Unmasking data security monsters this Halloween
It is very nearly Halloween and we are preparing ourselves to encounter a host of terrifying creatures and monsters, all who are patiently waiting to make their appearances this year. However, while those beings are terrifying in their own right, it's the monsters lurking in the shadows of the digital world that seem to strike more fear.
Malicious actors and menacing threats feel ever present in the news. As the adoption of cloud and on-demand computing services increases, malicious actors are waiting to make their move when enterprises lose control of their data security. Enterprises and their leaders are kept awake wondering where their data is, who has access to it, how it is being used and whether it’s safe. This piece will explore how to mitigate some of the most scary monsters that are haunting organizations the holiday season and beyond.
Data Lurking in the Shadows
Shadow data is, by definition, unseen and unpredictable, constantly lurking in the dark within organizations, no matter the industry. Simply being unmanaged and unknown, makes data (which is not actively managed or secured) feel extremely threatening as a result of its lack of visibility.
Despite shadow data not always being intentional, its existence poses a big problem for businesses. To ensure your organization and employees are protected, shadow data can be easily defeated with improved data visibility and classification. To detect and remove existing shadow data, it is important to conduct an organization-wide data inventory of your data to have a clear picture of where data is located and how it is functioning throughout the business.
The Phish Waiting to Hook Innocent Beings
The Phish and other creatures from the dark web are patiently waiting to hook yet another unsuspecting victim. The Phish is clever and convincing, constantly sending enticing messages impersonating friends, family, Fortune 500 banks and even colleagues asking to verify account numbers or take a fun quiz. Unfortunately, too many of us take the bait and fall for these sinister games. Phishing attacks are omnipresent and the majority of successful security breaches have a phishing component. Any avenue an attacker can use to trick a user into clicking a malicious link is a potential attack vector for phishing.
The best defense to stop phishing attacks in their tracks is the user. More than any monster, phishing attacks are targeted at the user and as such, a security conscious user will go a long way in preventing and ensuring these attacks are not successful. In addition, employee training on recognizing phishing attempts and implementing strong password policies, multi-factor authentication (MFA), and breach monitoring are also always recommended.
Mummified Data Lying Dormant Waiting to be Unleashed
Within the realm of data security, "mummified" data, also referred to as unused or dormant data is another serious concern. Mummified data has been dormant for so long it lies patiently, waiting to unleash a data breach as soon as it is discovered. More often than not, mummified data is not managed or secured by an organization, therefore making it very hard to regulate and keep a close eye on. Dormant data widens any organizations attack surface, making it an easy victim to potential data breaches, if malicious actors discover it.
In order to stay ahead of this lingering threat, organizations must establish robust data lifecycle management processes that restrict access to dormant data, securely archive data, and eventually ensure the data is securely disposed of. Especially when it is no longer useful or required to be kept.
While these data security monsters are undoubtedly scary, incorporating these strategies to mitigate risk and protect yourself and your organization will allow you to remain safe and secure and out of the hands of these spooky beings.
Image Credit: Wayne Williams
Claude Mandy is Chief Evangelist at Symmetry Systems.