Jonathan Sander (LinkedIn) is the Strategy & Research Officer for STEALTHbits. Brilliant, witty, and someone I count on for philosophical insights and sharp ideas.
One change for this year: include unstructured data in conversations and plans about security
Unstructured data is information in human generated files. Every spreadsheet, presentation, PDF, and Word document are examples of unstructured data.
“It’s always been amazing to me how few security professionals think about it. I get that it’s not the sexiest thing in the world. No one makes a movie about the person who copied a sensitive file. It’s always about the HACKER who BROKE through a FIREWALL. That makes for better Hollywood plots and better board room presentations about funding strategic security initiatives.”
Jonathan shared that up to 80% of all the data in any organization is unstructured, and that data contains 100% of an organization’s sensitive information in most cases. Of course, that sensitive information is also locked up in a database or application as well – so it feels safe.
“We all know people have copied that information into spreadsheets, emails, documents, and then squirreled those away in every nook and cranny of the infrastructure.”
The good news, according to Jonathan, is this one comes with an easy solution: access controls and proper policy (setting, enforcing).
“Security professionals are good at access control and setting proper policy. They can’t do that for things that aren’t on their minds, though. That’s why I simply want them to put unstructured data on their lists. I’m absolutely confident that all they need is to pay attention to the problem, and they’ll soon nail down the solution.”