(Updated on 7/5/2022)
The importance of discovering and locking down documents with personally identifiable information
The damage following a hack or data loss can be devastating; loss of revenue, customers fleeing to rivals, executives falling on their swords, large fines from regulators and at the very least reputational damage that destroys credibility.
Data loss events are as predictable as the sunrise. According to a report by KrebsOnSecurity, this year, over 30,000 organisations across the United States, including local governments, government agencies, and businesses, were compromised with masses of sensitive data scooped up by what were believed to be state-sponsored attackers.
Mega data breaches
In January this year, highly sensitive PII of over 220 million Brazilians was discovered for sale online. This data also included company information and was believed to be the result of insider attacks. In another high-profile case, hackers posted a database of over 533 million Facebook users’ personal information online for free in a hacking forum, including phone numbers.
You can go into the dark web anytime and find huge amounts of stolen data. There are obvious things like credit card numbers, email addresses and passwords, and in vast quantities. You’ll also find passport numbers, ID cards, bank account numbers, loyalty card details and a lot more. It’s like a kiddie’s sweet shop for ID thieves. There’s so much available. Where do they start?
Troves of valuable documents
Organisations are in a difficult position. Even by deploying the best cybersecurity defenses, they can still be one step behind the cyber villains and several steps away from understanding in which documents sensitive data resides. Proofpoint’s analysis of 228,000 documents revealed that a substantial 28% (approximately 65,000 documents) contained publicly available sensitive data, which could have damaging consequences if leaked.
This is why we always encourage clients to encrypt sensitive data. Of course, most do when it comes to payment card numbers, but beyond this there are still troves of valuable documents that need safeguarding. We help organisations understand where their sensitive data is. We then categorise the PII data that needs safeguarding in the following classifications: names, credit card numbers, BAN/IBAN numbers, passport numbers and ID card numbers, and more. You also have special categories defined in the GDPR, such as religion, sexual orientation, and so on, which can also have lasting impacts on those whose data is leaked.
Identify, classify, protect
This is where Proofpoint Intelligent Classification solution can also help. Our multi-patented AI engine works as a personal data detection tool that identifies your sensitive documents, classifies data according to their level of sensitivity and encrypts the files where they can be found. In addition, our Information and Cloud Security platform delivers data loss prevention (DLP) across email, cloud, web and endpoint. It offers world-class threat, content and behaviour detection to protect your people and data from external and insider threats. The platform also delivers people-centric visibility and secure access for web, cloud and private apps. The combined solution is important in stopping hackers from exposing or stealing your data. Even if your employees practice good cybersecurity hygiene rigorously, experienced attackers can slip under the radar.
Recently, cybercriminals have launched a phishing-as-service operation, offering would-be buyers the opportunity to steal log-in details for Microsoft OneDrive, LinkedIn, Adobe, Alibaba, American Express, Dropbox, Google Docs and more. This is the level of sophistication and organisation used by cybercriminals. Identifying and securing documents with sensitive data needs to be as important as firewalls, intrusion detection systems and antimalware.
For more great content, subscribe to the Proofpoint blog.