A recent survey revealed that an astounding 74 percent of organizations experienced at least one data security incident with exposed business data in the past year. This is just one of the insights from Microsoft’s newly released Data Security Index: Trends, Insights, and Strategies to Secure Data report.
Data security is a fundamental aspect of effective cybersecurity programs. Notably, 89 percent of the security decision-makers surveyed consider their data security posture critical to their overall success in protecting their data. Safeguarding sensitive information—ranging from employee and customer data to intellectual property, financial projections, and operational records—against cyberthreats, data breaches, and insider risks is a top priority for these organizations.
Every chief information security officer (CISO) I’ve spoken with has shared challenging data security experiences and expressed a strong interest in exploring best practices and technological innovations to overcome these challenges. At Microsoft, we are committed to helping organizations navigate the complexities of data security and implement comprehensive strategies to strengthen their data security posture.
To facilitate this dialogue and learn from our customers and peers, we partnered with the independent research agency Hypothesis Group to conduct a multinational survey involving over 800 data security professionals. This collaborative effort resulted in the Data Security Index report, which provides valuable insights into current data security practices and trends. Additionally, it aims to identify practical opportunities for organizations to enhance their data security efforts.
In this blog post, I’ll delve into some of the key findings from the report, including:
The frequent occurrence of data security incidents.
How vulnerabilities arise from a diverse set of factors.
The impact of a fragmented solution landscape on an organization’s data security posture.
Data security incidents remain frequent
Data security incidents continue to occur frequently with an average of 59 incidents occurring in the past 12 months, 20 percent considered severe, resulting in potential annual costs of up to USD15 million.
While decision-makers are attempting to make the best use of the tools they currently employ, it’s not enough to mitigate the continued frequency of data security incidents.
I can’t go tell my board of directors “I secured the data; I just didn’t protect it” … the last thing we want to see is our bank failing to deliver on the front page of the Wall Street Journal. – Chief information security officer in the financial services industry
Vulnerabilities manifest in various dimensions due to a diverse set of factors
One of the main reasons data security incidents occur more frequently than desired is the increasing diversity and complexity of risks associated with data. These risks include various factors such as the causes of incidents, the need to protect different types of data, and the challenges posed by data processed and stored across multiple locations and workloads.
Among the causes of data security incidents, decision-makers feel the least prepared to prevent malware, ransomware attacks, and malicious insider incidents. When considering the types of sensitive data at risk, business data—such as intellectual property—is more vulnerable compared to operational and personal data. Furthermore, as cloud and AI become essential for organizations to drive digital transformation, security teams face the added complexity of protecting data across a wide range of locations and application types.
A fragmented solution landscape can weaken data security posture
How can organizations effectively navigate the complex landscape of data security risks? Different aspects of data security efforts often require distinct solutions. While adding more locks to a door enhances physical security, the opposite is true for cybersecurity tools. Organizations using more than 16 tools to secure data experience 2.8 times more data security incidents compared to those with fewer tools. Additionally, the severity of these incidents tends to be higher.
Each additional tool requires dedicated staff and processes, as each vendor provides a unique portal with different technological foundations. For example, in data classification, siloed solutions mean that data might be classified multiple times based on specific use cases, as each solution has its own classification service.
The proliferation of tools also increases the number of alerts, often resulting in duplicates and creating more noise in the system. According to the report, organizations using a larger number of tools receive more than double the volume of alerts compared to those with fewer tools, yet they can review only a smaller percentage of these alerts.
In the event of an incident, each tool's administrator must conduct separate investigations within their areas of expertise. They then collaborate to deduplicate alerts, correlate insights, and determine the nature of the incident. However, insights may be lost in translation due to the use of disparate systems, ultimately prolonging the investigation.
Decision-makers seem to understand the issue well, with 80 percent agreeing that a comprehensive data security platform with integrated solutions is superior to using multiple disjointed point solutions. However, despite this understanding, practical implementation remains fragmented, as organizations still use more than 10 different tools on average to manage data security.
Breaking this inertia to enhance data protection requires strong collaboration among security teams, with a focus on the overall data security posture of the organization rather than individual departmental security needs. It also necessitates better-integrated solutions to facilitate this collaborative approach.
Fortifying data security with integrated solutions
An integrated data security solution should empower security teams to seamlessly perform several critical tasks:
Automatic Discovery, Classification, and Protection: Utilize a unified, intelligent data classification service to automatically discover, classify, and protect sensitive data throughout its lifecycle. Detecting sensitive data such as intellectual property and trade secrets can be challenging. Traditional methods like pattern recognition, regular expressions, or function matching may fall short for content without specific string formats or keywords. By leveraging a single AI-powered classification service, data can be classified once and applied across multiple solutions, ensuring secure and compliant data use.
Contextual Risk Identification: Understand user and data usage contexts to identify risks around sensitive data, such as intellectual property theft and data leakage. Since data movement is driven by people, solutions are needed to parse both content and user signals to detect critical data security risks before they evolve into incidents.
Proactive Incident Prevention: Implement security and compliance controls within the cloud apps, services, and devices users interact with daily. Solutions that natively integrate with modern work environments can effectively educate, influence, and prevent users from causing accidental or intentional data security incidents.
Dynamic Security Controls: Tailor security and compliance controls based on a user's risk level dynamically. All aforementioned capabilities should integrate seamlessly, allowing organizations to establish adaptive security. For instance, security teams can dynamically apply strict data loss prevention policies on high-risk users, accelerating incident response and proactively mitigating emerging risks.
Enabling security teams to perform these critical tasks seamlessly is the primary focus of Microsoft Purview. These solutions leverage industry-leading, AI-powered data classification technology, a comprehensive data map, extensive audit logs and signals, and a unified management experience. As a result, the data security solutions integrate seamlessly, helping organizations protect their data with lower complexity and improved outcomes.