Companies are constantly at risk of exposing confidential data, and the consequences can be devastating. From employee health records and banking information to proprietary code and corporate secrets, it seems like there’s no limit to the sensitive material that can be inadvertently made public.
According to cybersecurity vendor ESET, 56% of decommissioned routers sold on the secondary market last month contained sensitive corporate material. This included router-to-router authentication keys, IPsec and VPN credentials and/or hashed passwords, credentials for connections to third-party networks, and connection details for some specific applications.
But it’s not just decommissioned hardware that poses a risk. Cloud-based vulnerabilities resulting from misconfigurations also put data at risk. For instance, confidential data like credentials and corporate secrets are often stored in GitHub and other software repositories. Attackers can use tools like MFASweep and Evilginx to search for multifactor authentication or bypasses for valid credentials, effectively finding access vulnerabilities to a variety of systems and applications.
Having both a hardware and software asset inventory is crucial for preventing these kinds of breaches. The hardware inventory should include all devices on the network for maintenance and compliance reasons, while a software asset inventory can protect cloud environments. Unstructured data is also an often-ignored source of risk. This includes data from nonrelational databases, data lakes, email, call logs, Web logs, and audio and video communications.
Sensitive data might not stay hidden, either. Oren Koren, co-founder and chief privacy officer of Tel Aviv-based Veriti.ai, says that service accounts are an often-ignored source of data that attackers can exploit, especially when databases on retired servers are left exposed. Even orphaned virtual machines (VMs) in popular cloud environments are often not decommissioned, leaving opportunities for attackers to create persistence within the cloud environment.
Recognizing the potential for vulnerabilities when sharing data can help remediate risks. Access intelligence is a group of policies that allows specific individuals to access data that exists within a platform, allowing for granular control over data permissions. Policies like these bolster third-party risk management (TPRM) by limiting access to data that partners don’t need and may otherwise unintentionally expose.
Documents like NIST’s Special Publication 800-80 Guidelines for Media Sanitation and the Enterprise Data Management (EDM) Council’s security frameworks can help companies define controls for identifying and remediating vulnerabilities related to decommissioning hardware and protecting data. By actively managing confidential data, companies can better protect themselves from exposure and the consequences that follow.