AS CYBER FELONS START TREATING DATA AS A VALUABLE ASSET, ORGANIZATIONS NEED TO ADOPT DATA SECURITY MEASURES TO PROTECT THEMSELVES FROM MALICIOUS OUTSIDERS
In a world where the hybrid working environment is now dominant, data breaches are nothing unheard of. More and more companies are falling victim to such attacks, ruining their brand’s reputation and experiencing massive money losses.
Regular users do often encrypt their device data with a VPN service. But when the whole organization is at risk, more advanced solutions should be implemented, such as data anonymization.
We invited Oscar Villanueva, the CEO and Co-Founder of Nymiz, a company that provides data anonymization services. Villanueva agreed to share his views on cybersecurity and discussed the best ways to protect your most valuable asset – data.
You can find the full Cybernews interview to Oscar Villanueva here or visiting cybernews.com.
HOW DID THE IDEA OF NYMIZ COME ABOUT? HOW HAS ITS TRAJECTORY BEEN?
The starting point was a piece of software in C++ that can write legal sentences for the justice department in Spain. From there, we built the whole AI model to turn it into a SaaS product based on natural language processing.
We launched the company in February 2020, then came the COVID-19 virus and the lock-in. We built the team and developed the software completely remotely to launch the first MVP in January 2021. It was really hard to launch the company under such difficult circumstances, but at the same time, COVID-19 forced companies to work remotely and go digital faster than they expected. So cybersecurity software tools became more relevant to them and this fact helps us to improve and go faster and be more resilient.
CAN YOU TELL US WHAT YOU DO, AND WHAT METHODS YOU USE TO PROTECT PERSONAL DATA?
Essentially, at nymiz.com, we help the healthcare, insurance, law and banking industries with a SaaS solution that can redact documents, mask databases thanks to AI with Natural Language Processing, protect personal data of customers, workers and patients in case of data breaches, while complying with data privacy laws and enabling one-click data analysis. Nymiz’s main goal is to protect the information and data that customers entrust to companies, so we help companies, but in the end, we help protect people’s privacy.
We use not only anonymization, but also pseudonymization and replication techniques, such as blacklining or masking, tokenization with classification technique that is consistent and substitution with synthetic data generation.
IN YOUR OPINION, WHAT DATA PRIVACY ISSUES SHOULD MOST PEOPLE BE CONCERNED ABOUT?
- Prevent data breaches – your business model would not be at risk and your customers’ data would never be exposed.
- Comply with privacy laws – GDPR and others.
- Allow sharing documentation with a third party or do analytics and big data on that.
Today, the awareness of companies and citizens is focused on data breaches and not letting hackers access personal and sensitive information. But almost all companies focus on databases or structured data, but do not act on unstructured data or office documents, emails, images, pdfs or scanned documents, which represent 70-80% of companies’ information, so there is still a lot to protect.
HOW DO YOU THINK THE RECENT GLOBAL EVENTS ALTERED THE WAYS IN WHICH THREAT ACTORS OPERATE?
I think privacy is getting more relevant these days within the cybersecurity space due to continuous hacking attacks. Because of that, companies and customers want to ensure their data and protect their privacy as much as they can in order to preserve their reputation and businesses. So we’re going to observe an exponential growth of this in the future. To summarize, without exposing sensitive data, there is no chance for hackers, there will be no data breach scandals, no files from the privacy agencies, etc. That’s why tools such as Nymiz become more relevant in the space.
KEEPING UP WITH DATA PROTECTION REQUIREMENTS CAN SOMETIMES BE COMPLICATED. WHAT DETAILS DO YOU THINK ARE OFTEN OVERLOOKED BY ORGANIZATIONS?
From my point of view, human error, misunderstandings, and access to confidential and personal data has to be restricted correctly. Email used as a repository without being protected, mobile corporative apps and frameworks, remote working, and so on leave open doors for hackers or data breaches
WHAT ARE SOME OF THE BEST PRACTICES THAT ORGANIZATIONS SHOULD ADOPT TO PROTECT THEIR WORKFORCE AND CUSTOMER DATA?
Large companies, states, and public administrations invest huge amounts of money into cybersecurity which is relevant to avoid hacking, data breaches, and data stolen but is a defensive way to avoid intrusion (from outside to inside). I think the most interesting approach is a whole approach – not only from outside to inside techniques but also using data discovery and mapping tools, anonymization, and masking tools as well.
IN YOUR OPINION, WHAT TYPES OF CYBER THREATS ARE GOING TO BECOME A PROMINENT PROBLEM IN THE NEAR FUTURE?
From my perspective we’re going to continue suffering cyberattacks:
- Malware
- Ransomware
- Phishing
- Data Breach
WHAT SECURITY TOOLS OR PRACTICES DO YOU THINK EVERYONE SHOULD ADOPT TO PROTECT THEMSELVES ONLINE?
For me, the best practices and tools to ensure data are:
- Security tools
- Vulnerability scanning tools
- Data discovery and data mapping tools: knowing where your data is, and for sure, your most sensitive and personal data
- Personal and sensitive data has to be correctly stored
- Access to sensitive and personal data must be restricted for authorized personnel only
- Compliance tools to ensure data privacy
- Then, anonymization tools are necessary to ensure protection and compliance by design avoiding human error and enabling data analytics
SHARE WITH US, WHAT’S NEXT FOR NYMIZ?
Nymiz expectations are high this year. We have to grow not only in revenues and achieving the goals but gaining traction with large accounts, launching in Europe and the USA, growing the team, attracting talented people, fundraising after the summer season, improving the performance of the tool, and adding very interesting and cool functionalities to the product. And for sure, helping companies and citizens protect their core value, their personal, and sensitive data.
