Select Page

Managing enterprise risks is critical in an increasingly digital world. At Heureka, we see it every day: Companies are storing tremendous amounts of data and so much of it is redundant, obsolete or trivial—ROT as it is known to industry insiders. Statistics have shown that overall data growth is slightly over sixty percent per year and of that data, eighty percent is considered unstructured.

ROT hiding within organizations often has no business value, yet so many struggle to manage it. Making matters worse, the data that is actually important is at risk of getting lost in the shuffle. Heureka was developed to specifically address the increasing necessity to gain control of and insight into critical, unstructured data that is both a value and a risk, and to improve upon the economics of a resource-intensive process to manage that data.

A new report from Cleveland law firm BakerHostetler, Managing Enterprise Risks in a Digital World, puts the issues into perspective and provides key insights for organizations of all types. Below, we highlighted key areas and added insight from our client experiences.

Key Findings

Basic Hygiene

One of the key findings of the report is around Basic Data Hygiene. Despite their best efforts, organizations are still seeing large incidents such as data breaches and ransomware occurring. BakerHostetler asks the question, “how much old data is sitting around in your network waiting to be taken?” Considering 80% of data is unstructured, the answer is a lot.

Heureka quickly illuminates ROT stored away at organizations despite having no value. It is important for companies to implement initiatives to clean up this unnecessary information by removing whatever falls outside the scope of data retention policies. We provide a tool to not only help find and classify your data, but to clean it up by deleting and quarantining files that may pose a risk.

Get ahead of the compliance curve

BakerHostetler notes that new laws are inevitable and to anticipate and be as proactive as possible.
Compliance with regulations has a lot to do with the type of data organizations are keeping.

  • Is it personally identifiable information (PII)?
  • Are there tools that enable searching large unstructured data source for breach notifications? Risk Assessments?

A perfect example begins in California where organizations have to begin preparing to comply with the California Consumer Privacy Act, a data privacy law that takes effect January 1, 2020 and requires tracking of data practices as of January 1, 2019.

By the Numbers: The BakerHostetler report notes the California AG
may bring actions for civil penalties of $2,500 per violation or, if intentional,
up to $7,500 per violation

GDPR has changed incident response

Speaking of compliance, GDPR, has significantly changed incident response for global companies. But all organizations should be keeping an eye on the fallout and incremental changes to the law

As laws modeled on GDPR spread to other countries, the globalization of GDPR will further complicate incident response – BakerHostetler notes.

Heureka’s platform provides unrivaled ability to respond to Subject Access Requests by reaching unstructured data in areas that have traditionally been digital blind spots. Heureka has automated data classification and tagging so that sensitive data can be located and remediated. Moreover, our reporting structure helps with breach notifications, which has accelerated under GDPR regulations. All of this leads to improved incident response times.

 

By the Numbers
66: Average number days from occurrence to discovery
8: Days from discovery to containment
28: Days to complete forensic investigation
56: Days from discovery to notification

Conduct M&A due diligence

Organizations need to complete appropriate due diligence throughout the process of mergers and acquisitions—something Heureka helps with by giving companies a true 360-degree view of unstructured data across file shares, desktops and laptops. We uniquely provide a window into the type of data that is critical to M&A, including employee contracts, patent applications, intellectual property and employment agreements.

Baseline Recommendations

Conduct risk assessments: The report recommends identifying gaps and risks and then building a prioritized plan. One of the core strengths of Heureka is in helping illuminate risky information at the enterprise level. But, it is also important to know why incidents occur.

By the Numbers
37%: Phishing
30%: Network Intrusion
13%: Stolen/lost device or records
12%: Inadvertent disclosure
4%: Other

Improve detection capabilities: BakerHostetler contends that reducing the time from intrusion to detection is one of the top areas where organizations can improve.

  • Heureka indexes, classifies and searches unstructured data sets, making Heureka a critical part of an organization’s strategy.

Prepare to respond when incidents occur: The report suggests conducting exercises to identify the key people and how they should respond.

  • Breaches will occur. Heureka enables IT teams to understand the type and sensitivity of data that may have been breached.

Mitigate financial impact: Heureka provides a data assessment report, which is key to understanding the potential financial ramifications of a breach. Incidents can be punitive as shown below.

By the Numbers
$63,001: Average forensic investigation costs
$120,732: Average network intrusion costs

  • Heureka’s data assessment reports are key to understanding the potential financial ramifications of a breach.

Conclusion

Unstructured data has become one of the largest risk elements within the corporate world. Our goal is to empower clients to gain understanding and take control of their unstructured data The BakerHostetler report is an excellent resource for understanding the type of risks organizations face. Organizations who fail to act on their unstuctured data have the potential for greater fines and regulatory action with little excuse for not managing their data. Heureka helps companies plan, inventory and remediate files before they become a problem.