{"id":3903,"date":"2023-11-26T03:16:14","date_gmt":"2023-11-26T03:16:14","guid":{"rendered":"https:\/\/www.propelex.com\/?p=3903"},"modified":"2023-11-26T03:16:14","modified_gmt":"2023-11-26T03:16:14","slug":"reducing-cisos-risk-with-data-broker-management","status":"publish","type":"post","link":"https:\/\/www.propelex.com\/reducing-cisos-risk-with-data-broker-management\/","title":{"rendered":"Reducing CISOs’ Risk with Data Broker Management"},"content":{"rendered":"
Reducing CISOs’ risk with data broker management. Explore strategies to enhance cybersecurity and safeguard sensitive information in the digital landscape. Every time you use a search engine, social media app or website, buy something online or even fill out a survey you\u2019re leaving behind a digital trail that can be picked up by data brokers. These are businesses that compile your personal information and sell it.<\/p>\n
CISOs need to understand how data brokers operate and how to protect themselves against them. Here are some ways they can do so.<\/p>\n
Data brokers are companies that collect and sell personal information, such as names, phone numbers, addresses, birth dates, credit card information and more. They are a lucrative industry that is growing rapidly as more and more people share their personal information online. These firms can use your information to build a profile of you and market products or services that may interest you.<\/p>\n
However, your personal information can also be sold to third parties who don\u2019t have your best interests in mind. These third parties can use your personal information to engage in identity theft or to commit other fraudulent activities. In addition, your personal information could be used by law enforcement or government agencies to monitor or investigate you.<\/p>\n
Ransomware attacks are becoming increasingly sophisticated. Cybercriminals are now able to extort not just for the ransom, but for the publishing of the stolen data. This double-extortion model is quickly raising the stakes for CISOs.<\/p>\n
CISOs are focusing their attention on eliminating the potential for business disruption, whether through better backup systems or redundant systems. They are looking at ways to minimize the impact of data loss and exposure by hardening perimeters, improving encryption, and ensuring business-critical applications are isolated from non-essential systems.<\/p>\n
In addition to the traditional costs associated with data loss, CISOs are concerned about the potential damage to their reputation when sensitive personal information is exposed or held hostage by cybercriminals. One healthcare CISO commented that they see the cost of ransomware as no different than the cost of a major power outage, as the company still incurs a direct cost for an outage that prevents production.<\/p>\n
While many CISOs see business disruption as the most significant risk to their organization, others are more focused on the potential for data loss and exposure. As a result, some are adopting new strategies to mitigate this risk by moving their focus from prevention and remediation to detection and response.<\/p>\n
With a number of new privacy laws, such as CCPA and Vermont data broker regulation, coming into force over the next few years, it is important for CISOs to act as a translator and guide their teams through the wild west of state-level regulations. A reactionary CISO will struggle to keep up, while a proactive leader will use a gold standard framework that is already being used by regulators to draft future standards (NIST CSF).<\/p>\n
Data brokers essentially aggregate your personal information into a profile and then sell it to third parties. That may include companies that use it to deliver targeted online advertising or email messages, as well as businesses that use it to tailor their product offerings or marketing messages. Even credit scoring agencies sometimes purchase data from brokers in order to determine your risk level and reflect that in your credit score.<\/p>\n
The problem is that you have little control over who gets your data and how it\u2019s used. And while some of the uses are benign, others can be dangerous and privacy violations occur. This is particularly true when third-party companies are given access to your personal information and use it in ways you may not approve of. For example, you might receive unwanted telemarketing calls or targeted online ads based on your purchasing behavior.<\/p>\n