Dark data, a term used to describe the information that companies unknowingly gather and store, is becoming a growing concern in the world of cybersecurity. While most companies focus on collecting and analyzing data that is essential to day-to-day business interactions, dark data often sits in the background, unnoticed and unaccounted for. Little do these companies know, this data is a goldmine for cybercriminals.
According to a report by Splunk, more than half of companies’ data repositories consist of dark data. This data is not integral to daily business operations and thus goes unnoticed by most companies. However, it holds great value for cybercriminals who can exploit it for various malicious purposes.
So, what exactly constitutes dark data? Gartner, a leading research and advisory company, compares dark data to dark matter in physics. It goes beyond traditional sensitive data elements and includes personal information from customers or past employees. It can also include nontraditional data such as systems backups, log files, configuration files, sensitive internal procedures, email backups or “spools,” scanned document repositories, and human resources information. All of these sources of dark data are potential targets for attackers to sell or use for their malicious activities.
While there are regulatory bodies such as the Health Insurance Portability and Accountability Act (HIPAA) and the General Data Protection Regulation (GDPR) that aim to protect sensitive information, many companies continue to store dark data long after they are required to do so. This poses a significant risk as this data remains vulnerable to breaches, putting both the company and its customers at risk.
To address this issue, companies need to prioritize the protection of dark data. The first step is to increase visibility by building a data inventory to map out all the information they have. This allows companies to understand the extent of their dark data and assess the potential risks involved. Threat modeling can then be performed to identify security needs, locate vulnerabilities, and prioritize solutions.
Another crucial step is to think like the adversary. By leveraging offensive testing techniques, such as ethical hacking and professional security testing, companies can identify and address vulnerabilities in their defenses. This proactive approach helps them stay one step ahead of cybercriminals.
Once companies have a comprehensive view of their data footprint and threat model, they can apply or reinforce security controls in target areas. This can include implementing endpoint detection and response measures, logging and monitoring systems, content interception and inspection for web traffic, and regular patching of vulnerabilities. These measures should be seen as part of a continuous improvement cycle, where data discovery is an ongoing process.
Furthermore, companies should also consider shrinking the battlespace by deleting sensitive personal data that is no longer necessary. By minimizing the data collected and implementing code-level controls to support data retention periods, the proliferation of sensitive data throughout the environment can be limited.
It is important for organizations to avoid becoming infatuated with technology solutions like data loss prevention (DLP) tools. While these tools can help prevent accidents, they should not be considered a catch-all for data security. Rather, organizations need to focus on achieving a balance between people, processes, and technology. This can be achieved by reinforcing carefully chosen tools with well-documented processes, workflows, and runbooks, and ensuring that they are managed and led by knowledgeable professionals.
The consequences of neglecting dark data can be severe. In the past, several large organizations have faced significant financial and reputational damage as a result of dark data breaches. Data that was initially considered secondary to their business models suddenly became costly in terms of brand trust and legal fees.
Dark data should be a consideration for every organization, regardless of its industry or size. It should be accounted for, protected, and regularly purged to keep cybercriminals at bay. Just because data is not actively used or visible does not mean it is not dangerous. Dark data may be elusive, but it can also be the most costly asset if not properly protected. Companies must prioritize its security to prevent significant repercussions down the line.