“We have met the enemy…and he is us?!?”
I’m young, but I do know my history. When writing this blog, I racked my brain for an appropriate headline. I found myself first paraphrasing a famous quote by American Navy Commander Oliver Hazard Perry, who defeated a British naval squadron on Lake Erie during the War of 1812 and proclaimed “We have met the enemy and they are ours.”
More recently in the 1970’s (just a scant decade before I was born) cartoonist Walt Kelly, who wrote the long-running comic strip Pogo, drew a cartoon to mark the first celebration of Earth Day when his protagonist and another denizen of the swamp looked out on a sea of pollution in the bayou and Pogo remarked “We have met the enemy…and he is us.” This sentiment is equally true when it comes to protecting data.
Unfortunately most people think its outsiders who IT professionals and SysAdmins need to be especially vigilant of. That’s because we constantly see headlines and hear stories on hackers and breakdowns in cyber security. One of the most recent headlines unveiled private records of more than 4 million government workers were hacked. Yikes…not even those working behind the firewalls of the U.S. Government are immune to such incidents.
The one thing most of the big headlines have in common is that essentially most of these stories are about someone outside a company or organization accessing sensitive data within a business or organization. Often, those breaking through firewalls and penetrating the business are looking for customer data or records they can monetize – stolen credit card or debit card #s, social security numbers, etc. Sometimes those who breach data may even hold the company data hostage, demanding ransom to free up the data (Paula Long, our CEO and co-founder touched upon the complexity of data protection for those managing IT, including ransomware, in a recent blog post). The stories seemingly go on and on without interruption as organizations like Anthem Healthcare, Target, Sony and a host of other major businesses continue to fall prey to those hackers who worm there way in.
Perhaps the most serious threat to data protection is one that is often ignored until it is too late: the threat those inside the organization can present. The hard truth is that most of the time it is company insiders who are responsible for causing compliance and security breaches. The Ponemon Institute estimates more than 78% of data breaches occur from either employee negligence or maliciousness. Another study by the same organization estimates71% ofemployees believe there is data in their storage that they shouldn’t have access to. That’s quite an admission. With those big numbers, it should come as no surprise that looking inside your organization is a vitally important step that you must take in order to protect your data.
Why do so many overlook what people are doing inside the walls of their organization? Why do IT Professionals and SysAdmins ignore the fact that sensitive information is often easily accessed by those inside an organization (both purposefully or accidentally) and taken or used by those who shouldn’t have access to sensitive information?
Those are some pretty big questions and the answers could be unpleasant. Perhaps it’s human nature to implicitly trust that those on your “team” will do the right thing. Perhaps you find it hard to believe your people could make a mistake with high-value data…that they could leave a USB loaded with company data in an airport lounge while rushing to catch a connecting flight or that a colleague grabbed a zip file and loaded it on their laptop without understanding it contains a listing of personal credit card numbers that’s used by your finance and accounting team for reimbursements. It may be harder still to believe that someone could be loading up one of their own devices with customer lists or intellectual property after being informed their position was being eliminated due to downsizing. Whatever the case, people make mistakes and some even do unseemly things with data.
What we here at DataGravity want to do is help you recognize the “enemy that is us” before a data disturbance can really be harmful to your business, your bottom line and your reputation. So before you spend more resources and time strengthening your exterior from attacks, think about what dangers lurk inside your business or organization. Ask yourself the following questions:
- Am I more at risk of data loss from a cyber attack or from an employee taking data?
- Is my organization at risk from non-tech savvy users misplacing data?
- How can I reduce the risk without increasing my investment in time (and money) to actively monitor who has access to our data?
If you don’t know the answer to these basic questions, perhaps you don’t know who the real enemy is to begin with. For more information, download our latest eBook titled Wanted: Guardians of the Data.4 Likes