I’ll let you in on a secret. There’s one security control that organizations can use that really will help with security incidents, but it’s so often overlooked. And it’s minimizing the amount of information that you have. When you look at the history of security breaches, probably the most damaging breaches that have occurred, and the ones that make news headlines are the ones that involve really sensitive personal information. Things like social security numbers and credit card numbers. When you start digging into what happened during those breaches, so many times the organization just had maintained massive amounts of information that they either never needed in the first place, or the need that they had for it had passed and it was just kept either by accident or just because somebody never bothered to go and clean it up.
So one of the most important things an organization can do is go through and search all their systems and databases and other information repositories and seek out the really sensitive information. There are tools that can go and search for social security numbers and search for credit card numbers based on pattern matching and other algorithms that can really reduce the number of false positives and zero in on those sensitive pieces of information. If you go out and remove as much of that as you possibly can you’re really going to limit the amount of damage that occurs during a breach.
If you can get rid of it, a breach, if a hacker manages to break into your network and there’s some sort of security incident, it might not be something that you even need to report, because there wasn’t any sensitive information stolen. If there is, that sensitive information stolen, by deleting most of it, you’ve managed to really narrow down the number of people that it affects.