Data mapping and masking requirements
A new study of 3,765 publicly disclosed breach incidents shows they resulted in financial losses of more than $156 billion.
Published by the Digital Forensics Association, the report revealed that hacking was responsible for 48 percent of all security breaches making it the “loss leader.”
To address these security concerns, recommendations indicated in the report include data mapping to understand where all instances of sensitive data reside throughout an organization and the importance of technologies such as data masking to prevent unauthorized disclosure.
The leading causes of data breaches were examined over a six year period across thousands of reported incidents. As part of the findings, breach vectors were reviewed to determine the areas of highest risk in order to help organizations understand where to spend their limited security budgets.
Among the highest area of concern was the inability of organizations to pinpoint where the sensitive data within their organizations was residing. Without knowledge of where this information is located, the proper techniques for securing this data cannot be applied.
To monitor such sensitive data, technologies specifically designed to track and monitor must be utilized in order for data security to be realized.
A large percentage of attacks in these environments resulted from the lack of proper policies or technologies to mitigate attacks. As noted in the study, “Over 83 percent of companies use, real (live) customer or employee information in development and testing, and 51 percent of these companies admit they do not take appropriate steps to protect real data.”
Because development, testing, quality assurance and business analytics are typically outside of the production network and beyond an organization’s security perimeter, it is often overlooked. However, this makes sensitive data in these environments an easily achievable target for both insider and outsider attacks.
A simple solution to this challenge is the use of data masking to annonymize these repositories in the production environment before releasing outside the network.
“Technology managers, line-of-business owners, information security professionals and compliance officers need solutions to help them locate, identify, protect and manage the sensitive data in their organizations,” said Allan Thompson, EVP, Operations, Dataguise.