Explosion of Data Breeds New Risks: Why Educating Your Employees Is More Important Than Ever
Data is exploding, and there’s no sign of a slowdown. Just how big is big data? Consider DOMO’s April 2014 Data Never Sleeps 2.0 infographic, which boiled data generation down to the minute. Here are just a few of the statistics about the amount of data that is generated every 60 seconds:
• 4,000,000 Google search queries
• 2,460,000 pieces of content shared on Facebook
• 72 hours’ worth of video uploaded to YouTube
• 277,000 tweets by Twitter users
• $83,000 of Amazon sales
• 204,000,000 email messages sent
These numbers are staggering, but what’s even more amazing is how quickly this data expansion has happened. According to a March 2013 study by SINTEF, 90 percent of the world’s data at that time had been created in the preceding two years. This may be hard to comprehend on the surface, but a slightly deeper dig into the statistics helps connect the dots. And it really boils down to users. An infographic by WhoIsHostingThis? traces the evolution of the modern Internet, which started in 1984 by connecting 1,000 hosts at corporate and university labs. It took until 2009—about 25 years—for the user count to hit 1 billion. Just four years later, that number had nearly tripled to 2.7 billion users, which was 47 percent of the world’s then population.
To make matters worse, data is nearly impossible to contain. Mobile devices and cloud sharing technologies put information and systems on the move. This portability and flexibility translate into incredible conveniences for communication and collaboration, but they also exponentially increase the risk of doing business.
Is it any wonder that enterprises and individuals have had difficulty getting their arms around data security?
Make Employees a Part of the Solution
While there are many data security solutions available and in deployment, there is no formula or product—technical or otherwise—that can take the threat level to zero. Relegating data security to a strictly IT responsibility not only unnecessarily increases pressure on these resources, it also ties enterprises to a higher level of risk. But there are measures that can change behaviors and take advantage of a significant stable of resources: employees. And the reality is that educated, cyber-savvy employees can add a lot to an enterprise’s security posture.
Aberdeen Group’s The Last Mile in IT Security: Changing User Behaviors has shown that it’s possible to quantify cyber security risk and estimate the potential risk reduction associated with ongoing employee education. As is indicated in the report:
"The question is whether users are acting as a fortress or whether they are unwittingly opening the gates and letting the enemy through"
Actions that are taken by individual end-users—the networks and devices we use, the files we send and receive, the apps we install and run, the links we click on, the emails we open—are behaviors that result in a high percentage of security infections. Aberdeen’s analysis quantifies the positive impact of investments in user awareness and training: by changing user behaviors, it reduces security-related risks by about 60 percent.
Study after study—like PwC’s Global State of Information Security Survey 2014 and IBM Security Services’ 2014 Cyber Security Intelligence Index—points to the value of security training and urges enterprises to invest in education as a means to reducing security threats. Are you heeding that call or turning a deaf ear to the opportunity to extend cyber security to each desktop, mobile device, and potential penetration point within your organization?
Every email, every click, and every download expands your electronic footprint. Each of these actions is more data for you to manage—and more data for potential attackers to mine. It can’t be disputed that users are on the front lines of the battle for cyber security. The question is whether they are acting as a fortress or whether they are unwittingly opening the gates and letting the enemy through.
New technologies brings new inroads and potential threats to an enterprise and its users. The way to protect yourself is to use all your available resources, both technical and personal. Implementing an effective, interactive awareness and training program that grows with your organization and addresses trends in cyber security is more important than ever before.