By James D’Arezzo
While most cybersecurity efforts are focused outward, most data breaches resulting in lost data are inside jobs. File recovery software should be your first line of defense.
Here’s a fact you probably didn’t know: 60% of data breaches at organizations are the result of inside jobs, not hackers finding their way into a company’s network,according to IBM/Ponemon Institute Cost of Data Breach Study1. Another: up to 95% of investigated security incidents are simple the result of human error, a mistake on the part of a careless or poorly-trained employee1.
Both stats should serve as a wake-up call for executives and systems managers. We spend a lot of time and effort trying to protect ourselves from external threats, when most of the threats we need to be worried about are instead located right within our own walls; careless or un-informed employees, those trying to steal confidential information, and in many cases, simply disgruntled and resentful former employees trying to cause some trouble and sabotage their employer on the way out the door.
Take, for example, what happened to Pixar while they were animating Toy Story 2; it’s an old story, but a bit of animation lore. A staffer working on the movie accidentally executed a command to delete all the files in the film’s directory, and about 90% of the movie was deleted before anyone caught what was happening.3 Pixar was lucky enough to have backups of almost everything, and they were able to quickly restore most of the deleted animation files within a few days, but the incident could have been disastrous.
More recently, a disgruntled former employee at the Hispanic Center Lehigh Valley in Bethlehem, PA tried to erase all the nonprofit’s emails and files after a disagreement over her unemployment compensation.3 And in Citrus County, Florida earlier this year, an error by a county worker resulted in over 6 million emails being deleted4. It happens, and it happens more often than you think, to the tune of an average $3.86 million in damages per incident, according to the IBM/Ponemon study.
Whether or not data files are lost because of malicious intent, it’s becoming more and more important for IT departments and admins to have quick, efficient methods of recovering those files. This is especially true with the advent of GDPR, the General Data Protection Regulation introduced in May by the European Union. It places severe restrictions on the handling of personal data by any organization doing business in the EU or with EU individuals
GDPR has put stress on IT departments (in the EU and beyond) to ensure customer privacy and safeguard personal data more effectively than ever before. While protecting individual’s personal data is no doubt a priority, GDPR has also greatly amplified the possibility of malicious deletion requests, thanks to the Right To Be Forgotten (RTBF) provision, which gives users the right to have their data deleted.
This “right to erasure” gives organizations one month to delete the user’s personal data and imposes steep penalties if they do not comply; fines could reach up to 20 million Euros ($24 million), and the damage to the company’s reputation could be just as costly. They can also be punished for losing customer’s personal data or failing to secure it properly and leaving it subject to data breaches. When such an incident occurs to an organization, they are required to report it to supervisory authorities.
While most RTBF requests are of course legitimate, there’s the potential for angry customers and disgruntled employees to use the provision to cause damage, by flooding a company with fraudulent or malicious RTBF requests they are unprepared to handle. Complying with hundreds or even thousands of RTBF requests could pause a company’s daily operations, and hundreds of fraudulent RTBF requests could cause them to lose much of the data so vital for conducting their business.
So how do organizations and IT departments combat these malicious abuses of the right to erasure? By equipping themselves with the right tools – tools that will help them recover fraudulent deletions, as well the merely accidental. Deletion recovery software, able to find and restore virtually any deleted or lost file easily and within minutes, becomes essential in such situations, serving as a fail-safe when even the most secure of firewalls are breached, or simply accessed from behind. Deletion recovery software can recover files from both physical servers and virtual storage systems, even if the files were erased before the software was installed and can tell IT departments who deleted the files or breached the system, making it nearly impossible for them to cover their tracks.
Every organization should also have a system that can help find missing data files as soon as they are noticed missing. Combine such a first line of defense with effective deletion recovery software, and companies will be able to find and restore missing data files, avoiding the unpleasant and often costly obligation of reporting data breaches.
And, if complying with GDPR and the “right to erasure” is a concern, ensuring that information from legitimate erasure requests is not restored when recovering accidental deletions. Being able to see exactly who deleted data files, when they did it and where from, can help IT departments ensure only the appropriate files are recovered, and those marked for permanent erasure are actually deleted – for good.
By outfitting their systems with the right deletion recovery software, in addition to taking the right security measures, organizations can make protecting themselves against both accidental and malicious data loss easy, while still ensuring compliance with all GDPR regulations.
About The Author:
Jim D’Arezzo earned his BA from John Hopkins University and an MBA from Fordham University, before embarking on a long and distinguished career in high technology with executive positions at IBM, Compaq, Autodesk and Radiant Logic, among others. He is currently CEO of Condusiv (www.condusiv.com), the world leader in delete recovery software and software-only storage performance solutions for virtual and physical server environments.
- 1. “Cost of Data Breach Study: Global Overview,” IBM Security/Ponemon Institute, 2018.
- Panzarino, Matthew. “How Pixar’s Toy Story 2 was deleted twice, once by technology, and again for its own good,” Thenextweb.com, May 20, 2012.
- Siegler, Edward. “Disgruntled Hispanic center employee erased email, files, police allege,” WFMZ, September 11, 2018.
- Wright, Mike. “County worker mistakenly deletes 6 million emails,” Chronicleonline.com, February 27, 2018.