What's your data worth? More importantly, to whom?

This week, I'm attending and spoke at a cybercrime conference in Singapore. One of the presenters made a very good point, and I want to share it with you.

When considering how to protect your data, don't consider how valuable it might be to an attacker. Always, instead, consider how valuable it is to you.

I know, it seems so simple when you see it in print. But, surprisingly, many people take the opposite approach. "We don't have anything of value to anyone else, we don't need security." There's no more dangerous statement than this. Resist the urge to think about its value to the bad guys when deciding how to secure your data, because if you think your data isn't valuable to anyone else, then you'll probably get the security wrong (that is, you won't have enough).

If you've got data accessible online, it's valuable to someone -- you! Why else would you put it up? It's logical, then, that it might be valuable to someone else, even if you can't imagine how. So think about your data's value to your organization: how much is it worth, and what is your exposure if the data is stolen, compromised, or lost. When you take this approach, you'll get the security right, and your decisions will reflect the true value of your data.