Data exposure is a reality for all organizations.
The constant influx of data breaches over the last decade has forced organizations to come to terms with the harsh truth that ongoing data exposure is unavoidable, whether through direct system compromise or third party security incidents. According to a newly published report by Risk Based Security, the first six months of 2019 have seen more than 3,800 publicly disclosed breaches exposing a whopping 4.1 billion compromised records. As a result, companies are beginning to recognize the importance of data monitoring and the threats of data exposure, but, based on new research from Terbium Labs, practitioners often stop short of fully understanding the acute risks and implications of a data breach.
In a recent survey of IT professionals, Terbium Labs uncovered startling trends about the gaps in how organizations think about risk of exposure for corporate data and inconsistencies in how security teams monitor data. Our latest report, The Underrated Risks of Data Exposure, unpacks these findings, and highlights a dangerous disparity: practitioners are initially confident in their current strategies while admitting uncertainty about their existing data exposure, all while drastically underestimating the risks of compromise for vital corporate information.
In this report, Terbium Labs exposes the disconnects between corporate confidence and the underrated risks of data exposure, including:
- Nearly 30% of respondents don’t trust their employees to identify suspicious emails or phishing attempts, while 16% aren’t sure whether or not they’ve had data exposed over the last year.
- While more than 52% of IT professionals are worried about customer credentials being exposed, only 11% have the same concern about employee email addresses.
If companies continue to operate with confidence while these disconnects persist, cyber criminals have a clear advantage to exploit data and take advantage of the gaps in digital risk protection strategies. For an organization with a mature digital risk protection program, teams should take a holistic view of the ways data exposure impact existing security threats, including phishing, account takeover, business email compromise, and unauthorized access to corporate systems.
In order to stay ahead of developing cybercrime tactics and maintain compliance with developing data regulations, companies must adopt a comprehensive digital risk protection strategy that includes ongoing, proactive data monitoring. A mature digital risk protection strategy provides clear risk mapping, actionable intelligence, and data monitoring that alerts on exposure of specific corporate data across the open, deep, and dark web – not merely contextual, broad-strokes vulnerability updates and industry news.
Security teams should also demand more from their digital risk protection providers. Putting data at an increased risk by sharing it with third parties in order to monitor for exposure isn’t a tradeoff companies should need to make. Terbium Labs provides full visibility into corporate data exposures without ever needing access to original data or sensitive corporate information. Our patented data fingerprinting technology is unique in the industry, and Terbium Labs believes no organization should need to expose