This post was originally published by (ISC)² Management.
Is There Ever Too Much Data?
As a security practitioner, you know that businesses are fuelled not only by people but by data. Years ago, the phrase “Big Data” was a new, innovative way to gain a business advantage. Now, big data is the norm. When we think of all the data that has been gathered, we must stop and wonder about what is contained in that data. Many important, and often private details are stored about the clients of a particular business.
Over time, it became clear that this data, if obtained by criminals, could be damaging to an individual. Personally Identifiable Information (PII), Protected Health Information (PHI), private financial records, and a selection of other sensitive data hold all the required elements to perpetrate crimes such as blackmail, impersonation, and identity theft, or a combinations of these.
A recent strain of ransomware, known as “maze” not only encrypts the victim’s data, but it does so after exfiltrating the data. Part of the threat issued to the victim is to pay the ransom for the decryption key, or the stolen data will be released to the public. This is a new level of ransomware meets blackmail. A variety of imposter scams are made more convincing when more personal details are known about a person or their family. One alarming method of identity theft has resulted in some folks losing the title to their homes. From these examples, it is easy to see how criminals can benefit from all the data that businesses collect about their customers.
Read more here: blog.isc2.org
