Unstructured data is the hackers’ new ‘black’
As modern working practices continue to develop and evolve, so technology and the way in which we consume it is also constantly advancing. Today, organisations are doing a good job of locking down the sensitive information contained in structured systems and data centres using a variety of pretty robust security solutions. This means it is getting harder for hackers to get to the data they want.
As a result, they are progressing their attack vectors and simply turning to the new weakest point: unstructured data. There has been a huge explosion in unstructured data (it currently counts for 80% of organisations’ data). It is, therefore, easy pickings where the hackers are concerned – it has become their new ‘black’.
What do we mean when we talk about unstructured data? It’s the emails, PDFs, exported excel spreadsheets and other documents used for collaboration and cross-company sharing. Users interact with this data constantly to simply get their jobs done. They create new files, attach documents to emails, and save information across networks and devices.
Plus, if you add to this the fact that there are new ways of delivering technology, especially as organisations expand into the cloud and it becomes more mainstream, you can start to appreciate just how difficult it is for organisations to effectively manage, store and share all this unstructured data securely.
Human error accounts for over a quarter of all data breaches
Put simply, data breaches keep happening at an unprecedented rate. They are also getting costlier every year. In addition to hackers, the threat from human error accounts for more than a quarter (27%) of all data breaches (according to the latest research from the Ponemon Institute 2018 Cost of a Data Breach Study).
Users act autonomously, are inherently unpredictable and often make mistakes. The accidental email send, i.e. emails that are sent to the wrong person, accounts for a large proportion of data breaches. This can be a result of mis-typing or auto-complete of an email address, a mistake when sending to a distribution list, or simply using the wrong attachment.
For example, last year, a UK City Council admitted to accidently attaching an internal spreadsheet to emails inviting adoptive parents to the council’s annual adoption summer party. This attachment contained personal details relating to 2,743 individuals, including adopted children.
By taking a user-centric approach to data security, organisations can build a safety net for users’ behaviour to prevent accidental, as well as malicious, data breaches. It comes as little surprise that most data breaches caused by human error happen when handling unstructured data. Therefore, it’s crucial to understand how users interact with and share unstructured data. Comprehensive data analytics can help security administrators establish a baseline of normal behaviours and therefore provide the ability to spot anomalies.
Putting the user at the heart of data security
This is why it is so important to put the user at the heart of data security. With our ever-changing systems, users are now the only constant across all information systems and technology. Therefore, it makes absolute sense that a comprehensive data security strategy needs to surround the user. This means providing them with simple and easy-to-use tools so that they can protect sensitive information.
Think about it: buying a house is an investment decision that is made with a 20-year horizon in mind. While buying a car, we typically accommodate lifestyle changes and plans for the next five years.
Why shouldn’t an organisation apply the same rigour when it comes to investing its often-scarce security budget? If the user is the only constant over the next few years, shouldn’t security and risk management investments be focused as close to the user as possible? This includes solutions that not only help an organisation discover and classify user-generated sensitive data.
It also prevents the accidental send of sensitive information and enables the secure sharing and collaboration of information for legitimate business purposes. Additionally, it provides organisations with detailed reports and analytics to understand the risk of sensitive data leakage by users.
Here at Egress we have a user-centric platform that at its very core cocoons the user with privacy and risk management tools. It enables them to securely share and store unstructured data. Additionally, we use machine learning to help detect threats and provide a wide-range of insights into behavioural patterns to identify anomalies across the organisation.
For example, if you take the mistyping of email addresses and accidental sends, our platform detects and alerts even on Cc and Bcc recipients that may not belong in a certain message. It also alerts on anomalous behaviour including email volume, attachment sizes, webmail addresses, etc, and automatically adjusts ‘sensitivity’ based on someone’s role.
A case in point
To bring this to life, here are some examples of what we have done for our customers:
The largest global healthcare provider and one of the UK ‘Big Four’ banks use our solutions to protect their client data enabling them to communicate and share sensitive data securely every day.
A police force in the UK uses our products to enable members of the public to submit video and photographic evidence of driving offences that they may have witnessed. This has directly resulted in fostering a safer driving environment that has the potential to save hundreds of lives.
A charity uses our email protection platform to securely communicate with victims of abusive relationships. It empowers them to seek help and safely extract themselves from life-threatening situations.
These are just a few examples out of hundreds of examples where we are empowering users to protect data while still getting their jobs done. I firmly believe that having a user-centric approach helps individuals avoid potential mistakes, such as the accidental send, and provides security administrators with insight into behavioural anomalies across the business. In other words, it protects both the user and the organisation from that dreaded data breach!
Egress Software Technologies is the leading provider of privacy and risk management services enabling organisations to meet and maintain stringent compliance requirements, mitigate the risk of a data breach, and confidently undertake digital transformation and business efficiency initiatives.
Offering Public Sector and Enterprise customers an all-encompassing user-centric platform approach to data security enables organisations to comprehensively manage risk by empowering users to secure data quickly and easily.
These award-winning integrated services include data discovery and classification, software to prevent emails being sent to the wrong person, email and file encryption, secure online collaboration, and audit and compliance reporting.
Certified by government, the Egress platform offers a seamless user experience, powerful real-time auditing and patented information rights management, all accessible using a single global identity.