP) to deliver industry-leading data security with DLP Software as a Service (SaaS). Configure security policies once and apply everywhere to prevent data exfiltration on the web, in the cloud and in private apps.
FlexEdge Secure SD-WAN to securely connect offices and remote sites and deliver the fastest internet speeds possible with maximum resiliency, all from a single vendor.
Forcepoint Insights to analyse your security posture in real-time with live telemetry from all your Forcepoint ONE security products. Get an executive summary of the economic value your data and threat protection activity is generating for the business.
Forcepoint Single-Vendor SASE
Konverge have been assisting Australian businesses for years in deploying infrastructure and security software solutions, and with the ability to provide 24/7 technical support to business with over 300 users. Konverge is a Forcepoint partner and is keen to assist your organisation achieve its data risk management objectives. For exmaple, inspection of data, data risk management, general information technology controls, data architecture, data governance and data metrics and data quality plans.
Contact us today on 1300 019 919 or sales@konverge.com.au for a obligation free discussion to understand how you can get visibility and control of your data within your existing IT infrastructure environment, from your end point devices to network infrastructure and applications, we are here to help.
