Unstructured data: The unseen dangers

Unstructured data refers to raw and organized data that cannot be stored in predefined relationship structures.

Seqrite Aug 08th 2018

As the name suggests, unstructured data refers to raw and organized data that cannot be stored in predefined relationship structures. While this kind of data can be text-heavy in the form of email messages, PDFs, business plans, unstructured data differs from databases through the fact that they may have irregularities which do not allow it to be cataloged or stored in a particular process.

Because of the unorganized nature of this kind of data, it can pose a problem for organizations, especially in light of the era of data breaches that we have stepped into. Organizations store a lot of unstructured data – various estimates have put it as high as 80% – which is a huge amount of data lying around. This data can be of enormous value for a criminal or for any insider threat. Hackers can sell off this data for huge prices in the dark markets while also using it for ransomware threats.

Data Leaks

As the CEO of a company, pause for a moment and consider the kind of data your employees create on their systems every single day. Business plans, competition analysis, SWOT analysis of your own products, customer feedback, customer profiles – it’s just the tip of the iceberg. Now consider that if there is not set process on how this data is stored, then it just lies around on the system or maybe network, at risk of any kind of infiltration attempt.

Even worse, if the data is leaked, the sheer disorganized, chaotic nature of storage means the organization will have no idea where it leaked from, who leaked it and who has the data. On the other hand, if a certain encryption process is followed, the data will be encrypted and will be of absolutely no use to any hacker.

Insider Threats

Unstructured data increases the possibility of insider threats which are a major hidden concern for most organizations. Because the data is not organized, threats from within the organization have much easier access, know how it is being safeguarded and are hence aware of the loopholes and enough time to execute their plans. Harvard Business Review estimated that 80 million (yes that’s right – million) insider attacks occurred in the United States every year and that may not even be the correct number as a large number of attacks go unreported.

What can organizations do to secure unstructured data? A few steps they can take are:

  • Identify critical unstructured information assets and when they are relevant. This constitutes going within the organization and understanding which assets contain the most information about the company and creating a register on them.
  • Identify which employees possess the most important critical unstructured data. Mostly, it is the top 10% of an organization which possesses the most important data. These can constitute the senior leadership, secretaries, C-suite, etc. Once they are identified, a customized security program can be created which will be far more effective than a general program.
  • Use tools like email monitoring or Data Loss Prevention (DLP) to monitor data and keep an eye on what kind of data is going in or out. Organizations can consider Seqrite’s DLP solutions which offer a multi-layered approach to data security.
  • Keep conveying the dangers of unstructured data across all levels at the organizations and conduct compliance programs. Employees should be aware of the dangers that can come out of simple things they do at work and be educated on the same. Compliance programs also showcase than an organization is determined by nipping the problem in the bud.

More recently, the European Union’s landmark ruling, the General Data Protection Regulation (GDPR) has come into effect which puts strict rules around how data is to be used by companies and organizations with severe fines for non-compliance. The GDPR will force many organizations to take data security more seriously and put in the complete process for securing unstructured data. Organizations can consider roping in security solutions provider like Seqrite to help them become GDPR compliant. Seqrite offers GDPR risk assessment and includes solutions like anti-ransomware and encryption, helping organizations to comply with the guidelines.