Press "Enter" to skip to content

The exposure risks of data

Amidst that landscape,  addressing the threat posed by ransomware is the number one cybersecurity challenge currently facing CISOs, closely followed by configuring cloud security and protecting hybrid, multi-platform enterprise environments

It’s a problem in cloud containers, too – per research from Sysdig,  75% of containers have “high” or “critical” patchable vulnerabilities. Organizations take educated risks for the sake of moving quickly; however, 85% of images that run in production contain at least one patchable vulnerability.  The analysis also revealed that 73% of cloud accounts had exposed S3 buckets and 36% of all existing S3 buckets are open to public access. 

U.S. websites aren’t protecting private data either.    A study announced last week by Zendata used GDPR as a lens to analyze US websites.   Almost half of the sites (43.2 percent) didn’t offer a choice of opting out of having one’s data being sold. The collected data’s actual use was deemed “ambiguous” for 41.4 percent of these sites.   Zendata found that 54.9 percent of the sites lacked a cookie message on the first load, and 31.7 percent of these sites not alerting users to cookies also used ad trackers.  Web site visitors also are getting tracked by “device fingerprinting,” which was the case for 43.8 percent of the top U.S. Web sites studied.

And, Zendata’s study found that 82.1 percent of the top Web sites used complex privacy policies that were difficult to understand. 

Why do we care?

It’s that last data point I wanted to highlight.   Complexity is the enemy of consistency, and since security requires consistency over time, focus there.  

The more IT can do to improve policy simplicity, the more effective the policies will be.  Think passphrase versus password – a phrase is a sentence, more simple for a human to remember than a series of random letters and numbers.   That takes a bit more to implement but results in greater effectiveness.