One of the biggest challenges organizations face today in trying to secure their IT environments is a lack of data awareness. Despite all the recent high-profile hacker attacks against well-known enterprises, many companies simply don’t know where much of their critical business information exists at any given time.
If you think about the files lying around that contain personally identifiable information, such as your name, address, Social Security number and credit card number, and then multiply that by exponential values, that’s what the average organization handling customer information must protect.
But before they can even think about protecting the data, organizations must first identify it and determine where it resides. They need a way to discover where all these sensitive files are located, what type of information is stored within those files, who is accessing the information and how frequently they are accessing it.
In a recent interview with Small Business Digest, DataGravity CISO Andrew Hay discussed why the need for complete data awareness is becoming more important every day. Threats are continuing to expand. And as long as personal information has a tangible financial value associated with it, combined with the ease by which someone can acquire that information from a compromised company and then sell it, threats will keep evolving.
We’re not talking about attackers who are doing this from their parents’ basements. That’s not the typical profile of an attack against corporate systems. These are loosely organized, or even formally organized, criminal enterprises that are doing this as a business.
They are compromising hospitals, financial services firms and other companies and trying to get as much information as possible to sell on the underground market or dark web. Much of that information represents tangible financial gains, so these types of incidents will likely keep getting more organized and expanding considerably.
Organizations can better protect themselves and their data; the first thing they need to do is become data aware – understand where sensitive information is located so they can protect it. Lots of companies are throwing money into security products to protect their information assets, without even knowing for sure what it is they’re protecting and where these assets are.
Becoming more data aware and then deploying the appropriate security measures can be a challenge, especially for smaller companies focusing on their basic business operations rather than on data protection. But considering the risks of not effectively safeguarding sensitive information, all organizations need to become data aware on their way to becoming more data secure
Is your data at risk? Get a free security assessment.