With high-profile data breaches making headlines on a regular basis, it’s no wonder that data security is top of mind for so many organizations. But what exactly is data security posture management (DSPM)? In this blog post, we’ll take a closer look at DSPM and how it can help your business keep its data safe and secure.

Email is a popular channel for hackers: phishing attacks and malware usually originate from email. In 2022, Verizon found that 82% of breaches involved the human element: phishing emails and ransomware delivered via email continue to plague organizations of all sizes. For an organization with 1–250 employees, roughly one in 323 emails will be malicious, according to Comparitech.

By one estimate, 60% of all corporate data is stored in the cloud. Businesses rely on cloud platforms like Slack, Google Drive, GitHub and Confluence to store data, share information, and run smoothly. Unfortunately, hosting all this information in one place provides an appealing target for hackers. Cloud programs are often vulnerable to data hacks, leaks, and insider threats.

Data loss prevention starts with data visibility. Without a clear idea of what data an organization has, where it lives, and how it’s used, data loss prevention (DLP) is essentially an exercise in futility. While the concept of data visibility may seem straightforward, in practice, it’s a challenge. The rise of remote work has led to a proliferation of devices and programs that prevent an IT team from getting a clear picture of where data lives.

Remote work is not going away. Depending on who you ask, experts believe 35% – 65% of the US workforce will continue to work remotely, permanently. Remote work was a trend that began well before the pandemic and will continue to be the preferred way to work for companies and employees alike. However, many companies were unprepared for the speed at which remote work became the preferred office structure. The pandemic forced businesses to adopt new tools and processes virtually overnight.

By design, Salesforce is an environment where customer PII and other sensitive information must be shared and stored. However, compliance regulations like PCI DSS, HIPAA, GDPR, CCPA, and others limit this storage and usage of customer data to only what’s justifiably required for an organization to carry out its duties. Even then, there are requirements for how this data should be stored – like whether it should be encrypted, for example.

On Thursday evening, around 6:25 PM, Uber announced that it was responding to a cybersecurity incident. While Uber hasn’t gone into details about what happened, the purported threat actor has openly corresponded with several security professionals, including Sam Curry at Yuga Labs, Corben Leo at Zellic.io and The New York Times. According to both Curry and Leo, multiple systems were impacted.