‘Dark’ data creating “major security blind spot” for most companies across UK plc

UK businesses continue to house ‘dark’ data within their organisations, creating a honeypot for cyber criminals. That’s a key finding of the latest research from Veritas Technologies, the specialist in enterprise data protection and software-defined storage.

The ‘Value of Data’ study, conducted by Vanson Bourne on behalf of Veritas Technologies, surveyed 1,500 IT decision-makers and data managers across 15 countries, including 100 from the UK. It reveals that, on average, nearly half (48%) of all data within UK organisations remains unclassified or untagged, indicating that businesses have limited or no visibility over vast volumes of potentially business-critical data, creating a ripe target for hackers.

Classifying data enables organisations to quickly scan and tag it to ensure that sensitive or risky information is properly managed and protected, regardless of where that data lives. This broad visibility into data helps companies comply with ever-increasing and stringent data protection regulations that require discrete retention policies to be implemented and enforced across an organisation’s entire data estate.

Public cloud and mobile environments

Public cloud and mobile environments represent the weakest links in data security, with the majority of data across these environments most likely to be left unclassified and potentially unprotected. Just 9% of UK-based companies claim to have classified all of their data in the public cloud, while only 8% have classified all of the data that sits on mobile devices.

Over half (56%) of companies admit they’ve classified less than half of their public cloud data, while nearly two-thirds (61%) have classified less than half of the data that sits on mobile devices.

Veritas Technologies’ previous ‘Truth in Cloud’ research revealed that an alarming majority (69%) of global organisations wrongfully believe data protection, data privacy and compliance are the responsibility of their cloud service providers, although cloud provider contracts usually place data management responsibility on businesses.

“As modern workforces become more mobile and data is dispersed across organisations, businesses have a big task in front of them when it comes to ensuring they have visibility and control over their data,” explained Jasmit Sagoo, senior director for Northern Europe at Veritas Technologies. “If data isn’t effectively classified and tagged, it’s more likely to go ‘dark’ and pose a serious security risk to businesses and their customers. Organisations must take responsibility for all of their data or they could face significant repercussions to their reputation and market share.”

The Dark Age of data

Organisations consider strengthening data security (65%), improving data visibility and control (41%) and guaranteeing regulatory compliance (51%) among their top key drivers for day-to-day data management. Yet the majority of respondents admit their organisation still needs to make improvements in all of these areas.

In conclusion, Sagoo informed Risk Xtra: “In today’s digital economy, it’s not a question of ‘if’ a company will be targeted by cyber criminals, but rather a matter of ‘when’. A company’s pool of dark data serves as an easy and enticing target for attacks. The more organisations know about their data, the better they’ll be at judging its value or risk. The average company holds billions of data files, so manually classifying and tagging them is near impossible. With the help of data management tools that include algorithms, machine learning, policies and processes, businesses can effectively keep data secure and available and gain valuable insights from it, regardless of where that data sits in their organisation.”

About the Author
Brian Sims BA (Hons) Hon FSyI, Editor, Risk UK (Pro-Activ Publications) Beginning his career in professional journalism at The Builder Group in March 1992, Brian was appointed Editor of Security Management Today in November 2000 having spent eight years in engineering journalism across two titles: Building Services Journal and Light & Lighting. In 2005, Brian received the BSIA Chairman’s Award for Promoting The Security Industry and, a year later, the Skills for Security Special Award for an Outstanding Contribution to the Security Business Sector. In 2008, Brian was The Security Institute’s nomination for the Association of Security Consultants’ highly prestigious Imbert Prize and, in 2013, was a nominated finalist for the Institute's George van Schalkwyk Award. An Honorary Fellow of The Security Institute, Brian serves as a Judge for the BSIA’s Security Personnel of the Year Awards and the Securitas Good Customer Award. Between 2008 and 2014, Brian pioneered the use of digital media across the security sector, including webinars and Audio Shows. Brian’s actively involved in 50-plus security groups on LinkedIn and hosts the popular Risk UK Twitter site. Brian is a frequent speaker on the conference circuit. He has organised and chaired conference programmes for both IFSEC International and ASIS International and has been published in the national media. Brian was appointed Editor of Risk UK at Pro-Activ Publications in July 2014 and as Editor of The Paper (Pro-Activ Publications' dedicated business newspaper for security professionals) in September 2015. Brian was appointed Editor of Risk Xtra at Pro-Activ Publications in May 2018.

Related Posts