We Don’t Know What We Don’t Know
by Andrew Koonce, IT Security Officer, 8th Circuit Executive's Office
Have you heard about breaches involving the U.S.
Office of Personnel Management, Internal Revenue
Service, Department of Homeland Security, Sony, Ashley
Madison, Anthem, Yahoo, LinkedIn, America Online, or
the Friend Finder Network? This list is a fraction of the
data breaches that have been made public!
|Other organizations have been breached and either keep
it quiet or fall back on plausible deniability. Insufficient
security controls often result in the lack of evidence
necessary to pinpoint what was stolen and by whom.
Many organizations lack an inventory of data and do not
know what they have to lose.|
|In the recent Friend Finder hack, more than 412 million
accounts were exposed, including over 15 million
“deleted” records that were not purged from the
databases. Now millions of people are high-value targets
for blackmail, phishing attacks, and other cybercrime.
According to a breach notification from LeakedSource,
breached accounts included 78,301 .mil and 5,650 .gov
|In light of numerous organizational breaches, have
you identified where you store or share information?
If “private” emails, chats, or website accounts became
public, what would the consequences be for you?|
|How vast is your online
footprint? Do you have any
“digital skeletons” in the
closet? What do you post
on social media? Could this
information be used to gather
more information about you or blackmail you? Where is
your financial and health information? Do you perform
personal business and save documents on public or
|These questions should make us think about what
information we possess and determine where that
information is located, physically or logically. We work
hard to keep valuable physical assets secure, and our
digital information also warrants protection.|
|A starting point to information security is identifying
critical information and establishing where it is stored.
While we do not have possession over all our data,
when we identify and locate what we know, we can
minimize our susceptibility to hackers by reducing our
digital footprint and access to our data.|