Why Cybersecurity is Not Enough

Executive Takeaways

  • Cybersecurity and data privacy practices must complement each other to mitigate modern cyber risks.
  • Social engineering is the most common form of cyberattack, with 98% of attacks involving an element of it.
  • Data Brokers collect and sell personal data, increasing the risks of social engineering attacks.
  • External Data Privacy (EDP) is essential to mitigating the risks created by employees’ external personally identifiable information (PII).
  • Best practices for mitigating modern attacks include regular and updated training, addressing cloud security issues, and implementing EDP.

The Importance of Data Privacy in Complementing Cybersecurity Measures

The importance of cybersecurity cannot be overstated. Without it, digital assets would be vulnerable to malicious actors. Unfortunately, cyberattacks continue to increase in frequency and cost despite investments in cybersecurity. In the US, cyberattacks have risen in eight of the past ten years, and the average data breach now costs a record high of $9.44 million, according to IBM Security [1].

So, cybersecurity is undoubtedly essential to a company’s digital security framework. However, it is not sufficient in itself, as previous data breach statistics demonstrate. Robust data privacy practices must complement cybersecurity to reduce and hopefully eliminate modern cyber risks.

We have reached a point where personal and business lives are no longer separable in terms of data sharing. This doesn’t mean that we accept Data Brokers harvesting and selling their information. Instead, companies it means that we take proactive measures to search for and remove the information that exposes us to attack.

EDP represents the missing component of companies’ cybersecurity infrastructure. It can proactively search for, remove, and monitor potentially compromising external PII from some of the largest producers of exposed data, including Data Brokers and People Search Sites.

How Data Brokers Fuel Social Engineering

The devices we use for information and convenience collect personal information on a daily basis. Data Brokers have built a $250+ billion industry by selling this information to third parties. Unsecured PII poses a risk not only to individuals but also to the enterprise. Executives, in particular, are attractive targets due to their access to sensitive information and company funds.

Data Brokers operate without regulation, and there are no laws governing what type of data they collect or how they handle it. Cybercriminals have breached several Data Brokers, and many others have been caught selling our data to malicious actors.

The carelessness of Data Brokers and People Search Sites in compiling personal information puts individuals and enterprises at risk of all kinds of attacks. Moreover, the highly specific data sold by People Search Sites makes it easier for criminals to launch personalized attacks that are more effective.

To combat this issue, Privacy Bee’s EDP solutions focus on scanning and submitting deletion requests to over 350 of the most prolific Data Brokers and People Search Sites and monitoring the web to ensure that the data remains deleted.

In addition to improved data security, implementing best practices for mitigating cyberattacks is essential. Here are three practices that all organizations would do well to prioritize.

  1. Training employees on best security practices
  2.  Locating and fixing cloud security issues
  3.  Implementing EDP

Let us discuss each in turn.

Properly Training Employees

Regular, high-quality cyber awareness training is a critical component in safeguarding digital assets. Therefore, any comprehensive cybersecurity framework should include a cyber awareness training (CAT) program. A few essential items to ensure are covered in any CAT are:

  • Educating employees on recognizing and avoiding malicious links and attachments in emails or other digital communication.
  • Ensuring that employees only use company-approved hardware, software, and accessories to reduce the risk of introducing malicious software or hardware into the system.
  • Encouraging employees to check the security levels of Wi-Fi networks and use a VPN when necessary for company business.
  • Emphasizing the importance of keeping hardware and software updated to prevent vulnerabilities.
  • Clearly outlining disciplinary actions for neglecting or violating company policies.

In addition to training, organizations may also consider running simulated phishing attacks to test employee knowledge and help them become better prepared for potential threats.

An enterprise may also incentivize employees to complete cybersecurity training and successfully avoid cyber threats.

Do you know your company’s Privacy Risk Score? Find out now!

Addressing Cloud Security Issues

Cloud computing is gaining popularity due to its cost-effectiveness, flexibility, and ease of scalability. It provides significant opportunities for individuals and organizations of all sizes who cannot afford the latest hardware and software in the industry.

However, the advantages of cloud computing come at a cost for businesses. As cloud computing services are remote, it is more challenging for organizations to identify and respond to potential threats. As a result, a multi-layered security platform is essential for effective cloud computing. Even then, the degree of security remains uncertain.

To address these issues, organizations can take the following steps:

  • Develop a comprehensive cloud security strategy that includes all aspects of the cloud environment, such as authentication and authorization controls, data privacy and protection measures, and patching.
  • Use specialized monitoring tools capable of identifying and responding to off-premises threats.
  • Implement multi-factor authentication (MFA).
  • Use the most robust data encryption available.
  • Ensure all software and systems are updated automatically with the latest patches.

Implementing External Data Privacy

External Data Privacy (EDP) is a critical aspect of any digital security strategy, as it involves removing external employee data that threat actors can use to manipulate employees into gaining access to enterprise assets.

The first step in EDP is to bring the problem of posting private data online to employees’ attention, as many people are unaware of the risks associated with sharing personal information, including their employers.

Companies should also consider investing in an EDP solution, and there are several companies that offer data privacy services. It is important to conduct thorough research and partner with a company that provides a comprehensive suite of privacy protection tools and personal services.

The EDP partner should do the heavy lifting of deleting employee data from public sources, which is crucial in reducing the attack surface that threat actors can exploit. Other important EDP services include 24/7 personal data monitoring, exposure alerts, and a risk assessment platform that provides a quantitative measure of exposure risk.

By removing external data from public sources, the attack surface is reduced, making it harder for threat actors to cross-reference data and build highly-personalized messages to persuade employees to share potentially compromising data.

Without public data, threat actors would have to rely on more hack-heavy means of gaining access, which they are less likely to do, as they prefer to take the path of least resistance.


[1] IBM Security. (2022). Cost of a data breach. Retrieved January 26, 2023, from Ibm.com website: https://www.ibm.com/reports/data-breach

Trusted by thousands of companies.

Instant access to the world's leading business privacy platform. Dive into your account: