Water Guns or High-powered Security Solutions – You Decide
A few weeks ago, we published a blog based on findings from several surveys, stating that executives are now shuffling their feet on moving data to the cloud. In fact, some are taking data out of the cloud and returning it to an on-premises environment.
Why the case of the jitters? Security, or lack thereof. According to a survey by Bitdefender, 34 percent of US companies have been breached, and 74 percent don’t understand how it happened. Maybe they should take applications back in house, if they can’t figure out how.
An article reporting on a survey by the Hartford Steam Boiler Inspection and Insurance Company (HSB), part of Munich Re, disclosed that 53 percent of US businesses experienced a cyberattack in 2017. But the problem is much more significant. According to research by SentinelOne, only 54 percent of respondents reported their data breach incidents to law enforcement.
And there’s more. IBM estimates businesses are attacked an average of 16,856 times a year. That’s 46 attacks that every business must deal with every day — nearly two attacks an hour. Though the majority of these attacks don’t actually get past a corporation’s defenses, an average of 1.7 per week are successful. When you add that up across all businesses, that’s a lot of successful cyberattacks.
If all that isn’t enough to scare executives, I don’t know what is. Now, the primary reason organizations are not prepared to defend themselves is because they don’t have a large enough security budget. A data breach can cost an organization up to $7.91 million. That should buy a lot of security products.
So, let’s talk about security. Prevention is a challenge, as the identification process does not typically take place in real time. So when a vulnerability is identified, it is usually too late to prevent the attack or breach. For example, when using OneDrive for Business in the SharePoint Online Office 365 environment, 17.4 percent of new content uploaded every month contains compromised data. Unless it is identified and undergoes appropriate disposition, the content retains the potential for data breaches, and the quantity of compromised data increases exponentially.
The issue is partly the security architecture and strategy. There can also be an issue surrounding the ability to identify potential, unknown sensitive information exposures from within unstructured content, which far exceeds an organization’s structured data. Content is the most vulnerable asset and is the least protected.
Sensitive information exists in documents, scanned and faxed items, emails, attachments, and in any unstructured or semi-structured content. Although some security applications provide the ability to recognize industry-standard descriptors, such as a social security or credit card numbers, not all address other sensitive and confidential information that an organization does not wish to share, such as financial records, new product specifications, and pre-published stockholder information. Don’t forget privacy data, which can exist anywhere.
The conceptClassifier platform provides a technology framework with the capability to generate, leverage, and manage metadata at an enterprise level, regardless of where the content exists. At its core is the ability to automatically generate semantic multi-term metadata, and auto-classify the content to a taxonomy, where it can be managed and used to improve a wide range of business processes.
conceptTaxonomyWorkflow provides an easy-to-use interface, designed for subject-matter experts, to automate the processing of unstructured and semi-structured content when defined parameters are met. Processing can include a variety of actions, such as changing the content type in SharePoint, moving the document to a designated repository or processing to the records management application, or creating a staff notification for disposition.
The Concept Searching approach is fully customizable and identifies unique or standard privacy descriptors. Content is automatically meta-tagged and classified to appropriate nodes in the taxonomy, based upon the presence, or absence, of the descriptors, phrases, or keywords from within the content.
Once tagged and classified, the content can be managed in accordance with regulatory or government guidelines. The identification of potential information security exposures includes the proactive identification and protection of unknown privacy exposures before they occur, as well as monitoring organizationally-defined vocabulary and descriptors in content in real time, as it is created or ingested.
The cloud is here to stay, and although data living in the cloud has caused more than enough anguish for some organizations, there are still quantifiable benefits that can be achieved in the cloud environment. It’s a matter of corporate awareness, including end-user training, due diligence on the part of the security team – which appears to be non-existent according to press and analysts – and perimeter security, as well as security at the content level.
Like it or not, you can live with cyberattacks – shooting them down with water guns or spending the money on high-powered security solutions that do protect your organization, and then you can move on to the next organizational challenge. It’s up to you. Organizations need to clearly understand these actors are criminals, and should make it difficult for them to succeed, not give in before putting up a fight. Please contact us to help with that.