Think Like a Cybercriminal
I have been really digging into data discovery and classification – one of our technology partners, Netwrix, has integrated our classification technologies into their Netwrix Auditor product, a visibility platform for user behavior analysis and risk mitigation. I will throw some topics out there, even if your organization is still not at the point of evaluating or purchasing security software.
In today’s environments, enterprise boundaries have blurred, and data flows have become more complex. The traditional classification questions that need to be answered and documented are:
- What data do you have?
- Why do you have it?
- Where does it exist?
- Who does it belong to?
General Data Protection Regulation (GDPR) has now upped the game, so you now may need to also track the data.
Our classification technology is contained within the conceptClassifier platform. In a nutshell, it generates multi-term metadata from any repository, regardless of where it resides. The data can be structured, unstructured or semi-structured. Keeping it simple, it classifies the metadata against one or more taxonomies.
Honestly this isn’t a product pitch, it’s a key component in data discovery. Since the platform is not restricted to finding only highly structured data patterns, it can address privacy-centered discovery, such as personal information or sensitive data, which may consist of word strings, phrases, topic, and subjects.
The problem with most classification solutions is they can’t find or protect what we call content in context, meaning what is in the content. Without visibility into your data flows, you cannot determine what is at risk of theft or misuse.
Data that has the most value can be monetized. The average price of a personal record, with that nitty-gritty information, goes for a mere $355 on the black market. The rule of thumb is to think like a cybercriminal. You know your data better than anyone. Just ask yourself if your data, such as a credit card numbers along with personal information, could be sold by a nefarious actor. My bet would be Yes.
Think outside the box – think like a cybercriminal.