Costs of Unprotected Data Assets are high – Why all organizations must be ready with a taxonomy of sensitive data?

Take a look at some of the recent headlines:

“Data Protection Concerns Upend M&A Plans”

“California Passes Sweeping Data-Privacy Bill”

“Marketers Push Agencies to Shoulder More Liability for Data Breaches …”

“Apple CEO Condemns ‘Data-Industrial Complex’”

Truth be told, these headlines are just a fraction of what is happening out in the real world. Data are everywhere (and growing by the minute). All manners of devices have become smarter, or in other words have started producing data.

Networks have multiplied, devices have multiplied, systems have increased. With all this happening, it is important for any organization to build a cohesive, well understood catalog of all information assets.

Data Ninjas recommend a new mantra to live by and that is “you can only protect what you know you have!”. This is an often overlooked by most organizations. This issue is more pervasive in bigger organizations but often is ignored by smaller organizations. While smaller organizations are not exposed to compliance risk, they are exposed to general data privacy and protection risk.

Now let’s look at some of the costs of lack of adequate data protections:

  • McAfee and the Center for Strategic and International Studies (CSIS) estimated the likely annual cost to the global economy from cybercrime is $445 billion a year, with a range of between $375 billion and $575 billion.
  • In 2018 the IRTC tracked 1,027 breaches through early November. The number of records exposed totaled 57.7 million. The business category continues to be the most affected sector, with 475 breaches, or 46 percent of all breaches detected.
  • The average cost of data breach globally was $3.86 million in 2018, up 6.4 percent from $3.62 million in 2017, according to a study from IBM and the Ponemon Institute.

Even if you ignore some of the statistics, the amount of disruption caused by a casual breach to your business would be crippling. Most smaller organizations have threadbare staff on hand for day to day operation so a breach event would be truly catastrophic.

So how can you stop these events from happening in your domain? By being proactive about it. At Data Ninjas, we believe in being prepared (and you don’t have to build all your protections all at once) from the ground up.

Here is a quick plan on how to execute on a data protection/privacy project iteratively:

  1. Conduct interviews with data custodians and stakeholders to document data collected across the enterprise
  2. Classify data elements in inventory
  3. Map flow of PII or sensitive data across systems
  4. Deploy data loss preventions tools to perform automated discovery and monitoring of sensitive data
  5. Deploy data governance tools to improve processes and build a mature data using organization.