Breaches Often Stem from Unknown Data? Wow!

While doing some work on Operation Anaconda, I have been spending some time analyzing some of the various known metrics and statistics around the insider threat. One of the findings that I found absolutely amazing is this one from the Verizon report, that 66% of the 500 breaches studied in the report revolved around data that the organization DID NOT EVEN KNOW THEY HAD or DID NOT KNOW WHERE IT WAS in their own IT environment!

That’s ~330 breaches where the victim did not even know either that they had the data in question or did not realize where in the network that data was supposed to be.

This, to me, is alarming. How on Earth can an organization secure what they do not know about? How can a security team possibly be tasked with securing what they don’t know they have? The fact is, they can’t. Thus, the first condition would be for the security teams in these organizations to KNOW WHAT DATA THE ORGANIZATION HAS AND WHERE IT LIVES.

If you are still trying to create security based on perimeters, architectures or anything else that is not data-centric, then this should serve as a wake up call. You must identify all of the data that is in your organization that is at risk. You must know what it is, how it is created/stored/processed/used/destroyed and YOU MUST BUILD SECURITY AROUND IT.

Let me say that again to be clear. You must focus on identifying the data and then on defining security around it!

Please, use this statistic to change your security focus from architecture and IT environment protection to protecting the data. To focus on anything other than securing the data is to fail. Attackers will find the weakest point and when they do, they will attack the confidentiality, integrity and/or availability of the DATA.

As security folks, it is easy to get caught up in the day to day. It is easy to spend way too much time focused on management goals, content filtering, “playing net cop” and all of the other stuff that goes on. BUT, it is critical that we retain the daily focus on knowing what our organization has that needs protected and on where and how we have to protect it. Focus on that and all will be well, fail at it and you’ll eventually be one of the 66% referenced above.

This entry was posted in General InfoSec by Brent Huston. Bookmark the permalink.

About Brent Huston

I am the CEO of MicroSolved, Inc. and a security evangelist. I have spent the last 20+ years working to make the Internet safer for everyone on a global scale. I believe the Internet has the capability to contribute to the next great leap for mankind, and I want to help make that happen!

Leave a Reply