What do Barclay’s Bank, Target, Drupal, the Federal Reserve, Disney, and Apple all have in common?
Not exactly a brain teaser. I think we all know, it’s the insidious data breach. Cyber security, data breaches (either internal or external) should be a top priority in every CTO’s playbook. Surprisingly, they are not. There is probably not one organization that is immune. Although each of us could easily add to the above list, what’s the point? The point is that many organizations need to step up to the plate, sooner rather than later.
The cross-industry average for organizations that have a documented and approved information security strategy in place is 58.7% (IDC Energy Insights). Not too bad, right? Look at our list again. I would assume that most of them did have an information security plan. What went wrong? Obviously for each organization something did go wrong, some breaches may be anticipated and within your immediate control, others take you by surprise. One would not typically assume that a 17 year old from Russia could wreak havoc on Target and Neiman Marcus.
We only focus on security at the content asset level for unstructured and semi-structured content. I am wondering though, if as an organization, you routinely identify specific security risks, quantify them, and the probable impact at the ‘content’ level? Meaning, emails, scanned content, faxes, third party information, confidential business information, etc. How do you handle? Are they automatically removed from unauthorized access during a search and protected against portability?
Thanks for any insight.