Global businesses continue to house ‘dark data’ within their organisations, creating a honeypot for cybercriminals, finds research from Veritas Technologies, a worldwide leader in enterprise data protection and software-defined storage.
The Value of Data study, conducted by Vanson Bourne for Veritas, surveyed 1,500 IT decision makers and data managers across 15 countries. It reveals that on average, over half (52 per cent) of all data within organisations (Singapore: 53 per cent) remains unclassified or untagged, indicating that businesses have limited or no visibility over vast volumes of potentially business-critical data, creating a ripe target for hackers.
Classifying data enables organisations to quickly scan and tag data to ensure that sensitive or risky information is properly managed and protected, regardless of where that data lives. This broad visibility into data helps companies comply with ever-increasing and stringent data protection regulations that require discrete retention policies be implemented and enforced across an organisation’s entire data estate.
Public cloud and mobile environments represent the weakest links in data security, with the majority of data across these environments most likely to be left unclassified and potentially unprotected. Just five per cent of companies claim to have classified all of their data in the public cloud, while only six per cent has classified all of the data that sits on mobile devices. Three in five (61 per cent) companies admit they have classified less than half of their public cloud data, while over two-thirds (67 per cent) have classified less than half of the data that sits on mobile devices. In Singapore, more than three in five (67 per cent) companies admit they have classified less than half of their public cloud data, while a similar proportion (68 per cent) have classified less than half of the data that sits on mobile devices.
Veritas’ previous Truth in Cloud research revealed that an alarming majority (69 per cent) of organisations worldwide wrongfully believe data protection, data privacy and compliance are the responsibility of their cloud service providers, although cloud provider contracts usually place data management responsibility on businesses.
“As the workforce gets increasingly digital, with the use of mobile devices and online platforms becoming commonplace, company data has become dispersed across a number of different environments,” said Sheena Chin, country director for Singapore, Veritas. “When data is fragmented across an organisation and has not been properly tagged, it is more likely to go ‘dark’, affecting the company’s reputation and market share if it falls foul of international data protection regulations such as the GDPR or the PDPA locally. With blurring lines between the traditional and digital spheres, it is vital that organisations take full responsibility for ensuring their data is effectively managed and protected.”
The dark age of data
Organisations consider strengthening data security (64 per cent globally and 65 per cent in Singapore), improving data visibility and control (39 per cent globally and 42 per cent in Singapore) and guaranteeing regulatory compliance (32 per cent globally and 34 per cent in Singapore) among their top key drivers for day-to-day data management. Yet the majority of respondents admit that their organisation still needs to make improvements in all of these areas.
“A company’s dark data reservoir may be out of sight and out of mind for many organisations, but it is an alluring target for cybercriminals and ransomware attacks. The more organisations know about the data they hold, the more adept they will be at evaluating its value or risk,” added Chin. “But with the average company holding billions of data files, manually classifying and tagging data is beyond reasonable human capability. To address the massive data growth, businesses must implement data management tools with algorithms, machine learning, policies and processes that can help manage, protect and gain valuable insights from their data, no matter where it resides in the organisation.”