For many businesses it is the known unknowns that represent the biggest threat of a data breach.
The Problem
It feels like almost each week brings yet another jarring and uncomfortable headline that a large and trusted institution has leaked sensitive customer data into unsafe hands.
For many businesses it is the known unknowns that represent the biggest threat of a data breach. It is generally well understood that the volume of data across the globe is now snowballing, doubling every 2-3 years and that most of that data (around 80%) is unwieldy unstructured data – like emails, chat messages and written documents (such as power points and health records).
In many organisations, the governance, disciplines and technology for effectively managing sensitive data has grown ‘organically’, often as an historically under-loved side project for technology, risk or compliance officers. The implication is that today, many business leaders would struggle to answer core questions like “what specific data does my organisation hold” and “where are we holding it”.
Role of the regulators
Simultaneously, laws and regulations in many countries demand that organisations properly manage sensitive customer information and are increasingly intolerant of failures to effectively managing the information collected. In Australia for example, anti-money laundering laws require organisations like banks to collect sensitive data from customers before opening an account (100-point check). Unsurprisingly, it’s this kind of personal data – like driver’s licences, credit card details – that is most frequently leaked.
Regulators around the globe are doubling down to address these concerns. Often viewed as the global forerunner, Europe’s General Data Protection Regulation (GDPR) came into force in 2018 with fines for ‘less severe infringements’ worth up to €10 million, or 2% of the firm’s worldwide annual revenue.
Since 2018, over 30 major economies have introduced or proposed their own data protection legislation – often with equally punitive sanctions – and by 2024, Gartner anticipates that 80 per cent of all businesses will face modern privacy or data protection requirements (where in 2020, only 10% of the world’s population was covered). On the 29th of November, the Australian Parliament reacted strongly to community concern about the recent spate of data breaches and passed changes to the Privacy Act which significantly increase the maximum fine for serious or repeated data breaches from around $2m AUD to $50m AUD.
Our Nuix solution
The real challenge today for organisations and their ability to properly manage and protect their data is having a complete picture of all the sensitive data in their company, including where it resides.
As data privacy experts, Nuix recently worked with a leading global bank as part of a large-scale information governance project. The bank knew there was highly sensitive customer information scattered across the company and that the data was unencrypted and largely unprotected. But they didn’t know where it was. It took Nuix just two weeks to give them complete control of all that data. Significantly enabling them to reduce their data breach risk exposure in a short amount of time.
Nuix uses vast amounts of processing power and the latest technologies including Artificial Intelligence, to give organisations a deep understanding of their data landscape and what they need to do to take control of it. The process itself is relatively simple.
- Identify: Thefirst step in taking control is the ability to identify and create an inventory of your data. Nuix’s patented technology offers the most powerful solution in the world for driving forensic-level insights into sensitive customer information across 1,000+ file types (e.g. PDFs, Word documents).
- Understand: Once the data inventory is created, the focus turns to understanding the data and the risk it carries. This comes from performing an analysis around age, ownership, format and content of each item. At this point, organisations can start to see opportunities to cull and delete Redundant, Obsolete and Trivial data using metadata, including data ranges, file extensions, date etc. Doing this can dramatically reduce the data they have to store, manage and navigate.
- Analyse: The next step is analysingthe data in context to determine whether it’s an asset or a liability. Nuix software can perform sophisticated functions including turning audio and image data into searchable text to find specific data.
- Act: Understanding your data is crucial. Being able to act on it at scale is equally important. In this stage of the process, Nuix users can focus on governance decisions such as how to optimise risk decisions; how to classify, move and protect data; or how to make it more readily available to the business.
Jonathan Rubinsztein is Nuix Global CEO.