What type of critical data is are being overlooked by current data security practices? A new report from the Ponemon Institute, on behalf of Kilpatrick Townsend & Stockton, reveals that certain types of confidential information are more at-risk than organizations realize.
The report, The Cybersecurity Risk to Knowledge Assets, focuses on knowledge assets. In this context, knowledge assets are “confidential information critical to the development, performance and marketing of a company’s core businesses.” This information could include trade secrets, product designs, research, or other non-public information crucial to the company’s core business.
While the loss of personally identifiable information can be costly, the loss of knowledge assets can be equally damaging. According to the report, the loss of knowledge assets can affect a company’s reputation. It can also have major financial repercussions, with an average cost of more than $5.4 million. Moreover, most respondents (60%) say it's likely that one or more pieces of their company’s knowledge assets are already in the hands of a competitor. Unlike data breaches involving personally identifiable information, data breaches involving knowledge assets are also not as well covered by insurance.
Most organizations are struggling to protect knowledge assets. Employee negligence and third parties are identified as the largest known threats to this critical business data. The report found that data protection is most often thwarted by ineffective access controls and a lack of senior management support. The latter is due largely in part to a skewed pressure to protect personally identifiable information and a lack of internal discussion surrounding the protection of knowledge assets. Right now, 53% of respondents say they allow their employees to use their mobile devices to access knowledge assets despite the fact that their current security controls do not specifically address the protection of these assets on personal devices.
When companies are defining critical data to protect, it's clear that knowledge assets must be a higher priority. By understanding what kinds of data need protection, and the business impact of not protecting these assets, organizations can create stronger approaches to data security. The report recommends shoring up many areas of data security around knowledge assets including employee training, access controls, formal audits and centralized control.
At Absolute, we provide unprecedented visibility into your endpoints and the data they contain. The Endpoint Data Discovery (EDD) feature of Absolute DDS 6 allows you to see where your sensitive data is, at any time, on or off the network, whether on the device itself or stored in personal cloud services. This same oversight can be applied to employee-owned devices. Thanks to automated alerts and remote capabilities supported with Absolute persistence technology, you can maintain oversight over your endpoints: check the status of security software, receive alerts for unusual user or device activity, and lock down or wipe devices that are deemed to be at risk. To learn more, visit Absolute.com