According to Cybercrime Magazine, global data storage is expected to exceed 200 zettabytes in 2025. One zettabyte is equal to a billion terabytes or a trillion gigabytes. That’s a lot of data to secure. Inside the corners of those storage systems lurks shadow data: unchecked and uncontrolled data that could expose your company’s sensitive information to criminals. What is shadow data?Shadow data is information created, stored and managed inside systems or applications that aren’t under your company’s control or fly outside the radar of internal cybersecurity scans. It usually happens when employees use nonapproved or nonstandard applications for work-related activities. This is known as “shadow IT.” Employees are often well-intentioned when installing these applications, typically using the software for productivity and workarounds. External networks might be less vigilant about policing downloaded apps or employees’ devices. But in-person employees can have the same effect if you don’t have a clear policy on safeguarding data, how it’s used and what’s shared on connected systems. These include Internet of Things devices, personal devices and artificial intelligence (AI) systems. A shadow data example Let’s say your employee downloads an outside application for a presentation they’re giving to their team. They upload proprietary company data as part of the presentation. Their app saves information to an unknown file location on your network and in the cloud. The file location isn’t part of the usual cybersecurity scans and remains off the radar. A few weeks later, a cybergang breaches your company’s networks and discovers rogue apps installed on some computers. They’re familiar with the app and know where to find its backup files. (Hackers are adept at locating and exploiting cybersecurity weaknesses, including known software vulnerabilities and hidden backup files left by apps.) They grab the backup folders, knowing they could contain valuable information and they’re not encrypted because they’re not part of your company’s cybersecurity scans. The cybergang isolates data from the employee presentation that contains internal tech and release notes about your top-secret product launch. They demand a ransom in exchange for not leaking your proprietary data. Shadow data risks and mitigationsThe proliferation of data makes it harder to track and safeguard. Shadow data risk is a trending cybersecurity issue that debuted in IBM’s Cost of a Data Breach Report 2024. According to the 2024 report, shadow data breaches are rising in frequency and cost:
Cybersecurity exposures and mitigationsHere are some other security considerations:
Secure your AI data, including AI training data, to avoid theft and misuse. Hackers could pollute your AI’s training data to skew its outputs. They could steal intellectual property and sensitive information as shadow data uploaded as part of an AI prompt. An AI shadow data example Imagine you roll out a generative AI application on your internal networks. Your executive team has decided to share a summary of their quarterly updates on performance issues, finances, and strategic plans with some of the department heads. They ask AI to summarize the meeting document into a single-page overview, keeping all names anonymous. It returns an accurate summary without any personal information. Unbeknownst to them, the AI incorporated the original executive document into its training data repository for future reference, leaving employee and financial information in an unsecured area. This shadow data puts your company at risk of noncompliance with privacy laws, leaving the doors open for lawsuits and other liabilities. Shadow data awarenessKeep your data and employees out of the shadows. Be transparent about your cybersecurity policies and why staying within tech boundaries is essential. If there’s an application your employees regularly use, maybe it’s time to officially bring that software on board so employees can use it safely. Whether in the cloud or your internal network, ensure your cybersecurity plan works to bring shadow data into the light. Article: Cyber Bytes: Shadow Data and Its Cybersecurity Risks | F. Frederick Breuninger & Son Insurance, Inc. (myappliedproducts.com) Joseph S. Regenski, III[email protected] F. Frederick Breuninger & Son Insurance, Inc. 1140 W Lincoln Hwy Coatesville, PA 19320 www.binsured.com
3 Comments
|
Archives
October 2024
Categories |
Copyright Southern Chester County Chamber of Commerce.
All Rights Reserved. 2021 8 Federal Road | Suite 1, West Grove, PA 19390 Phone: (610) 444-0774 | [email protected] | sitemap |
|