A Global telecommunications giant was handed fines of $25 million by FCC for data stolen names and full and partial social security numbers of about 28oK customers in the US.
https://www.fcc.gov/document/att-pay-25m-settle-investigation-three-data-breaches-0
Organizational risk continues to rise as data breaches overwhelm today’s information security technologies and procedures. Despite billions expended on information security every year, highly motivated cyber gangs, organized crime and nation states are winning the cyber-arms race. Once networks and systems are breached, sensitive data seems to be pilfered at will. Organizations acknowledge their vulnerabilities. Publicly traded companies detail that sensitive that data is at risk and no assurances can be made about safety.
Confidence in having a current and accurate accounting of sensitive data location location and protection is very low in organizations. This trend will continue in the foreseeable future.
Data Security Intelligence allows organizations to view an enterprise sensitive data landscape; calculating sensitive data risk on an ongoing basis. The risk score is illuminated by views of sensitive data creation and consumption, department and geographic distribution, value and data protection applied. Decision makers can understand if risk factors are improving or deteriorating with security strategies and adjust on a continuous basis. Practitioners are provided actionable details on risks so that data protection and other remediation is prioritized for the highest value and at risk assets.
Data protection includes data encryption, masking, tokenization and access controls. As none of these are silver bullets, a layered approach is needed to ensure that data being used by LoB, administration, partners and contractors is tightly controlled. With these controls, sensitive data access can be blocked, limited or eliminated to prevent broad-scale data theft.