The damage following a hack or data loss can be devastating; loss of revenue, customers fleeing to rivals, executives falling on their swords, large fines from regulators and at the very least reputational damage that destroys credibility.
Data loss events are as predictable as the sunrise though. For instance, this year over 30,000 organizations across the United States, including local governments, government agencies, and businesses, were compromised with masses of sensitive data scooped up by what were believed to be state sponsored attackers.
In January of this year, highly sensitive personal data of over 220 million Brazilians was discovered for sale online. This data also included company information and was believed to be the result of insider attacks. In another high profile case, hackers posted a database of over 533 million Facebook users’ personal information online for free in a hacking forum, including phone numbers.
You can go into the dark web at any point in time and find huge amounts of stolen data. There are the obvious things like credit card numbers, email addresses and passwords, and in vast quantities. But you’ll also find passport numbers, ID cards, bank account numbers, loyalty card details and a lot more. It’s like a kiddie’s sweet shop for ID thieves, there’s so much available where do they start?
Organizations are in a difficult position, even by deploying the best cyber defences, they can still be one step behind the cyber villains, and several steps away from understanding in which documents sensitive data resides. Dathena’s own analysis of 228,000 documents revealed that a substantial 28% (approximately 65,000 documents) contained publicly available sensitive data, that is, data that could have damaging consequences if leaked.
This is why we always encourage clients to encrypt sensitive data. Of course, most do when it comes to payment card numbers, but beyond this there are still troves of valuable documents that need safeguarding. We help organizations understand where their sensitive data is. We then categorise the data that needs safeguarding in the following classifications: names, credit card numbers, BAN/IBAN numbers, passport numbers and ID card numbers, and more. You also have special categories defined in the GDPR such as religion, sexual orientation and so on which can also have lasting impacts for those whose data is leaked.
This is where Dathena can also help. Our multi-patented AI engine works as a personal data detection tool that identifies your sensitive documents, classifies them according to their level of sensitivity and encrypts the files where they can be found. It’s an important tool in stopping hackers exposing your data. Even if your employees are rigorous in practising good cyber security hygiene, experienced attackers can slip under the radar.
Recently, cybercriminals have launched a phishing-as-service operation, offering would-be buyers the opportunity to steal log-in details for Microsoft OneDrive, LinkedIn, Adobe, Alibaba, American Express, Dropbox, Google Docs and more. This is the level of sophistication and organization used by cybercriminals, and as such identifying and securing documents with sensitive data needs to be as important as firewalls, intrusion detection systems and antimalware.
To read more of data security and governance stories, choose from similar blog posts below.