Governments and firms must understand that breaches are always possible, regardless of their employed technologies. Since a breach is possible—if not inevitable—organizations must be prepared to ask key questions such as:
- What would someone have access to if this cache is breached?
- What costs are associated with such a breach? and, most importantly,
- What can I do to mitigate that risk?
With these answers, the organization can make a preemptive strike. With a little work and the right help, organizations can locate important information and mitigate risk. Since hackers will always find a way in, knowing what you have—and where it is—is of paramount importance.
Since the recent Equifax breach which compromised millions of Americans’ personally identifiable information (PII), these questions are at the forefront of regulators’, customers’, and managers’ minds. So what do we know about the breach? First, we know that it occurred due to temporary human error. A web application server, Apache Struts, was not updated to its newest, most secure version on time. Whether a breakdown of communications, a lack of resources, or mere oversight caused this error, it resulted in one of the largest breaches in American history. Human error is inevitable, but it should never come at quite this high a cost.
Lessons LearnedBreaches of this magnitude send a message: organizations need to think strategically about their security and corporate resource management. To do this, they must expand the scope and depth of organizational information management to improve efficiency and mitigate risk. When a breach occurs, it shouldn’t take months to respond.
Accurate knowledge of personal data—and where it resides—enables organizations to prioritize prevention measures and incentivize the right behavior from managers and employees. Without granular knowledge of your organization’s entire data footprint, however, it’s difficult to make these decisions. With high-profile breaches cropping up on newsfeeds with alarming regularity, the days when you didn’t know what you didn’t know must come to an end. Lack of knowledge leaves too many organizations and their customers at risk. From bad press, to huge fines and customer loss, it’s not worth it to be ignorant.
Embrace the Unknown
Take a dive deep into your organizational ‘unknown-unknowns’ and learn what’s lurking in your dark (unstructured) data. The first step is to find a program which enables you to locate, categorize, and act upon data held across your entire enterprise. Having a scalable (both technically and operationally) way to manage data is integral to minimizing operational risks. Personal information stored in corporate repositories should be identified, isolated, and controlled to minimize risk in the event of a breach and to make complying with regulations such as GDPR (General Data Protection Regulation) more efficient.