In 2021, executives can no longer disregard data security. Cyberattacks have targeted organizations across sizes and sectors, from Fortune 5 companies to municipal governments. The criminals behind these attacks range from lone operators armed with pre-written scripts to nation-states wielding unlimited resources.
What is a data security framework, and why does it matter?
The threat of cybercrime has risen for the past twenty years. But today’s organizations face a unique set of threats. In covid’s wake, businesses and nonprofits alike have raced to digitize operations. Even cloud-skeptical executives have flocked to the cloud, and more professionals work remotely than ever before. Data security has never meant more to organizations or to the cybercriminals that prey on them.
In a world of heightened cyber-risk, vendors of financial management and ERP software need to prove that they can protect their customers. Whether true cloud or on-premises, today’s providers have looked to a variety of frameworks and cybersecurity standards: NIST CSF, COBIT 5, SOC 1 and 2, PCI DSS, CIS, ISO 27001, and more.
Why exactly should I care about a data breach?
For criminal hackers, reward almost always eclipses risk. Hackers have a drastically lower chance of getting caught than they do of making a windfall.
But hackers only account for one dimension of cyber-threat. Remote workflows expose businesses to danger from inside and out. Whether by clicking on a phishing email or accidentally publishing a dataset, an organization’s own employees can create catastrophic breaches.
And to call breaches or other security incidents catastrophic is no exaggeration. The Ponemon Institute pegged the average cost of a US data breach in 2020 at $8.64 million. A globally distributed enterprise can face much higher costs. Consider the case of Demant, a Danish hearing aid manufacturer that suffered a ransomware attack in 2019. Beyond $80-95 million in recovery and mitigation costs, the aftermath spread costs throughout the multi-national network: from Poland and France to Mexico, from the Asia-Pacific region to the company-wide ERP system.
Prowling for financial data, cybercriminals often specifically target ERP systems. In 2019, IT executives reported ERP-specific breaches at nearly two-thirds of customers to the market’s two biggest ERP vendors. Attackers have also struck providers themselves.
So which data security standard should I trust?
In one sense, every organization must determine the appropriate data security framework for their business. But not all frameworks are created equal, and few are configured for your business. Rather, most frameworks have been designed to benefit either specific industries or the creators of the frameworks themselves.
Cue ISO 27001. Unlike every other framework, ISO 27001 is not a stand-alone system. It is instead a ‘system’ made up of more than 21,580 standards developed by nearly 800 technical bodies. Bestowed by UKAS, the world’s leading accreditation body, the ISO 27001 framework governs members in over 160 countries. No organization can acquire the ISO 27001 certification without meeting the highest data security standards in both rigorous initial and consistent follow-up audits.
As part of the ISO 27001 family, Xledger is proud to make your data our priority. Our certification merely recognizes what we have always done: empower customers with the market’s most advanced cloud ERP. Trusted by globally trusted audit firms BDO and PwC, Xledger serves over 10,000 customers across more than 60 countries.