According
to the most recent edition of the annual IBM/Ponemon
Institute Cost of Data
Breach Study, the global average cost of a data breach in 2018 was
$3.86 million, up 6.4% since 2017. The global average cost per lost or stolen
record increased 4.8% year over year to $148. Commenting on the
need for planning and protection, Condusiv Technologies CEO James D'Arezzo
says, "The average global probability of an organization experiencing a
material breach-one involving at least a thousand records-is 27.9%. If you're a
CIO, there's almost a one in three chance it will happen to you." D'Arezzo,
whose company is a world leader in I/O reduction and SQL database performance, adds,
"The worst-case scenario would be malicious unrecoverable deletion, with total
data loss. Fortunately, the tools exist to prevent this."
While
a great deal of recent publicity has been given to external data breaches, CIOs
and system managers need to be equally vigilant about security threats
originating within the organization. The new IBM/Ponemon study, notes D'Arezzo,
found that ordinary human error was a factor in 95% of investigated security
incidents, and that 60% of actual breaches were carried out not by remote
hackers but, rather, by insiders.
One
oft-cited motivation for an internal data breach is the theft of intellectual
property, wherein a departing employee is accused of taking with him or her
manufacturing secrets, prospect lists, source code, or other proprietary content.
Employers, especially in the technology sector, have been quick to retaliate.
Auto manufacturer Tesla filed suit against a former employee in 2017
and another in 2018 for allegedly exporting confidential data,
among other offenses. Similar recent litigation has involved Waymo, Uber,
Facebook, IBM and Apple.
Some
of this activity seems to reflect not so much a crime wave as a lack of
agreement between tech industry managers and intellectual property attorneys,
on the one hand, and employees, on the other, about what does or does not
constitute proprietary data. According to a recent survey by software firm
Symantec, for example, 56% of employees do not consider it illegal to use a
competitor's trade information, 50% say they leave a job in possession of
confidential information, and 40% plan to use it in their next job.
Far
more concerning is attempted data destruction-malicious deletion-by disgruntled
employees. "The cost of a major data breach can be enormous," says D'Arezzo,
"but that expense is dwarfed by the potential cost of reconstituting data that
isn't there anymore. It's absolutely essential that system managers be able to
recover erroneously or maliciously deleted data."
For
Windows-based systems, this protection is offered by Condusiv's
Undelete product line,
which ensures that every deleted file or version of an Office file on a Windows
PC or server can easily be restored. Whereas the Windows Recycle Bin is limited
to only files deleted locally from within the Windows File Explorer, Undelete
captures all deleted files, including files deleted remotely on File Servers.
Undelete can also restore files previously purged from the Windows Recycle
Bin-even if they were deleted before Undelete was installed. Undelete is the
world's leading product of its kind.