Blog > October 2019 > How Data Intelligence Fits into Cybersecurity

How Data Intelligence Fits into Cybersecurity

Data breaches, cyberattacks and other challenges to data privacy are on the rise. In the first half of 2018 alone, there were 945 data breaches that compromised 4.5 billion data records worldwide. In 2019, there have been 2.7 billion identity records posted online for sale already. These breaches—and their implications for data privacy—continue to infiltrate even high-profile companies. This year, Capital One made headlines when it announced a data breach that impacted about 100 million U.S. consumers and 6 million Canadian consumers. This incident was particularly interesting because it was perpetrated by someone with inside knowledge of the company. The hacker was a software engineer who used to work for the cloud hosting company Capital One was using.
While this was a security issue, the Capital One case does raise an important question around data privacy: how can today’s data-driven businesses protect consumers’ personal information from risk, especially when coming from inside the organization? A firewall is important but doesn’t keep internal bad actors—even negligent data handlers—from mismanaging or abusing information.
Cybersecurity is not the silver bullet that keeps data safe from the internal and external werewolves seeking to misappropriate it. Organizations need to ensure internal stakeholders are held accountable. In fact, as the focus on data privacy grows, so must the conversation about accountability and end-to-end transparency.
The goal is not to make companies distrust their employees. Rather, companies need to trust their data and data management. The more organizations understand what personal information they have, where it is stored and who has access to it, the better they can ensure all data is properly used and secured, and thus, at less risk of theft. However, most organizations are hindered by a lack of visibility across data siloes and into today’s cloudy data lakes. Creating data intelligence helps organizations establish the necessary trust with the data and the data management they have in place.
Data Intelligence hasn’t historically been part of the cybersecurity conversation. However, as information management catches up to data-driven business, it deserves to be heard. Data governance and regulations such as the GDPR and CCPA can be motivators for good data behavior—but they also require an understanding of what data organizations have, what data needs protecting, how they can protect it, and, importantly, where it came from. Organizations can build an inventory of data assets to answers these questions. That way, when auditors come knocking or consumers request their data be deleted, organizations will be able to comply. What’s more, in the case of a breach, a data inventory makes it easier to inform authorities and those affected while mitigating the impact as much as possible.
Organizations can also leverage data lineage capabilities, to trace data from its origin to its target, discovering where it comes from, how systems process it and how it’s used—or abused. Traceable data is trusted data, creating confidence in decisions, encouraging internal adherence to governance policies and reducing internal risk.
Data Intelligence isn’t a cybersecurity solution. It won’t prevent hackers from stealing personal information from companies’ data warehouses. However, if that worst-case scenario occurs, organizations will know exactly what (or whose) information was in the data warehouse, where it had been used and transformed and who had access to it. That way, instead of having to ask concerned consumers to check their accounts for suspicious activity—as Capital One did after its data breach—organizations can know who was impacted and be targeted in their responses. In this way, data intelligence can hold organizations accountable to the level of service that today’s consumers expect.
Data is the most valuable asset that most companies have today. Consequently, its safety, privacy and security are more important than ever. Organizations must revisit what it means for data to be safe—understanding that accountability, while separate, is complementary to security. Data intelligence and data governance show consumers that organizations care about their data—they know where it is, who has it and why.
Learn how ASG’s Data Intelligence solution provides data inventory and data lineage capabilities to support data safety by visiting this product page or reading this blog.