With the EU's GDPR coming into effect in under two years, ignorance of ‘hidden' data could result in monstrous fines for UK companies, according to new research from Ground Labs. That research adds that such ignorance could increase risks of identity fraud with the billions of personal information residing on PCs, servers and mobile devices.
In the last six months, Ground Labs has identified files such as birth dates and card numbers that were ‘thought to be deleted' in 92 percent of interactions with UK companies. Partially deleted files or ones hidden in automatic backups known as ‘shadow copies' also pose a risk.
“With the imminent arrival of GDPR and the enormous financial risks, most companies simply cannot afford to ignore hidden threats. In the past, companies have relied on non-specific qualitative data sources which were often ignored,” said John Cassidy, VP EMEA, Ground Labs.
With hacking techniques becoming more sophisticated every day, adults in the UK face great risks as the exchange of multiple types of identity proof on the phone and internet create an unsecure reserve of actionable data on hundreds of thousands of business hard drives through all levels of a complex IT infrastructure.
Ground Labs' new Enterprise Recon 2 examines photos, scanned images, audio recording, emails, and hidden files for sensitive data enabling employees to search files that were previously thought too hard to catalogue such an scanned images and audio recordings. When unwanted data is found, a ‘permanent delete' is used or the option of moving the data to a secure location and encryption.
“This is a serious issue for thousands of organisations across all sectors – from financial institutions to retailers, charities, hospitals and hotels. In over 50 percent of cases, the data that we find is stored without reason, often unintentionally. This means that the data is not being stored securely and is easy enough for would-be hackers to locate. The issue is that much of this data is overlooked, hidden within various file types or assumed to be deleted. It's a digital game of hide-and-seek but we definitely have the upper hand,” said Cassidy.
Is Zero Trust really achievable given the complexity in finance service organisations?
Brought to you in partnership with Forescout