This year marks the 10th anniversary since the infamous Great Maple Syrup Heist. In the province of Quebec in Canada, 3,000 tons of maple syrup were stolen from the Federation of Quebec Maple Syrup. At $2,000 per barrel (the equivalent of around 13 times the price of crude oil), it was a significant theft – it raised eyebrows and earned media attention around the world. The total stolen volume was estimated at an incredible $18.7 million, and much of it was never recovered.
Ben Bulpett is EMEA Identity Platform Director at SailPoint (opens in new tab).
The criminals of 2012 were ultimately tracked down, though it took considerable effort for the police to determine the full scale of the crime. 26 arrests were made and the police interviewed more than 200 witnesses, creating a bizarre story surrounding one of Quebec’s major resources—and its sweetest. In the end, in court, one of the thieves, Richard Vallières, was found guilty of theft, fraud, and trafficking stolen goods. It’s an interesting story but the message points to something more fundamental – understanding your business or organization, where its value lies, and making sure it is protected.
The truth is that all organizations are vulnerable to potential criminal activity. And like maple syrup, there is a need to give customers (opens in new tab) what they want, but understand attacks can come from all sides. The key is protecting what is most valuable.
The sweet spot
Most businesses aren’t looking after syrup, that much is true. But the intangible is just as valuable, if not more so, than what we can see (and taste).
The threat nowadays is increasingly invisible and digital, and revolves around cyber security (opens in new tab). These concerns mustn’t be ignored by businesses – especially given how much a target data is for criminals seeking to get their hands on lucrative assets. Sensitive financial and personally identifiable information also has value, yet, all too often, businesses are not doing enough to protect it. Such data (opens in new tab) is unstructured – where organizations lack real visibility into where the data lives, and who owns it. All of this leads to security vulnerabilities, paving the way for criminals to get their hands on sensitive information without being detected. So, how can businesses effectively mitigate against these risks?
A sticky situation
Securing unstructured data is relatively new territory for organizations. Our recent research found three quarters (76%) had encountered challenges with protecting unstructured data. This included unauthorized access, data loss (opens in new tab) and compliance fines. What’s more, almost every company surveyed reported difficulties in managing access to unstructured data, citing not just lack of visibility, but also too much data and a lack of single access solution for multiple repositories. 40% admitted to not knowing where the unstructured data was stored.
Businesses cannot afford to be caught out by unstructured data. Companies may be spending record sums on cybersecurity (opens in new tab) to protect the digital transformation that has accelerated so rapidly over the past year – but it’s a wasted effort if the most pressing threats like unstructured data aren’t properly attended to.
Organizations must maximize visibility into where vulnerabilities lie. Crucial to this is prioritizing user access rights across all data – structured and unstructured. Our research found this is currently not the case, with one-third of companies lacking real-time alerts when unauthorized access occurs within unstructured data, and a quarter of companies failing to perform regular reviews of user access privileges. Without visibility over who has access to what, and when, hackers could be operating unnoticed.
To combat this threat, identity security, with a file access manager feature, must be extended at the implementation stage to manage data access. This security practice ensures security and compliance – automatically – while feeding real-time alerts to the IT team where potential vulnerabilities lie – making them far better equipped to monitor for or respond to a breach. Unstructured data will continue to be created as businesses build on the digital customer experience. But it is crucial businesses leaders recognize and deal with the risks.
Without putting the necessary security in place, the criminals are outside licking their lips. It's a viscous cycle.
Check out the best identity management software (opens in new tab).