Latest news with #datasecurity
Forbes
4 days ago
- Business
- Forbes
Securing The Database: The Hidden Side Of Risk Management
Jakub Lamik is the CEO of Redgate Software. Data is one of the most valuable assets for any organization, and the risk of that data being tampered with, stolen or deleted is a fundamental fear. Over the past decade, we've seen an increase in high-profile cases where data loss has caused organizations significant financial or reputational damage. The regulatory environment is also becoming progressively more stringent about how to handle data securely, with the emergence of legislation like HIPAA and the California Consumer Privacy Act in the U.S. as well as GDPR and the Digital Operational Resilience Act in the EU. Organizations that get this wrong face significant penalties. With the rise of AI, both the volume of data and the value of that data for training bespoke AI models will only increase. Organizations will become even more protective of their data, and the way data is captured and stored will become even more regulated. Although cybersecurity is a considerable concern, the importance of securing the database is easily overlooked. While no data is ever completely secure, organizations can take plenty of actions to reduce the risk profile their database presents. Building a deep understanding of the specifics of your database estate to personalize your risk management approach is crucial. The truth is that most data compromises happen due to human factors rather than hackers gaining unauthorized access to data using sophisticated technical exploits. Sometimes, this involves social engineering techniques that encourage people to compromise their own systems, but the root cause is often simple human error or a failure to implement best practices within increasingly complex and fragmented database estates. Verizon's 2025 Data Breach Investigations Report found that roughly 60% of breaches involve human elements. Vulnerability within the supply chain can also increase risk, with 30% of breaches from Verizon's report involving compromise via a third party or supplier. In 2013, a Target data breach, which exposed personal data from over 70 million customers, was alleged to have started after attackers stole network credentials from a third-party HVAC vendor. Our State of the Database Landscape research, involving 2,500 respondents from across the database industry, surfaced key drivers behind the increasing complexity of database estates. The rising use of multiple database platforms—because organizations need the best platform for handling different types of data or after integrating different technology stacks through mergers and acquisitions—is one factor. Another is the increasing fragmentation of data estates across a blend of cloud and on-premises hosting solutions. Roughly one-third of organizations exist in what IDC calls the "messy middle," with some workloads operating in the cloud while others remain on-premises. This complexity only increases the challenge of keeping data secure. Security is simple to manage when you have one server. However, with multiple databases split across different platforms (some hosted locally and some in the cloud) in an environment where different users (including third parties) need to access the data, security practices become more difficult. Organizations increasingly need processes and tools that keep their data secure regardless of where it's hosted. Security is often top of mind for production data, but best practices are less commonly implemented when managing test data—even though this data creates risk. Test data management challenges include the risk of data breaches when using real data featuring sensitive information in less secure test environments, limited insight into locations where test data contains sensitive information, less rigorous oversight of test data deletion and an unclear picture of who has access to test data within the organization. As well as exposing the organization to external threats and breaches that human error causes, poor test data practices also risk noncompliance with regulatory requirements. Suboptimal test data practices can trigger unintended business consequences; organizations that only infrequently provision fresh test data for their development teams experience more data issues in production compared with those that regularly provision fresh test data. Limiting sensitive test data to specific users, masking or deidentifying the data or replacing it with synthetic data are all increasingly popular options for managing test data securely. Deep knowledge of your unique situation and your organization's needs can guide informed, security-conscious decision making. If you know that one of your organization's databases is populated with synthetic data for internal use only, you can take a less stringent security stance compared with your highly access-controlled production database. Because social engineering and human error are such significant threat vectors, equipping your teams with robust processes and skills to effectively manage database risks can also support a strong security posture. Ensuring your teams have the technical knowledge to implement secure systems and processes while building their understanding of human security factors and the business consequences when something goes wrong is paramount. It's much easier to grant permissions initially than to remember you need to revoke them when someone leaves or changes roles. Having processes in place to keep permissions updated following people changes within your organization is important, especially if your permissions landscape is fragmented across multiple platforms and locations. Ransomware can attack database objects, either encrypting or exfiltrating the data. Practices that help secure your databases against ransomware attacks include storing backups in another location and testing your ability to restore them, using admin accounts with multifactor authentication to log into database servers and ensuring all systems are patched. Finally, you can equip your teams with third-party database management tools that support secure database practices, such as automating backups and recovery, strengthening encryption or alerting your teams about unusual activity. Look for tools that support your organization's specific security priorities. Strong database management practices that guard against human error are a fundamental but often overlooked aspect of cybersecurity. By equipping your teams with the necessary skills and tools and ensuring that the database sits at the heart of your security posture, you can robustly defend your organization's most valuable asset. Forbes Technology Council is an invitation-only community for world-class CIOs, CTOs and technology executives. Do I qualify?
CNA
4 days ago
- Business
- CNA
UBS reports data leak after cyber attack on provider, client data unaffected
ZURICH :Swiss bank UBS on Wednesday said it had suffered a data leak due to a cyber attack against one of its providers, but that no client data was affected. Swiss newspaper Le Temps said that files containing details of tens of thousands of UBS employees had been stolen from business service company Chain IQ. "A cyber-attack at an external supplier has led to information about UBS and several other companies being stolen. No client data has been affected," UBS said. "As soon as UBS became aware of the incident, it took swift and decisive action to avoid any impact on its operations." Chain IQ said it and 19 other companies had been the target of a cyber-attack resulting in a data leak that was published online on the darknet. Steps and countermeasures were promptly taken and the situation is contained, it said in a statement. Chain IQ also said it could not provide any information on potential ransom demands or interactions with the attackers for security and investigative reasons.
Khaleej Times
4 days ago
- Business
- Khaleej Times
A new era of data protection: How Forcepoint is redefining cybersecurity in the AI Age
In an age where data has become the new currency, most organisations are struggling to make sense of the very asset that fuels their digital transformation. Where is it stored? Who's accessing it? Is it regulated? Should it even be accessible at all? These aren't just questions anymore, they're business-critical dilemmas. And the stakes are only getting higher as the adoption of AI and cloud ecosystems explodes across the Middle East. In this rapidly evolving landscape, Forcepoint Data Security Cloud emerges as a game-changer. This all-in-one, AI-powered platform is designed to radically simplify and supercharge the way enterprises safeguard their most valuable digital asset: data. 'At Forcepoint, we've recognised a critical truth — organisations don't just need more tools. They need smarter, unified solutions that evolve as risk evolves,' says Samer Diya, Vice-President, META, Forcepoint. 'That's why we created Forcepoint Data Security Cloud, an intelligent platform that unifies visibility and control across endpoints, cloud environments, and hybrid workforces.' Cutting Through the Chaos The biggest challenge facing enterprises today isn't just cyberthreats, it's the overwhelming sprawl of data. Businesses have generated enormous volumes of it, yet most struggle to understand where it resides, whether it's sensitive, or how it's being used. Forcepoint's new platform brings clarity to this chaos. By combining AI-powered Data Security Posture Management (DSPM), real-time Data Detection and Response (DDR), and seamless integration with SaaS, web, and email gateways, the platform enables continuous, automated protection wherever data is created, moved, or stored. 'At the core of everything is our AI Mesh technology, a network of finely tuned small language models that dynamically classify data, evaluate risk, and recommend real-time actions,' explains Diya. 'This is what sets us apart, we're making security proactive, not reactive.' Context Is Key While many organisations still rely on outdated, rule-based security systems, Forcepoint is paving the way for adaptive, AI-driven protection that aligns with the reality of modern work — remote access, BYOD, cloud apps, and the rise of GenAI tools. 'AI Mesh acts as the nervous system of our platform,' Diya notes. 'It assesses the full context of every interaction: who the user is, what device they're on, what app they're using, and whether their actions are normal or suspicious. This allows us to adapt security controls in real-time, delivering smarter and stronger protection.' This evolution is essential as static models simply can't keep up with today's fast-paced, data-rich environments. Navigating the GenAI Wave in the GCC With governments across the GCC pouring investment into AI and its economic impact expected to hit $35 billion annually, enterprises in the region are under mounting pressure to strike a balance between innovation and security. 'GenAI brings incredible value, but it also introduces unprecedented risks like data leakage, non-compliance, and unauthorised data sharing,' says Diya. 'Our goal is to make data protection simpler and more compliant from the start.' That's where Forcepoint's library of over 1,700 pre-built templates and explainable AI models comes in, helping security teams customize protections while demonstrating transparent decision-making to auditors and regulators. Unified Security for a Unified Workforce As businesses shift toward hybrid work and cloud-first operations, Forcepoint's all-in-one platform provides a single source of truth, eliminating the inefficiencies of siloed security tools. 'Today's digital-first enterprises need consistent protection across all channels — endpoints, email, web, cloud,' Diya emphasises. 'With Forcepoint, a single set of intelligent policies safeguards data in-use, in-motion, and at rest.' This not only simplifies security management but also reduces operational overhead and the cost of maintaining multiple point solutions. AI: The Ultimate Double-Edged Sword Looking ahead to 2025 and beyond, Diya predicts the cyber threat landscape will be increasingly shaped by AI, both as a weapon and as a shield. 'AI can be used to impersonate users, exfiltrate data, or manipulate systems. But it can also be our greatest ally in identifying and mitigating those same threats — faster and more accurately than ever before,' he explains. Forcepoint is betting on the latter. By leveraging AI not just to detect risks, but to make sense of them and act decisively, the company aims to empower enterprises to stay one step ahead always. Why One Platform is Better Than Many Perhaps the biggest pain point for modern security teams is alert fatigue, drowning in fragmented data from countless tools, each solving a sliver of the problem. 'Each new tool adds noise, complexity, and cost. Instead of reacting to symptoms, we help businesses focus on root causes,' says Diya. 'With our single platform approach, enterprises gain comprehensive, consistent, and cost-effective control over their data.' The Bottom Line Forcepoint's message to enterprises is clear: security doesn't have to be complex to be effective. In a world where data is everywhere, Forcepoint Data Security Cloud offers the simplicity, intelligence, and adaptability organizations need to thrive securely in the AI era. As Diya concludes, 'We're not just protecting data, we're enabling innovation. Our mission is Data Security Everywhere, and with AI at the core, we're helping businesses get there — faster, safer, and smarter.'
RNZ News
4 days ago
- RNZ News
Security steps to take before throwing out your old laptop?
Electronic waste is one of the fastest-growing waste streams in the world - but it's also proving to be a boon for cyber-criminals. Data breaches can happen if old laptops or smartphones haven't been properly wiped before disposal - things like photos, emails, passwords, emails and tracking services may still be able to be accessed. In 2022 an estimated 62 million tonnes of e-waste was produced, according to the World Health Organisation - 98-thousand is thought to be produced by New Zealand. So what should people - and businesses in particular - be doing before they dispose of their technology? And what's the right way to get rid of e-waste? Kathryn is joined by Wayne Angus, Country Manager for Greenbox, which specialises in hardware recycling and data security. To embed this content on your own webpage, cut and paste the following: See terms of use.
Yahoo
5 days ago
- Business
- Yahoo
Braviant Holdings Secures SOC 2 Certification to Strengthen Focus on Next Generation Lending
CHICAGO, June 17, 2025 /PRNewswire/ -- Braviant Holdings, a leading provider of tech-enabled credit products and services for underbanked consumers, announced it has successfully achieved SOC 2 Type I Certification to reinforce the company's commitment to enhanced data protection standards for underbanked consumers. This milestone reflects Braviant's dedication to maintaining the highest standards of data security, availability, and confidentiality while advancing its mission to empower non-prime consumers with better credit solutions through next-generation lending. The SOC 2 Type 1 certification validates that Braviant's security controls and processes meet rigorous industry standards as verified by an independent third-party auditor at a specific point in time. This certification covers the company's systems responsible for processing, storing, and transmitting sensitive customer data, ensuring robust protection of personal and financial information. "For consumers who are working to rebuild or establish credit, trust is paramount. Receiving this SOC 2 certification is a critical milestone that reflects our deep commitment to protecting our customers' data and maintaining their trust," said Bob Sides, CTO of Braviant Holdings. "Our customers entrust us with their most sensitive financial information, and we take that responsibility seriously." Empowering Consumers with Secure Financial Innovation Braviant combines breakthrough technology and customer-centric experiences to empower consumers with better online credit solutions. The company's proprietary decision models look beyond traditional credit scores to assess a person's true ability and willingness to repay, creating opportunities for underbanked consumers who might otherwise be excluded from traditional financial services. The SOC 2 certification ensures that sensitive financial data used in Braviant's advanced analytics and machine learning models is protected at every stage of the lending process. With this milestone, Braviant can continue to develop innovative credit solutions while maintaining consumer confidence in today's digital financial services landscape. Benefits for Consumers The SOC 2 certification provides multiple benefits for Braviant's customers: Enhanced Data Protection: Consumers can be confident that their personal and financial information is safeguarded by industry-leading security controls and processes. Increased Transparency: The independent audit process provides objective verification of Braviant's security practices, offering consumers greater transparency into how their data is protected. Continued Innovation: With robust security foundations in place, Braviant can continue developing cutting-edge financial products and services that help consumers achieve better financial outcomes. Regulatory Confidence: The certification demonstrates compliance with stringent security standards, supporting Braviant's ability to serve consumers across multiple markets. Commitment to Ongoing Excellence Achieving SOC 2 certification represents just one element of Braviant's comprehensive approach to data security and consumer protection. The company maintains additional security measures, including regular security assessments, employee training programs, and continuous monitoring of its systems and processes. "This certification reflects our company-wide commitment to operational excellence," said Kim Anderson, CEO of Braviant Holdings. "Every member of our team understands that protecting customer data is fundamental to our mission of helping consumers achieve financial success." ABOUT BRAVIANT: Founded in 2014, Braviant delivers tech-enabled consumer credit solutions, empowering consumers to take control of their personal finances. Braviant's proprietary decision models look well beyond traditional credit scores to more accurately assess a person's true ability and willingness to repay. Braviant's easy-to-use, customer-centric financial solutions help thousands of US consumers solve immediate financial challenges while graduating to lower rates and gaining improved access to credit. For more information about Braviant, please visit View original content to download multimedia: SOURCE Braviant Holdings Error in retrieving data Sign in to access your portfolio Error in retrieving data Error in retrieving data Error in retrieving data Error in retrieving data
