If your company’s data security plan still relies on guesswork and goodwill, it’s not alone. In fact, that was one of the eye-opening moments in our recent webinar, C-Level Fireside Chat on Protecting Data At-Rest vs. Data In Motion, which cuts straight to the heart of data protection challenges with a bit of grit and a lot of insight. 

iSecure’s CISO, Bob Adams, sat down with Votiro’s CPO, Eric Avigdor,  to discuss how security leaders should think about securing data at rest versus in motion. This chat didn’t shy away from blunt truths:

• Security budgets are tightening.
• Security teams are shrinking.
• Data you thought was safe is still slipping through the cracks.

But what’s causing the biggest headaches? It turns out that it’s not just hackers or bad actors—it’s the lack of resources to deal with them. This year, companies are stuck with budget cuts and a gaping cybersecurity labor shortage of over 225,000 jobs unfilled. No extra dollars, no extra people. It’s a reality forcing companies to think smarter, faster, and leaner. And the real take? Teams should automate everything they can so human errors don’t cost them tomorrow. 

In this webinar, the speakers tackle the gritty details of why automation is no longer a “nice-to-have” but the only way forward in data security.

The Big Four Threats

To set the stage, Avigdor identified the four biggest threats to data in today’s business world: malicious outsiders, insider risk, third-party vulnerabilities, and the overarching demands of compliance. These aren’t unfamiliar, but here’s what’s new: the risks are exploding as companies scramble to move data faster, share more freely, and work in more connected systems. “Every Monday, I wake up to another breach,” Avigdor pointed out. And it’s not that companies lack the tools; they’re just deploying outdated approaches to a new generation of data risk.

Take insider risk, for example. Employees handle sensitive files across Dropbox, email, and collaborative tools like Teams and Slack. And here’s the kicker—most of these data movements sidestep the security controls companies spent so much time and money installing. In fact, about one in three employees bypass security protocols to get work done faster, unintentionally exposing sensitive data. The irony? They do it because the tools designed to protect the data often slow them down.

Compliance is more like a tightrope walk than a simple checklist. From GDPR to CCPA to HIPAA, compliance rules mandate that companies protect data no matter where it’s stored, how it’s moved, or who has access to it. And these mandates are anything but forgiving if sensitive data slips through a crack. This is especially tricky for organizations relying on email to share files or lacking proper encryption protocols. “The policies are great on paper,” Adams explained, “but they’re only as good as the controls behind them.”

Unstructured Data: The Wild Card

If you thought sensitive data was confined to neatly organized databases, think again. Most of the sensitive information companies handle—up to 80%—is unstructured. We’re talking about documents, images, and files in everyday formats. Unstructured data moves through email attachments, gets stored in shared drives, and passes between employees daily, if not hourly. And it’s precisely this unpredictable, free-floating data that causes the most significant security blind spots.

Here’s where the real mess begins: structured data is managed mainly by automated systems and governed by predictable usage patterns. Unstructured data? It’s in the hands of humans. People download, share, and upload files wherever needed, often without a second thought for security protocols. “One moment, that document is safely stored in OneDrive, and the next, it’s been emailed, uploaded to Slack, or shared in a Dropbox link,” Avigdor explained. This untraceable movement of files leads to what he calls “data sprawl”—and it’s a security nightmare.

As Avigdor pointed out, you could have ten different tools monitoring your data, but it’s almost useless if they’re not integrated across platforms. Companies need centralized, automated solutions that can identify unstructured data and monitor its movements in real-time. Otherwise, as Adams put it, “all that security is just theater.”

Data in Motion, Data Detection, and Response

So, how do you secure data once it’s in motion? That’s where Votiro’s focus on Data Detection and Response (DDR) comes in. DDR doesn’t wait for sensitive data to slip through the cracks. It’s designed to prevent leaks in real-time by tracking data as it moves, whether it’s an email attachment, a shared document, or a file uploaded to a portal.

Think of DDR as a bouncer at every digital door. Traditional tools can flag or block risky actions, but DDR goes a step further by intercepting them, adjusting permissions, and applying protections as data moves from place to place. Unlike standard Data Loss Prevention (DLP) tools, which work on an “allow or block” basis, DDR applies fine-grained control. It can allow a file to be shared while masking sensitive details, like Social Security numbers or credit card info. The result? Data flows stay compliant without halting workflows.

Why Compliance Tools Are Failing and How to Fix It

Avigdor and Adams dove into the reality that existing compliance tools often fall short, particularly when it comes to human error. For example, imagine you’ve set up a DLP solution to monitor and block files containing sensitive information from being emailed. But what if an employee decides to circumvent the system by uploading it to a platform like Teams or Slack? Most DLP tools won’t catch it, and now your compliance controls are out the window.

The fix is automation that works in real-time and across all channels. By automating classification, detection, and response, companies can stay compliant without relying on users to follow complex rules. Avigdor even mentioned using masking for extra-sensitive data within commonly used platforms. Instead of blocking access, the data can be masked, letting users do their work while keeping private information under wraps.

Gen AI, the Next Big Risk (and Solution)

As generative AI tools become more integrated into workplaces, they present a new type of risk. Gen AI, when fed sensitive company data, could inadvertently share confidential information with unauthorized users. The biggest challenge here is the unpredictability of gen AI outputs, as Avigdor demonstrated with a recent example from a major North American bank. An employee simply asked the system about the CEO’s salary, and it freely handed over the information. Without the proper safeguards, AI systems can be a risky gatekeeper of sensitive data.

Votiro addresses this by scanning files for private information before they’re fed into AI, then masking sensitive details or blocking access based on user permissions. By implementing these protections at the AI entry point, companies can explore AI-powered efficiencies without risking data breaches.

How to Get Started: What Every CISO Should Ask

One of the most striking takeaways was that data protection doesn’t start with tools; it begins with questions. Too often, CISOs approach security with a checklist mindset. “I need a DLP. I need data classification.” But why? What’s the actual problem you’re trying to solve? As Avigdor advised, security leaders should start by understanding how their data moves and what their specific vulnerabilities are. This approach helps avoid costly, sprawling implementations that promise everything and solve nothing.

Adams and Avigdor encouraged companies to first gain visibility into their data flows. Only then can they decide where to focus and prioritize what Votiro calls the “80/20 rule”—securing the 20% of data representing 80% of a company’s most critical assets. The goal isn’t perfect security but strategic protection that delivers real ROI and keeps companies from overspending on sprawling, underperforming tools.

See the Webinar, Start Protecting Your Data

Cybersecurity is complicated, but it doesn’t have to be impossible. And in the current climate, tools that can automate, detect, and protect in real time aren’t just helpful—they’re essential.

This fireside chat was a wake-up call on how quickly data security can unravel. But here’s the good news: you don’t need a massive budget or an army of analysts to protect your data effectively. The first step is understanding where you’re most exposed and addressing those gaps with automated solutions that grow with your needs. If you missed the webinar, it’s worth watching. It’s an honest look into what’s happening in data security, minus the jargon.

You can watch the webinar via our Resources page or on our YouTube channel.