Perimeter

4/14/2018
09:00 AM
50%
50%

7 Non-Financial Data Types to Secure

Credit card and social security numbers aren't the only sensitive information that requires protection.
Previous
1 of 8
Next

(Image: Tumisu VIA Pixabay)

(Image: Tumisu VIA Pixabay)

As more and more personally identifiable information (PII) has moved online, cybercriminals have been able to gain access to deeper stores of data and build more complete pictures of their victims. Whether the information concerns health, movement, or political views, it adds up to a rich, complete version of an individual that can be stolen, mimicked, or manipulated.

The largest data breach so far, the Yahoo incident, didn't involve financial data - instead exposing the real names, email addresses, dates of birth, telephone numbers, and security questions of roughly 3 billion people to hackers. The next largest, that of Adult Friend Finder, gave names, email addresses, and passwords to the attackers. In neither of these cases were credit card or social security numbers released, but both were highly damaging to many of those effected and in the case of Yahoo, devastating to the company itself.

This shows that if criminals are willing to attack an organization to gain non-financial information on users and customers, then the IT department should be willing to treat that information as important, too.

Here's a look at seven data types many companies have collected and hoarded with abandon, and that need to protected just like financial data. If your organization has terabytes of any of these data types sitting in a warehouse, lake, or cluster, then it may be time to start the audit to see just how exposed it — and your company — truly are.

 

Curtis Franklin Jr. is Senior Editor at Dark Reading. In this role he focuses on product and technology coverage for the publication. In addition he works on audio and video programming for Dark Reading and contributes to activities at Interop ITX, Black Hat, INsecurity, and ... View Full Bio

Previous
1 of 8
Next
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
JTKeating
50%
50%
JTKeating,
User Rank: Author
4/18/2018 | 11:25:12 AM
Great food for thought
Thanks for the article. I like the expanded view of what data types need to be secured.
What We Talk About When We Talk About Risk
Jack Jones, Chairman, FAIR Institute,  7/11/2018
Ticketmaster Breach Part of Massive Payment Card Hacking Campaign
Jai Vijayan, Freelance writer,  7/10/2018
7 Ways to Keep DNS Safe
Curtis Franklin Jr., Senior Editor at Dark Reading,  7/10/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: Locked device, Ha! I knew there was another way in.
Current Issue
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-14337
PUBLISHED: 2018-07-17
The CHECK macro in mrbgems/mruby-sprintf/src/sprintf.c in mruby 1.4.1 contains a signed integer overflow, possibly leading to out-of-bounds memory access because the mrb_str_resize function in string.c does not check for a negative length.
CVE-2018-14329
PUBLISHED: 2018-07-17
In HTSlib 1.8, a race condition in cram/cram_io.c might allow local users to overwrite arbitrary files via a symlink attack.
CVE-2018-14331
PUBLISHED: 2018-07-17
An issue was discovered in XiaoCms X1 v20140305. There is a CSRF vulnerability to change the administrator account password via admin/index.php?c=index&a=my.
CVE-2018-14333
PUBLISHED: 2018-07-17
TeamViewer through 13.1.1548 stores a password in Unicode format within TeamViewer.exe process memory between "[00 88] and "[00 00 00]" delimiters, which might make it easier for attackers to obtain sensitive information by leveraging an unattended workstation on which TeamViewer has ...
CVE-2018-14334
PUBLISHED: 2018-07-17
manager/editor/upload.php in joyplus-cms 1.6.0 allows arbitrary file upload because detection of a prohibited file extension simply sets the $errm value, and does not otherwise alter the flow of control. Consequently, one can upload and execute a .php file, a similar issue to CVE-2018-8766.