There is a saying that one man’s trash is another man’s treasure. This saying is very true regarding obsolete and redundant IT assets. Malicious actors are not very interested in the scrap metal, but what it contains. This equipment carries lots of valuable data that can help their malicious intentions. They can access confidential personal information, R&D data, or even network information. Data destruction plays a big role in cybersecurity, as many organizations have painfully discovered.
What is Data Destruction?
Any organization using computer equipment will continuously accumulate data about its customers, employees, operations, finances, product research and so on. Much of this data is not for consumption outside the organization. Access of this confidential information by unauthorized persons poses enormous risks to an organization.
Data destruction is making confidential data inaccessible to unauthorized access. It involves making the data unreadable and destroying the storage media if needed. Data destruction has always been practiced in one form or another. In the old days, paper shredding was the highest form of data destruction.
Today, there are varied devices holding data including internal and external hard drives, flash drives, CDs, DVDs, tape storage, cameras, and mobile phones. Any device that has storage capacity poses a risk depending on the nature and value of the data it carries.
Modern data destruction methods seek to scramble data written on storage devices to make it unreadable. For higher surety, the storage media is also physically destroyed to make it impossible to recover the data using forensic tools. There are three ways of data destruction:
This method of data destruction uses software tools to hide data under a mass of unreadable characters. The overwritten data is encrypted to make it even harder to decode. Overwriting does not destroy the storage media physically, which makes it suitable to use on equipment marked for recycling.
Storage media stores data in magnetic fields. Degaussing destroys these magnetic fields such that the data in the storage media is inaccessible. Degaussing makes the storage media unusable, rendering it useful only for scrap.
Physical data destruction
Physical data destruction goes a step further and makes the data irrecoverable by destroying the storage media in a variety of ways. The media can be shredded, crushed or burned. You must make a plan for waste disposal when doing physical data destruction.
One of the easiest ways to penetrate an organization is through stockpiled end-of-life equipment and equipment that is disposed of without proper data destruction. Proper disposal of end-of-life equipment includes secure data destruction before disposing of the equipment.
What Role Does Secure Data Destruction Play in Cybersecurity?
Malicious actors can use unsecured data in a variety of ways to execute cyberattacks with different goals and objectives.
Data breaches leak Personally Identifiable Information (PII) that is precious to criminals. Identity theft is the most common criminal activity that results from data breaches.
Criminals take PII data such as driving license number, credit card information, social security number and bank account information and assume the identity of the actual owner. With this information, they can make credit purchases, or apply for loans. Both customer and employee data are at the risk of identity theft.
Hackers can use stolen data to do phishing attacks after they assume the identity of employees. They can make phishing emails based on the information they access to employee names, titles, and format of communications.
Business Email Compromise
Criminals will pretend to be an employee and intercept emails and other communication from suppliers, bankers and other parties. It is one of the most damaging cybersecurity attacks because of the liabilities the business can rack up.
There is many confidential data that an organization would want accessed by outsiders because of the damage it can do to the brand. For example, product test data may have shown that a certain product was defective aftermarket release, or the business has been doing aggressive tax reduction.
Criminals can access this data and use it as leverage against the business and its employees. Customers can also fail to blackmail if information like health records or criminal case information falls into the wrong hands.
A data breach could lead to access to proprietary information and intellectual property, for example, product design. Access of such information by the competition compromises the competitive edge.
What Are The Implications of Poor Data Destruction?
Cybersecurity attacks are a consequence of poor data security, including failure to observe proper data destruction. There are long-term damaging implications for a business when a business suffers cybersecurity attacks.
Data breaches are very costly to organizations. Global retail brand H&M is looking at a massive €35.2 billion fine under the new General Data Protection Regulations (GDPR) because of loss of customer data. A hard drive with 60GB of confidential customer data was lost and later accessed by criminals. The GDPR penalizes any business that loses confidential data, a fine fixed at 4% of the annual turnover.
Other examples of data security laws include the Gramm–Leach–Bliley Act in the US and Singapore’s Personal Data Protection Act (PDPA). The SingHealth breach in Singapore led to a fine of $250,000 for health provider SingHealth and another $750,000 for the IT services provider Integrated Health Information Systems.
Brand Reputation Damage
A study has shown that 72% of the brands that suffer data breaches fold up within 18 months of the data breach. Brands in sensitive industries such as health and finance are more at risk. It is hard for customers to trust a brand that exposes them to financial loss or embarrassment.
Loss of Competitive Edge
Loss of intellectual property has negative outcomes in terms of financial loss and loss of competitiveness. The millions of dollars spent on R&D are lost when this data is accessed by the competition. The business loses its competitive edge. For example, a popular product can be copied, which means the business does not reap the maximum benefits from its confidential knowledge.
Secure data destruction plays a big role in cybersecurity by preventing access of confidential data by malicious actors. Every organization should take data destruction seriously by engaging a professional data destruction service who can ensure it is properly done. It is a mundane task, but the consequences are life-threatening for a business. It is better to always be on the safe side.