Perimeter

4/14/2018
09:00 AM
50%
50%

7 Non-Financial Data Types to Secure

Credit card and social security numbers aren't the only sensitive information that requires protection.
Previous
1 of 8
Next

(Image: Tumisu VIA Pixabay)

(Image: Tumisu VIA Pixabay)

As more and more personally identifiable information (PII) has moved online, cybercriminals have been able to gain access to deeper stores of data and build more complete pictures of their victims. Whether the information concerns health, movement, or political views, it adds up to a rich, complete version of an individual that can be stolen, mimicked, or manipulated.

The largest data breach so far, the Yahoo incident, didn't involve financial data - instead exposing the real names, email addresses, dates of birth, telephone numbers, and security questions of roughly 3 billion people to hackers. The next largest, that of Adult Friend Finder, gave names, email addresses, and passwords to the attackers. In neither of these cases were credit card or social security numbers released, but both were highly damaging to many of those effected and in the case of Yahoo, devastating to the company itself.

This shows that if criminals are willing to attack an organization to gain non-financial information on users and customers, then the IT department should be willing to treat that information as important, too.

Here's a look at seven data types many companies have collected and hoarded with abandon, and that need to protected just like financial data. If your organization has terabytes of any of these data types sitting in a warehouse, lake, or cluster, then it may be time to start the audit to see just how exposed it — and your company — truly are.

 

Curtis Franklin Jr. is Senior Editor at Dark Reading. In this role he focuses on product and technology coverage for the publication. In addition he works on audio and video programming for Dark Reading and contributes to activities at Interop ITX, Black Hat, INsecurity, and ... View Full Bio

Previous
1 of 8
Next
Comment  | 
Print  | 
More Insights
Comments
Threaded  |  Newest First  |  Oldest First
JTKeating
50%
50%
JTKeating,
User Rank: Author
4/18/2018 | 11:25:12 AM
Great food for thought
Thanks for the article. I like the expanded view of what data types need to be secured.
WebAuthn, FIDO2 Infuse Browsers, Platforms with Strong Authentication
John Fontana, Standards & Identity Analyst, Yubico,  9/19/2018
Turn the NIST Cybersecurity Framework into Reality: 5 Steps
Mukul Kumar & Anupam Sahai, CISO & VP of Cyber Practice and VP Product Management, Cavirin Systems,  9/20/2018
NSS Labs Files Antitrust Suit Against Symantec, CrowdStrike, ESET, AMTSO
Kelly Jackson Higgins, Executive Editor at Dark Reading,  9/19/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: White Privelege Day
Current Issue
Flash Poll
The Risk Management Struggle
The Risk Management Struggle
The majority of organizations are struggling to implement a risk-based approach to security even though risk reduction has become the primary metric for measuring the effectiveness of enterprise security strategies. Read the report and get more details today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-17282
PUBLISHED: 2018-09-20
An issue was discovered in Exiv2 v0.26. The function Exiv2::DataValue::copy in value.cpp has a NULL pointer dereference.
CVE-2018-14592
PUBLISHED: 2018-09-20
The CWJoomla CW Article Attachments PRO extension before 2.0.7 and CW Article Attachments FREE extension before 1.0.6 for Joomla! allow SQL Injection within download.php.
CVE-2018-15832
PUBLISHED: 2018-09-20
upc.exe in Ubisoft Uplay Desktop Client versions 63.0.5699.0 allows remote attackers to execute arbitrary code. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of URI ha...
CVE-2018-16282
PUBLISHED: 2018-09-20
A command injection vulnerability in the web server functionality of Moxa EDR-810 V4.2 build 18041013 allows remote attackers to execute arbitrary OS commands with root privilege via the caname parameter to the /xml/net_WebCADELETEGetValue URI.
CVE-2018-16752
PUBLISHED: 2018-09-20
LINK-NET LW-N605R devices with firmware 12.20.2.1486 allow Remote Code Execution via shell metacharacters in the HOST field of the ping feature at adm/systools.asp. Authentication is needed but the default password of admin for the admin account may be used in some cases.