In this post, we’ll look at what data risk scoring is and why it matters. We’ll also explain how Enterprise Recon can help organizations manage their data risks more effectively by providing an automated approach to their risk scoring methodology.

An introduction to data risk scoring

Different types of data present a different level of risk to an organization. For example, generally, published promotional materials such as adverts are lower risk, while personal data (PII) of clients, customers or employees present a higher risk.

What types of data are higher risk to an organization will depend on their industry sector. For example, a research and development company will have lots of highly sensitive intellectual property that may be considered a higher risk for them than the personal data of their employees. Meanwhile, a medical care centre will hold highly sensitive patient health information that will be a greater risk to them than unpublished financial reports.

According to the latest Data Breach Investigations Report (DBIR) released by Verizon, personal data represents around 50% of all confidentiality breaches analyzed in the report, closely followed by credentials (c. 45%) and sensitive internal business information (c. 35%).

Data risk scoring is a method of analyzing the relative risk of data types within an organization compared to other types of data. It is a tool that can help businesses identify and manage their greatest data risk exposures. When combined within or alongside a data discovery and data management solution, this risk scoring can be used to identify locations — systems, databases, applications and devices — across the business that are highest risk, because of the data they hold.

Why data risk scoring matters

Data risk management forms part of many regulatory frameworks and privacy laws worldwide, with 99% of all firms required to report to at least two separate jurisdictions or regimes. It’s critical that these businesses adopt a standardized risk scoring methodology to support their reporting obligations.

By implementing a standardized data risk scoring methodology, organizations can easily identify the processes and systems that handle their highest risk data. This helps them target their effort and resources on applying security controls in the right places to protect the data.

Data risk scoring in Enterprise Recon

One of the biggest data risks organizations carry is associated with the high-risk data they don’t know they have, or when that data resides outside the systems and processes designed to protect it. According to Thales, only 64% of European enterprises with annual revenue of more than $1 billion say they are “very confident” or have “complete knowledge” of their data’s location.

This is where data risk scoring integrated with a data discovery and data management solution such as Enterprise Recon comes in.

The latest release of Enterprise Recon, Ground Labs’ award-winning data discovery and data management solution, delivered enhanced risk scoring capabilities to cover all data types including personal data (PII), cardholder data and custom data patterns.*

Enterprise Recon automatically maps each sensitive data match location with the associated Risk Profiles. Risk Profiles can be customized based on four separate criteria — Content (data types and volume), Metadata (access permissions, file metadata), Actions Taken (remediation and access control) and Storage (target types or groups). Each risk profile can then be given a priority, to ensure that data types of greatest concern are highlighted.

Enterprise Recon risk profile flow explaining risk scoring methodology

Following a discovery scan, these risk profiles are applied to data matches and findings are scored (high, medium, low) based on the priority given to each risk profile.

Organizations can use this insight to inform data management strategies and address risks instantly using Enterprise Recon’s in-built remediation tools. Providing visibility of data risks in this way enables business to manage their efforts and resources to protect their high-risk data efficiently and effectively.

* Risk scoring and labelling is only available in Enterprise Recon Pro edition

To find out how Enterprise Recon’s improved risk scoring features can support your business, book a call with one of our experts today.

Want to keep up with all our blog posts? Subscribe to our newsletter!

Subscribe