Cyber threats and cybersecurity go hand in hand; as one evolves, so must the other. As cybercriminals modify their strategies and methods in response to enhanced cybersecurity measures, cybersecurity solutions need to become more invasive and sophisticated. However, there’s one aspect of cybersecurity that leaves organizations vulnerable to data breaches: hardware end-of-life.
The Official Annual 2017 Cybercrime Report released by Cybersecurity Ventures estimated that worldwide spending on cybersecurity services and products would surpass $1 trillion from 2017 to 2021. However, while this does indicate prioritization of cybersecurity on the part of organizations, none of this spending accounts for hardware end-of-life, despite it being a relatively small expense.
In this piece, I’ll go over what organizations should know about hardware end-of-life data breaches.
The Threat of Data Recovery from End-of-Life Hardware
It’s relatively easy for cybercriminals to recover files from erased or failed hard drives. Cybercriminals in various parts of the world mine data from old drives found in landfills to steal identities. The National Association of Information Destruction (NAID) found that several drives found on websites like eBay contained sensitive information.
A recent report by device diagnostics and data erasure specialist Blancco Technology Group found that a majority of company leaders are growing increasingly concerned about end-of-life hardware.
73% of the 1,850 leaders of some of the largest organizations in North America, Europe, and APAC surveyed believe that the enormous volume of end-of-life devices leaves their organizations vulnerable to data breaches. 68% report being very concerned about end-of-life equipment posing the risk of a data breach.
Most organizations utilize inadequate data wiping methods, such as formatting, physical destruction (shredding and degaussing) without an audit trail, and overwriting through free and paid software tools with no proper certification.
Instead of completely overhauling their data wiping procedures, organizations should consider exerting a greater degree of control when handling redundant data to help minimize data breach risks.
When it comes to data destruction, organizations should maintain a chain of custody in order to track how devices are being managed. To improve the efficiency of data cleansing, organizations could integrate automation into their asset management procedures.
If you’re looking to hire a professional cybersecurity consultant to develop robust security tools for your organization, get in touch with me.