Why Discovering Sensitive Data is More Important Than Ever
Data is the modern-day fuel that makes the world go round. Given the exponential rise in data velocity over the past few years, every industry, small or large, has realized the importance of collection, analysis and storage of data. According to Statista, the volume of data generated is projected to exceed 180 zettabytes by 2025, representing a ~3X jump from 20201. This unprecedented abundance of data across the value chain brings with it new complexities in terms of security and confidentiality, as large pools of scattered data become increasingly difficult to handle.
Highly regulated sectors such as banking, healthcare and insurance require unparalleled security of their highly sensitive information. As remote workforces become the new norm and the rush for everything-cloud intensifies, the frequency and complexity of cyber attacks is only expected to rise, making the discovery of sensitive data across multiple endpoints not only a fundamental requirement but a key challenge as well. In order to continue growing in this data-centric environment, enterprises need to identify and handle the sensitive data properly.
“Data is everywhere. It is a new form of wealth and power. Every company now is a data company.”
– Aurobinda Patra, Head of Cyber Security Products, SISA
What is sensitive data?
Sensitive data is any information that must be guarded from unauthorised access or unwarranted disclosure to maintain the security of an individual or organisation. These can include banking details, card data, private addresses and healthcare data, to name a few. Sensitive data exposure that often arises inadvertently from weak encryption, software flaws or manual errors paves way for cyber criminals to illegally access it, resulting in costly data breaches. According to Identity Theft Resource Center (ITRC) research, the total number of data breaches through September 30, 2021 has already exceeded the total number of events in 2020 by 17%, with 1,291 breaches in 2021 compared to 1,108 in 20202. These alarming statistics point to the need for protecting sensitive data which is further reinforced by various regional and global regulatory mandates.
Data Leaks: Cause and Prevention
According to an IBM study, the cost of a data breach has risen 10% in 2020-21 to $4.2M/breach and the cost per breached record is $2423. The most leaked forms of data are personal information, IP, biometric data, consumer behaviour data and protected health information (PHI). These sensitive data leakage costs include – compensating affected customers, setting up incident response efforts, investigating the breach, legal fees and regulatory penalties. These rising expenses are representative of the multiyear financial impact of breaches, increased regulation and the complex process of resolving cyber attacks.
Several factors can be attributed to the increase in data leaks, primary one being the addition of numerous end point devices across the organisation, resulting in sensitive data being dispersed out of control. Moreover, with the adoption of hyper-cloud environments, data is no longer just stored in devices; information can be deposited into S3 buckets, Azure Blob and, in multiple email servers. Data can also be stored in various unstructured and semi-structured formats; ranging from database and excel sheets to pdf files and even images. This widespread range of data makes it humanly impossible to discover, classify and control all the information scattered across the enterprise ecosystem. Besides, security lapses such as open ports and endpoints, weak server configurations, insider threats and over-privileged accounts have also contributed to the rise in breaches. Preventing data leaks has therefore become a monumental task and a board-level agenda.
SISA believes that a fundamental solution to preventing data breaches lies in the discovery and classification of all the data present in the organisation.
Data Discovery: Process and Benefits
“Organisations have been built with years of hard work. The trust is built with our customers, with our partners. Once the data breach happens, the image of the organisation will turn and slowly customers lose trust.”
– Venkata Ramana, Solution Head – Cyber Security Products, SISA
Sensitive data discovery is the process of enabling businesses to collect and evaluate data from various sources with the end objective of classifying and securing sensitive data. A single breach of data can tarnish years of mutual trust and loyalty between organisations and customers. Thus, data detection, classification and remediation are vital; not only to maintain customer trust but also to tackle the various legal and financial problems that data breaches bring.
Deploying an automated data discovery tool like SISA RADAR can help simplify this complexity and secure organisational data at the highest level. A data discovery solution works by identifying both structured and unstructured sensitive data across the corporate networks and on cloud infrastructures; enabling users to analyse, classify, track and report on file content. Organizations can also utilize the remediation feature to mask, truncate or delete the discovered data – thereby enabling faster compliance with regulatory standards. These features are most suitable for the banking and insurance industries that are expected to securely store highly sensitive data at all times.
There are two approaches to simplifying the discovery of sensitive data: proactive and reactive. In order to minimise breaches, organisations have to adopt the proactive approach and take pre-emptive actions before small problems snowball into bigger crises. Analyzing the current global situation of widely dispersed data and ever-increasing cyber attacks, the most prominent proactive approach an organisation can take is the adoption of a state-of-the-art data discovery tool like SISA RADAR.
Discovering data across channels, networks and platforms has become more important than ever to tackle breaches and comply with regulations. A good data discovery tool can help organizations optimize their data storage, improve their understanding of the associated risks and enable customization of data classification workflows. In addition, the use of effective sensitive data discovery systems and tools makes it easier for organizations to ensure complete data compliance and data protection.