Is Your Data Overly Sensitive?

Is Your Data Overly Sensitive?

Here’s a line I’m sure our competitors would like to take out of context: STEALTHbits is not in the business of protecting data.

We’re actually in the business of protecting sensitive data. Of course, this may be a distinction without a difference. In today’s data security environment, it seems like just about everything could be sensitive under the right circumstances.

Come on, Jeff. No one cares if the bad guys penetrate the network and make off with pictures from the company’s Wednesday night bowling league, or even a copy of the corporate overview presentation.

Or would they?

Well, if the corporate overview was undergoing a re-design, or, more significantly, the presentation reflected new branding, positioning, or the introduction of a recently-acquired (unannounced) company, it would then be highly sensitive. And let’s be honest, some pictures taken of the executive team on bowling league night, a few pitchers in, may very well be best kept out of the public’s eye.

So if we think about it, the task of determining what constitutes sensitive data has increased in complexity as the amount and types of data stored on corporate and government networks has exploded. There was a time when sensitive data comprised dates of birth, credit card and social security numbers, and not much else. But we’re learning that what constitutes sensitive data depends largely on the cyber-criminal stealing it. They say beauty is in the eye of the beholder, and so is the relative sensitivity of data.

A personal health record is much more valuable to an organized crime hacker in Moldova than the design details of a radically improved car battery design. But that battery design is much more valuable to a Chinese hacker with a corporate espionage mission. Disturbingly, we learned this week that the mere fact that an individual is a member of the US Military is now sensitive, as ISIS recently published a “kill list” with the personal details of US Military personnel stolen from a US company’s network. The military status of an individual is only valuable to ISIS, or other pernicious terrorist groups, but if it can be used by even one organization to gain an advantage, or, in this case, to threaten lives, it becomes sensitive.

Timing matters as well. A public company’s earnings press release is highly sensitive until the moment it’s released to the public, a reality that served as the foundation for a recent insider trading-hacking case. In a similar example, the chemical formula for a revolutionary new cancer treatment is highly sensitive until the drug is approved for use and made publically available.

Additionally, technology advances are creating new kinds of sensitive data that require preservation and protection. Police body cam video is not only sensitive, but massive, and was largely unheard of a few years ago.

Today, just about anything can be considered sensitive to the right audience, and criminals will find the market for it. So, in this environment, although it is true STEALTHbits is not in the business of protecting all data, we’re protecting most of it.

Don’t miss a post! Subscribe to The Insider Threat Security Blog here:

Leave a Reply

Your email address will not be published. Required fields are marked *

*

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Start a Free StealthAUDIT® Trial!

No risk. No obligation.