Page 63 - Cyber Defense eMagazine for September 2020
P. 63

business because in most instances, it is information that has been sold to competitors, or used to expose
            explicit information for political purposes or gain.

            A couple of examples of insider theft include the Sony hack where an employee in Human Resources
            had salary information on 30,000 Deloitte employees and publicized it; and the Morgan Stanley employee
            who stole account information from 350,000 of its wealth management clients and posted some of the
            information on the internet.  GlaxoSmithKline had IP, trade secrets and presentation data compromised
            in two ways; documents emailed from inside GSK to private email accounts, using USB and other storage
            devices and copied onto personal devices.  This particular incident also led to mounting legal fees and a
            $500m fine to the victim in all of this, GSK. These examples are just a blip on the map, but should serve
            as  reminders  that  businesses  must  know  that  sensitive  information  in  files  exists,  is  protected
            appropriately, and that only the right people can access them.  Not to mention the responsibility of the
            business to protect the information if it is subject to industry or privacy regulatory mandates.  Put simply,
            unauthorized access or loss of sensitive data can compromise competitive advantages, damage the
            brand, and expose the organization to significant regulatory penalties and even litigation.

            As  most  businesses  are  focusing  on  securing  structured  databases  and  identity  and  access
            management, they must also include unstructured data in their data security initiatives.  But before even
            thinking about moving forward, you need to assess your own situation and then you can move forward
            with a plan to first understand what sensitive unstructured data you have.  It’s not as hard as you may
            think.



            Where Do You Start? Know the Data.  Control the Data.


            Your current governance, risk and compliance (GRC) policies may be a little outdated.  Now is the time
            to take them out, dust them off, and update them to include sensitive unstructured data.  With privacy
            regulations rapidly changing, it is important to not learn privacy through impact and avoid being the victim
            of a violation.  It is difficult under the best of circumstances to respond to a DSR or incident from a
            structured database, but even more challenging with information that is unstructured.  Knowing where
            your sensitive unstructured data is and what it is will be a critical part of your GRC policy. Getting there
            is not as daunting as you might think and in just a few steps, you will be on your way to high visibility,
            control, protection and improved response time to incidents and DSRs.  Business unit by business unit,
            talk to the person in charge and ask:

               1.  What documents do you create or work with that contain sensitive information?

               2.  Where do these documents reside?

               3.  What applications do you use that contain sensitive data that you may download into reports or
                   other documents?

               4.  Do you upload documents into applications, file shares, content management systems or any
                   other external application or information system?

               5.  Is this data shared internally, and if so, how and with whom?





            Cyber Defense eMagazine – September 2020 Edition                                                                                                                                                                                                         63
            Copyright © 2020, Cyber Defense Magazine.  All rights reserved worldwide.
   58   59   60   61   62   63   64   65   66   67   68