Your organization is not in the health care or financial sectors, so your data management is not subject to regulatory compliance audits. Your revenue model does not involve keeping a large customer account database, or managing a constant flow of credit card transactions. Or else your payments system is a separate standalone, not associated with your overall IT and data management operations.
So do you really need to worry about — and take special protective measures against — data theft?
A great many organizations, perhaps most organizations, find themselves wondering about this. They are not subject to specialized compliance rules, and the data they work with and store is not filled with the sort of personal identifying information (PII) that is a favored target of thieves.
The data railroad of your network may be a quiet branch, or it may carry a steady traffic of freight trains, but it doesn't carry high-value targets, virtual mail cars or payroll cars.
Fast Internet Connections Have Revolutionized Data Theft
But times have changed. In the bad old days, train robbers looked for compact, concentrated-value targets that made for a practical getaway. A trainload of beef on the hoof or metal ore might be worth more in total value than a payroll car. But they couldn't stuff it in some extra saddlebags, so they didn't try to steal it.
Data theft is different. Gigabytes of data — data by the trainload — can be carried off in minutes, which means that thieves are not limited to concentrated value, the cyber equivalent of gold bars. The cyber equivalent of a trainload of ore can be as good as gold, and easier to steal.
Big Data Is Valuable Data
Not only is cyber ore easier to steal than the kind shipped in hopper cars, it is also easier to mine for the valuable stuff. What we call big data, or unstructured data, is essentially data in which the value is spread out, not concentrated into easily stolen nuggets.
But our ability to process big, unstructured files means that this spread-out value can be drawn out and refined rather easily. As noted at CSOonline, big data is helping us to improve data security, but it also broadens the range of theft-worthy data.
Email hacking, which played such a prominent role in the last election, is one now-familiar example of how modern processing of unstructured data has revolutionized data theft and data security. All of those old office memos and idle gossip stored in your email archives could turn up one morning on a hacker website, and ruin your organization's entire day.
But email is not the only type of big data at risk. Customers' social media postings on your website may contain no "secrets." But for cyberthieves, simply linking those consumers to your enterprise might help in teasing out insights that could be used to launch targeted spear phishing attacks, perhaps on your customers, perhaps on your employees who respond to customers.
In short, don't assume that your data is safe from cyber-thieves simply because it is not subject to regulatory compliance, or is not an obvious target such as PII. Your data has value that may not be immediately obvious but if stolen could subject your organization to losses or risks. Every possible data breach poses risks. All of your data deserves an appropriate level of security protection.