Perimeter

4/14/2018
09:00 AM
50%
50%

7 Non-Financial Data Types to Secure

Credit card and social security numbers aren't the only sensitive information that requires protection.
Previous
1 of 8
Next

(Image: Tumisu VIA Pixabay)

(Image: Tumisu VIA Pixabay)

As more and more personally identifiable information (PII) has moved online, cybercriminals have been able to gain access to deeper stores of data and build more complete pictures of their victims. Whether the information concerns health, movement, or political views, it adds up to a rich, complete version of an individual that can be stolen, mimicked, or manipulated.

The largest data breach so far, the Yahoo incident, didn't involve financial data - instead exposing the real names, email addresses, dates of birth, telephone numbers, and security questions of roughly 3 billion people to hackers. The next largest, that of Adult Friend Finder, gave names, email addresses, and passwords to the attackers. In neither of these cases were credit card or social security numbers released, but both were highly damaging to many of those effected and in the case of Yahoo, devastating to the company itself.

This shows that if criminals are willing to attack an organization to gain non-financial information on users and customers, then the IT department should be willing to treat that information as important, too.

Here's a look at seven data types many companies have collected and hoarded with abandon, and that need to protected just like financial data. If your organization has terabytes of any of these data types sitting in a warehouse, lake, or cluster, then it may be time to start the audit to see just how exposed it — and your company — truly are.

 

Curtis Franklin Jr. is Senior Editor at Dark Reading. In this role he focuses on product and technology coverage for the publication. In addition he works on audio and video programming for Dark Reading and contributes to activities at Interop ITX, Black Hat, INsecurity, and ... View Full Bio

Previous
1 of 8
Next
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
JTKeating
50%
50%
JTKeating,
User Rank: Author
4/18/2018 | 11:25:12 AM
Great food for thought
Thanks for the article. I like the expanded view of what data types need to be secured.
New Cold Boot Attack Gives Hackers the Keys to PCs, Macs
Kelly Sheridan, Staff Editor, Dark Reading,  9/13/2018
Yahoo Class-Action Suits Set for Settlement
Dark Reading Staff 9/17/2018
RDP Ports Prove Hot Commodities on the Dark Web
Kelly Sheridan, Staff Editor, Dark Reading,  9/17/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: In Russia, application hangs YOU!
Current Issue
Flash Poll
How Data Breaches Affect the Enterprise
How Data Breaches Affect the Enterprise
This report, offers new data on the frequency of data breaches, the losses they cause, and the steps that organizations are taking to prevent them in the future. Read the report today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-3912
PUBLISHED: 2018-09-18
Bypassing password security vulnerability in McAfee Application and Change Control (MACC) 7.0.1 and 6.2.0 allows authenticated users to perform arbitrary command execution via a command-line utility.
CVE-2018-6690
PUBLISHED: 2018-09-18
Accessing, modifying, or executing executable files vulnerability in Microsoft Windows client in McAfee Application and Change Control (MACC) 8.0.0 Hotfix 4 and earlier allows authenticated users to execute arbitrary code via file transfer from external system.
CVE-2018-6693
PUBLISHED: 2018-09-18
An unprivileged user can delete arbitrary files on a Linux system running ENSLTP 10.5.1, 10.5.0, and 10.2.3 Hotfix 1246778 and earlier. By exploiting a time of check to time of use (TOCTOU) race condition during a specific scanning sequence, the unprivileged user is able to perform a privilege escal...
CVE-2018-16515
PUBLISHED: 2018-09-18
Matrix Synapse before 0.33.3.1 allows remote attackers to spoof events and possibly have unspecified other impacts by leveraging improper transaction and event signature validation.
CVE-2018-16794
PUBLISHED: 2018-09-18
Microsoft ADFS 4.0 Windows Server 2016 and previous (Active Directory Federation Services) has an SSRF vulnerability via the txtBoxEmail parameter in /adfs/ls.