Threats can come from both inside and outside of the organization.
A new survey reveals a major disconnect between C-suite executives and their IT teams when it comes to dark data visibility and security.
Exonar, a data discovery software provider, polled 500 IT pros in the United Kingdom. The survey focused on dark data. That’s information that organizations collect, process and store during regular business activities, but generally fail to use for other purposes.
Among the findings:
- Eight out of 10 C-suite executives believe their organization can identify the dark data it holds. However, less than half of data managers agree.
- Two-thirds say dark data poses a high risk to their organization. Despite this, only one in three businesses are taking active steps to gain visibility of their data.
- One in three business owners believe their organization is just as focused on securing their data as on cybersecurity. Just 8% of IT managers agree.
Disconnect Blocks Proper Security
James McCarthy, Exonar‘s CMO, said this disconnect is dangerous.
“When teams tasked with information security and protection aren’t on the same page about what the risks in unstructured data are, [you can’t take] the right action to protect the company’s most valuable assets,” he said. “Despite headline-grabbing data breaches and hacks hitting the news nearly every week, many organizations are still struggling to build greater resilience against the risks posed by cyberattacks. Every IT team I speak to knows the challenges they face. They don’t know what data they’ve got or how to find it.”
If businesses don’t address this issue, the data becomes a liability and a potential risk to organizations, McCarthy said.
A typical business’ unstructured information contains 42% confidential information, 1% sensitive personal information and 9% personally identifiable information.
“The major risk of dark data is the security threats it poses,” McCarthy said. “Dark or unstructured data is the point of weakness in any organization, leaving the business vulnerable and exposed.”
If you don’t see it, you can’t secure it, he noted.
Meantime, threats can come from both inside and outside of the organization.
“Internal threats come from staff simply trying to get their jobs done fast,” McCarthy said. “They need to handle sensitive customer information. But it can very quickly end up in spreadsheets [that people] email around and save on local drives without any document password protection or encryption. External threat actors will find the weak spot in the network and, once inside, will spend time observing what happens, how data flows and where unprotected dark data is being stored.”
The disconnect between C-suite executives and IT teams poses many questions, he said.
“If the C-suite aren’t aware of the issues, how can they support their IT teams in solving them?” McCarthy said. “If the C-suite overestimate the current capabilities of their team, does this make them less aware of their organization’s vulnerabilities? A top-down strategy is vital for managing security risks, and ensuring that teams have the tools they need to drive the business forward.”
MSSPs Can Help
MSSPs and other cybersecurity providers offer an important service in helping to secure the systems that hold data, McCarthy said.
“Indeed, much of the conversation in information security teams focuses on the technology behind cybersecurity. ‘What technology [do we] need, where does it sit in the stack, and how do we reinforce it? And how do we keep our perimeters and clouds safe?’” he said. “But with the conversation so focused on how we keep the technology plumbed, patched and upgraded, it’s all too easy to lose focus on the importance of data itself.”
It is vitally important not to overlook the importance of data in cybersecurity, McCarthy said. You can’t secure what you can’t see, which makes data discovery a vital link for CISOs looking to secure their network, he said.
“Organizations that don’t index and understand their dark or unstructured data are potentially missing 92% of the data they need to protect,” McCarthy said. “This means businesses must move toward a more preemptive approach, discovering and securing information on the inside of the estate, so that even if someone does break into the network, they’ll have a much harder job unlocking what they find.”
“Confusion between teams over their ability to find and analyze dark data is understandable because so few organizations truly know what data they’ve got and where it is stored,” said Danny Reeves, Exonar’s CEO. “We hope that by identifying this disparity we can help organizations to address it.”