The largest data breach in history, courtesy of Yahoo, compromised three billion accounts. Yahoo is also responsible for the second-largest breach, thought to have impacted 500 million users.
These soaring numbers make it easy to become desensitised, allowing us to forget that behind the figures are real people, with important, sensitive, often critical data, which is suddenly exposed and free for the taking. With each headline-hitting breach, it’s worth considering that there’s always key lessons to be learned.
For the likes of Yahoo and others such as Uber and Bupa that suffered significant breaches last year, we witnessed an interesting trend. Hackers were found to be breaching user accounts, not necessarily with a goal of infiltrating corporate applications and databases, but to gain access to highly sensitive data residing in email and other unstructured file stores.
Think about all the highly sensitive files that could be associated with just one breached account: tax or financial statements, personal healthcare data, even banking or credit card information.
Not surprisingly, this is the type of information that hackers are after today: sensitive data that is ripe for the picking. With analysts estimating that unstructured data (emails, PDFs and other files that exist outside application or database boundaries) comprises 80% of all enterprise data today, this is a significant challenge for companies.
Particularly for those who lack adequate visibility into their stored data. Not only do companies struggle to understand what data exists in these unstructured data stores but, because hackers often steal copies, it’s sometimes impossible to know what data was even taken. And even if you identify and stop an attack, the data is still in the hands of the bad guys.
What does this mean for companies in 2018? First, we can expect to see the trend continue with even more attacks targeting data stored in an unstructured format. To counter that, it is critical that enterprises recognise that identity governance is a key point for securing data stored both in corporate systems and in unstructured portals, emails and files shares.
Understanding who has access to what data and how they are using it is critical. With the right visibility into and control over unstructured data and who has access to it, enterprises can get ahead of the bad guys.
By extending their identity governance program to unstructured data, IT and security groups gain this much-needed visibility. This concept of protecting unstructured data is key because this is what hackers are targeting more often.
With this greater visibility, the prevention, detection and containment of a data breach becomes not only possible, but a reality allowing for faster and more accurate decision making, minimising the impact of the breach before it reaches hundreds, millions, and in some unfortunate cases, billions of users.