Following the news about Swedentransport agency data leak, Ken Spinner, VP of Global Field Engineering commented below.
Ken Spinner, VP of Global Field Engineering at Varonis:
“IT outsourcing and lax data security practice strike again: this time in Sweden, compromising government documents, sensitive personally identifiable information on citizen and military data, criminal records – even details on confidential witness protection programs.
We see this time and time again, and what have we learned? Nobody can be exempt from data privacy laws and security policies that are put in place to protect citizen information.
Exposing this type of data – and this much of it – is a huge red flag: not only can critical data and research be compromised, but personal data can be leveraged to breach more secure systems. Not to mention the potential fallout from witness protection information being publicly available, details on secret military units, and other data that can be damaging to a government and its citizens.
The best way to reduce the risk of deliberate or accidental data exposure is to limit access to those who need it the most – keeping sensitive data locked down – and to monitor data access so that when something suspicious happens, you can catch it before it turns into global headlines.
By strengthening data protection practices — adopting a least privilege approach and monitoring user behaviour — organisations (and indeed, governments) will not only bolster their cybersecurity defenses, but they’ll be more protected against data leaks, insider threats and sophisticated cyberattacks as well.”