Half of organisations don’t know where their most sensitive data is stored or how it is secured. This poses a major cyber security and compliance risk.
We know that the digital age has created a vast amount of data. As technologies extend and develop, this data is increasingly exponentially. IoT devices and social networks as well as vast quantities of meta data are generating extraordinary quantities of data.
This creates a challenge for organisations. In amongst all the data you hold, where does the most sensitive and valuable data reside? Which data could make a material difference to the success of your organisation? Which is most attractive to cyber criminals? Which data would put operations at risk if it was compromised? And which data would result in the greatest fines and reputational damage if lost?
If you aren’t sure how to answer these questions, you are not alone. Gigamon has found that half of organisations don’t know where their most sensitive data is stored or how it is secured. This poses a major cyber security and compliance risk.
And the lack of data transparency doesn’t only cause problems around risk and compliance. It also adds extra bloat and cost to your IT systems and expenditure. In addition to occurring unnecessary IT storage cost, this unneeded data also obscures the most useful and valuable data your organisation holds, hindering your attempts to get value from that data.
Forbes magazine points out that “Part of the problem is dark data – unquantified, siloed and untagged datasets that are a side effect of sprawling systems and metadata. More than an IT nuisance, dark data prevents organisations from maximising the worth of their most valuable financial assets in today’s digital economy: their operationalised data.”
In order to start to assess the value of the data your business holds; it is a good idea to start with a data audit. This way, you can identify all the data held in your business and the data flows around (and in and out of) your business.
This type of data audit is a prerequisite for achieving ISO 27001 accreditation and meeting your compliance objectives. Once completed, it will help you to determine which data can be defensibly deleted (and therefore reduce risk and deliver cost savings), where additional cyber security protection is required and which data can be leveraged to deliver important business intelligence.
If you have concerns about how your organisation holds or processes sensitive information, you can reach out to the UK Information Commissioner’s Office (ICO). It undertakes a programme of consensual and compulsory audits across the public and private sector to assess their processing of personal information and to provide practical advice and recommendations to improve the way organisations deal with information rights issues.
There are different ways to measure the value of the data you hold. Plus, different data is valuable for different reasons.
For example:
• sensitive personal data about your customers or employees is valuable because the cost of it being compromised (in terms of non-compliance fines and reputational damage).
• information about IP your company holds is extremely valuable because it is the source of your competitive advantage and highly attractive to cyber criminals.
• operational data is valuable because if you were no longer able to access it, your day-to-day operations would be compromised or unable to continue (with a subsequent loss of revenue).
ComputerWorld suggests that one way to think about where your valuable data resides is to consider that, “your most valuable data is first about money and then the many things directly related to money. The value chain for data can be generalised into the degrees of separation between money and data. The closer to the money that data is, the higher the potential value.”
It suggests asking yourself what would happen if you lost (access to) that data. Will you…
• lose existing customers?
• lose money?
• lose anything else of significance to your business?
The other aspect of the Gigamon report was cyber security. Without knowing where your data resides, it is impossible to understand how it is being secured – or where the risks might be.
Once you have completed your data audit and assessed the relevance, importance and value of your data, you can make informed decisions about how that data should be secured.
A layered approach to security, which aligns with a modern “zero trust” approach to cyber security and is recommended for today’s cloud and hybrid architectures, allows you to add additional cyber security protections around your most sensitive and valuable data. This might include additional firewalls, access controls, monitoring and alerts, or other cyber security measures.
The important element is to understand which data resides where, how valuable and important it is to your organisation (and how attractive it might be to cyber criminals). This way, you can tailor your cyber security approach accordingly.
One way in which generative AI tools such as Microsoft Copilot and Azure OpenAI are already delivering value to organisations is in data and information retrieval.
The opportunity to use natural language prompts to search huge quantities of data is extremely attractive. It opens up reporting and knowledge to a much wider audience within your business. This type of solution is already being used to streamline research processes, simplify information retrieval, identify duplication and versioning errors, and to power chatbots.
However, there will be some preliminary data architecture work to be undertaken before generative AI tools can be used for organisation-wide information discovery and retrieval processes. Once this groundwork is completed, the potential to optimise your organisation’s storage of, access to and use of data will be truly transformative.
If you’d like any information about identifying, optimising or auditing data within your organisation, please reach out to our team.
We are also on hand to assist with measures to add additional layers of cyber-security protection around your most valuable or sensitive data.
If you’d like advice about any of these topics, please get in touch.
Call us: 0808 164 4142
Message us: https://www.grantmcgregor.co.uk/contact-us
Further reading
You can find additional information about data and cyber security topics on our blog:
• How long would it take your organisation to detect a data breach?
• Server 2012 is end of life: Act now!
• Do your backups include this important information?
• How secure are your network peripherals?
• What is a watering hole attack? And how can you protect against it?
• Is your organisation doing enough on supply chain security?
• How to minimise the risk from phishing
• AI’s new role in cyber security
• How to pick the right IT support company for your business