The Chief Architects > Blog > Blog > How Much Value Does your Data Represent?
  • 15 November 2021
  • Marvin Schaap
  • Blog
  • No Comments

How Much Value Does your Data Represent?

In June 2021’s megahack, hundreds of companies worldwide were affected. The suspected perpetrators – the Russian hacker group REvil, are reportedly demanding $70 million in ransom. Reports about data breaches at large organizations, caused by (human) errors or criminal hacks, appear in the media all the time. There is always a huge outcry and the accusations are numerous, but the focus is rarely about finding a solution. And, that’s a shame, because there really is something to be done about data breaches and their consequences.

It’s a killer, but it needs to be said: prevention is better than cure. It’s important to realize that the data available within your organization is of great value, not only for your own organization, but also for those with malicious intent. If you really want to protect that data, then it is a good idea to look at your data management. In any case, that is almost always the starting point for The Chief Architects when our help is requested – whether preventatively or after a data breach or hack.

 

Looking at Data Differently

We get companies and governments to look at their data differently. Translate your business into the data you work with: What data do you have? Which is essential? Where is it and who can access it? When and how do you use and process it and with whom do you share it? That is often, quite literally, an eye opener, because this approach provides a lot of insight.

Then we classify the data – determine, for example, whether it is personal data. If so, you have to deal with laws and regulations (including the GDPR). Do you comply with these regulations through your internal and external procedures? If it’s about bank data, then specific regulations apply again. The same applies to connections with government agencies (for example, the Basic Registration of Persons). But, your own financial administration also requires attention and protection.

 

Protection Starts at the Source

Let’s be clear: there is no set of measures that works for every organization or company. It is not a list to be ticked off. Every organization is unique, the solution always customized. That’s why for every question we first look at what is already in place. Often you can build on that; you don’t have to turn everything completely on its head…

A stress test or a pen test, using ethical hackers, quickly shows whether and where the data protection is inadequate, and so, how you can improve the security. You start with the data sources and build up security from there, using layers, in the form of technical measures and adjustment of procedures, which everyone then also has to comply with!

 

Panicked by the Hype

Then you arrive at a robust and coherent security. Simply putting a sticking plaster on it won’t help. Just as putting an extra lock on a flimsy door won’t stop it from getting kicked in. You have to build the data protection from the core.

But it must be appropriate for the organization: the security and procedures must not obstruct the business process. You often see this happen because managers and entrepreneurs go along with the hype. If a competitor is in the news because of a data leak, other similar businesses are afraid of being affected themselves, and so, they panic and make the wrong choices – or they think that taking drastic measures will settle the matter once and for all.

Well, one thing is certain: data protection is never finished. It is an ongoing process that requires a different mind-set – proactive instead of reactive. If you realize that your data is an important asset (perhaps the most important one), you don’t wait for someone else to get hold of it.

We recommend setting up a permanent test environment within the ICT department, where data security is tested against the latest insights. Companies are gradually being compelled to set up a testing ground so that they can test the latest ransomware and take action to protect themselves!

The techniques and tricks used by cybercriminals are developing rapidly. If you lag behind, sooner or later you are going to live to regret it.