What is it?
So, what is the biggest prized possession of IT? Is it the people? No. Is it the equipment? Not really.
IT’s biggest asset is the data. The data could consist of a number of different things, as it pertains to the organization and how it operates. To a manufacturing organization, it could be the way they manufacture their product, or their list of customers or suppliers. To a non-profit, such as a church, it might be its patrons, or the people that it is serving.
Why is it so important?
Consider the absence of the data. What would happen to the organization that the data was important to? Would they be able to continue to operate or would they have to close their doors as they have no way of making money in order to continue operations? More than likely not. The organization could attempt to recover as much data as possible, either through reproduction from past reports, peoples memories, etc, but by then, the organization’s business advantage could be lost to its competitors and could take a very long time, if ever, to regain that competitive advantage. Otherwise, it would close its doors, go bankrupt, and layoff all of its employees. This is why data and keeping it safe is so critical to the organization.
How do we keep it safe?
There are 3 main factors to keeping data safe in both storage and transmission. It is called the CIA triad, Confidentiality, Integrity, and Availability. Let’s break this down as to why it is important.
This is the main cause as to how breaches happen. A user in the network clicks a link that installs a program onto their computer, unknowingly. This program gives the attacker the ability to see the user’s data, such as their position, other people that they talk to, and the information that they may have on their computer. If somebody of importance within the organization becomes compromised, then organization secrets could be revealed on a public website and that data is no longer confidential, especially to competitors. Now the organization’s competitor knows the organization’s competitive advantage and knows how to overcome that and keep their own advantage. Hence, the compromised organization has lost business and will eventually close its doors.
The organization has to rely on the integrity of its data, believing that it is true to the context and timeliness of the organization. If the data loses its integrity because of a breach, then the information derived from the data would lead the management team to steer the organization into a direction that would ultimately mean the organization’s demise. If the breach was discovered in time, could the data regain its integrity, giving management correct information to be able to correct coarse? Maybe, but very unlikely. Once the faith of the integrity of the data is lost, then it is very difficult to regain faith into the data and trust it again.
This typically doesn’t happen unless there is a “bad actor” within the organization, intentionally feeding it bad information. Without checks and balances to make sure that everybody is doing their job correctly, this is hard to determine when it is happening.
Lets put it this way. What if you suddenly lost access to your bank account? Would you be able to know how much money was in your account? Maybe. No access after some time? Now it begins to get hard. This is similar to what organizations face when they lose the ability to access their data. Without the ability to access information, organizations are operating in the dark, if they can even operate at all. Typically this happens by an infection of ransomware of some type.
Remember the Petya outbreak of 2017 that infected just about the entire globe? That is exactly what happens here. The virus could infect, not only the users local machine, but servers that contains the data, encrypting that data, making it unavailable to the user. Typically there is a message on the infected system saying that the contents have been encrypted and to pay a ransom of some amount in bitcoin (or some other cryptocurrency) in order to receive the decryption key and decode the information. However, its been shown that, even after paying the ransom, the decryption keys typically do not work, and the data is left unable to be recovered. Even if the key did work, the original source of the infection still has to be dealt with in order to prevent a relapse.
This is why it is so important to keep data safe. Not only to keep IT in a job, but also to keep the organization in a competitive advantage within its market. Therefore, data is the Big Jewel of the organization.