You need to protect organizations unstructured data!

Unstructured data commonly means documents and other data assets saved in different types of storage not in form of a database. Information in systems that uses database at the background are commonly protected by the application and attacked through it. Access to application by getting someone's account compromises the data that the user has access to but exfiltrating the information through the application is not easy in large volumes. Of course there are attacks and ways to get access directly to the database, but let's not cover those in this article.

Unstructured data lives for example on file servers, computer hard drives, onedrive's and sharepoint sites. Data in these services can be automatically exfiltrated in many different ways leaving the attacker time to analyze and extract valuable time after the attack which makes this type of breach extremely dangerous.

Good example of this is UnitedHealth breach in the United states that lead attackers having access to over 100 million people records.

UnitedHealth says data of 100 million stolen in Change Healthcare breach (bleepingcomputer.com)

Sensitive data in your environment

I have done quite a few sensitive data analysis over the past years and almost every time the results have been worse than expected.

Things resulting to these findings:

• No data lifecycle management - Things created before GDPR are still there!
• Not able to start classifying and deleting data because there is so much of it
• Temporary files for core systems are saved to OneDrives etc forever
• Lack to provide strong policies and guidelines to handle data correctly - people save even their personal files to their computers or onedrives

According to these findings, there is Sensitive data like health records, employment information, financial data, social security numbers, addresses etc. in your environment. Many organizations also hold valuable data like IPR, pricelists, offers and more.

What to do then?

Well like in any situation we need to stop things getting worse and need to create strong policy, guidelines and technical controls to stop unclassified and unprotected data growth. Protections should cover things like external data exfiltration along with Internal oversharing.

When these things are in place we need to focus on the old data and how to identify what we need to keep and protect or what can be deleted. This part is not fast, but risk goes down with every step.

To make these things happen it is vital to create a solid governance and management model so that decisions are made effectively with leadership approvals so that the difficult task progresses.

Are we safe now?

No, sorry we are not. identity is the most important barrier that needs to be protected and if you have hybrid infrastructure, the most dangerous attacks still come through on-prem Active Directory and infrastructure like in the linked breach at US.

For cloud data you can easily build and deploy alerts and risk management scanarios, but you need to think also data at workstations, usb sticks and file shares. One part of data classification and protection is to prevent saving sensitive data to these hard to protect locations.

Holistic thinking and layered protection is the key here. We do not need protect everything with all the capabilities to make solution user friendly and secure. See more information about these from my previous posts.